Uploaded image for project: 'Directory Client API'
  1. Directory Client API
  2. DIRAPI-403

OutOfMemory error in Asn1Decoder for LDAP messages

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.1.6
    • 2.1.7
    • None

    Description

      Hi, we have found Out Of Memory error while fuzzing Asn1Decoder for LDAP messages.

      Steps to reproduce:
      1. Download Apache Directory LDAP API v2.1.6:

      wget wget https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz
      tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz

      2. Compile the project (we used jdk-11 and mvn-3.9.6):

      cd directory-ldap-api-2.1.6
      mvn clean package

      3. Get the reproducer:

      mkdir fuzz && cd fuzz
      mv <path/to/reproducer>/OutOfMemoryReproducer.java .

      4. Compile the reproducer

      javac -cp ../asn1/ber/target/classes/:../asn1/api/target/classes/:../ldap/codec/core/target/classes/:../ldap/model/target/classes/:../ldap/codec/core/target/classes/ ./OutOfMemoryReproducer.java

      5. Reproduce the error:

      java -Xmx2000m -cp .:../asn1/ber/target/classes/:../asn1/api/target/classes/:../ldap/codec/core/target/classes/:../ldap/model/target/classes/:../ldap/codec/core/target/classes/:../util/target/classes/:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.36.jar:../i18n/target/classes/:../integ-osgi/target/dependency/mina-core-2.2.3.jar OutOfMemoryReproducer

      We think that 2000 MB is a reasonable limit and the program should not take more.

      Found by Linux Verification Center (portal.linuxtesting.ru) with Jazzer.
      Author L.Reviakin (L.reviakin@fobos-nt.ru)

      Attachments

        1. OutOfMemoryReproducer.java
          1 kB
          Andrey Slepykh

        Activity

          People

            Unassigned Unassigned
            a.slepykh Andrey Slepykh
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: