This is an automated email from the ASF dual-hosted git repository. dkulp pushed a commit to branch 3.3.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 775c21dc45a9f7c8b6dfe5fa619c9037f74e1672 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Thu Feb 3 11:14:39 2022 +0000 Use Math.exact to add two ints that might come from user data (cherry picked from commit daeafbf9f0817e5b7448c6f9ca930a29ed50bc1e) (cherry picked from commit e607d5c197aaa07ae213aa129e7bc09003c8804c) (cherry picked from commit 1a9637692d9887514449a41d114af8dfb1b1e0e6) --- .../main/java/org/apache/cxf/attachment/Base64DecoderStream.java | 2 +- .../java/org/apache/cxf/attachment/MimeBodyPartInputStream.java | 6 +++--- .../main/java/org/apache/cxf/common/util/Base64OutputStream.java | 2 +- core/src/main/java/org/apache/cxf/common/util/Base64Utility.java | 2 +- core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java | 3 ++- core/src/main/java/org/apache/cxf/io/ReaderInputStream.java | 2 +- .../java/org/apache/cxf/transport/websocket/WebSocketUtils.java | 2 +- 7 files changed, 10 insertions(+), 9 deletions(-) diff --git a/core/src/main/java/org/apache/cxf/attachment/Base64DecoderStream.java b/core/src/main/java/org/apache/cxf/attachment/Base64DecoderStream.java index 9367db4..9f887bf 100644 --- a/core/src/main/java/org/apache/cxf/attachment/Base64DecoderStream.java +++ b/core/src/main/java/org/apache/cxf/attachment/Base64DecoderStream.java @@ -187,6 +187,6 @@ public class Base64DecoderStream extends FilterInputStream { public int available() throws IOException { - return ((in.available() / 4) * 3) + decodedCount; + return Math.addExact((in.available() / 4) * 3, decodedCount); } } diff --git a/core/src/main/java/org/apache/cxf/attachment/MimeBodyPartInputStream.java b/core/src/main/java/org/apache/cxf/attachment/MimeBodyPartInputStream.java index 7d71b45..e0eb57e 100644 --- a/core/src/main/java/org/apache/cxf/attachment/MimeBodyPartInputStream.java +++ b/core/src/main/java/org/apache/cxf/attachment/MimeBodyPartInputStream.java @@ -59,11 +59,11 @@ public class MimeBodyPartInputStream extends InputStream { return 0; } boolean bufferCreated = false; - if (len < boundary.length * 2) { + if (len < Math.addExact(boundary.length, boundary.length)) { //buffer is too short to detect boundaries with it. We'll need to create a larger buffer bufferCreated = true; if (boundaryBuffer == null) { - boundaryBuffer = new byte[boundary.length * 2]; + boundaryBuffer = new byte[Math.addExact(boundary.length, boundary.length)]; } b = boundaryBuffer; off = 0; @@ -74,7 +74,7 @@ public class MimeBodyPartInputStream extends InputStream { } int read = 0; int idx = 0; - while (read >= 0 && idx < len && idx < (boundary.length * 2)) { + while (read >= 0 && idx < len && idx < Math.addExact(boundary.length, boundary.length)) { //make sure we read enough to detect the boundary read = inStream.read(b, off + idx, len - idx); if (read != -1) { diff --git a/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java b/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java index e21c2fa..cddab83 100644 --- a/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java +++ b/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java @@ -82,7 +82,7 @@ public class Base64OutputStream extends FilterOutputStream { return buf; } private byte[] newArray(byte[] src, int srcPos, int srcLen, byte[] src2, int srcPos2, int srcLen2) { - byte[] buf = new byte[srcLen + srcLen2]; + byte[] buf = new byte[Math.addExact(srcLen, srcLen2)]; System.arraycopy(src, srcPos, buf, 0, srcLen); System.arraycopy(src2, srcPos2, buf, srcLen, srcLen2); return buf; diff --git a/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java b/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java index 0e00f52..6279cff 100644 --- a/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java +++ b/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java @@ -161,7 +161,7 @@ public final class Base64Utility { byte[] ob = new byte[octetCount]; int obcount = 0; - for (int i = o; i < o + l && i < id.length; i++) { + for (int i = o; i < Math.addExact(o, l) && i < id.length; i++) { if (id[i] == PAD || id[i] < BDT.length && BDT[id[i]] != Byte.MAX_VALUE) { diff --git a/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java b/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java index d07a51e..ea4ce34 100644 --- a/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java +++ b/core/src/main/java/org/apache/cxf/common/util/CompressionUtils.java @@ -70,7 +70,8 @@ public final class CompressionUtils { compresser.setInput(tokenBytes); compresser.finish(); - byte[] output = new byte[tokenBytes.length * 2]; + int tokenBytesLength = tokenBytes.length; + byte[] output = new byte[Math.addExact(tokenBytesLength, tokenBytesLength)]; int compressedDataLength = compresser.deflate(output); diff --git a/core/src/main/java/org/apache/cxf/io/ReaderInputStream.java b/core/src/main/java/org/apache/cxf/io/ReaderInputStream.java index 30e7c24..1c8b641 100644 --- a/core/src/main/java/org/apache/cxf/io/ReaderInputStream.java +++ b/core/src/main/java/org/apache/cxf/io/ReaderInputStream.java @@ -224,7 +224,7 @@ public class ReaderInputStream extends InputStream { if (b == null) { throw new NullPointerException("Byte array must not be null"); } - if (len < 0 || off < 0 || (off + len) > b.length) { + if (len < 0 || off < 0 || Math.addExact(off, len) > b.length) { throw new IndexOutOfBoundsException("Array Size=" + b.length + ", offset=" + off + ", length=" + len); } diff --git a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/WebSocketUtils.java b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/WebSocketUtils.java index 8bcc67d..4e27aeb 100644 --- a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/WebSocketUtils.java +++ b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/WebSocketUtils.java @@ -169,7 +169,7 @@ public final class WebSocketUtils { */ public static byte[] buildResponse(byte[] headers, byte[] data, int offset, int length) { final int hlen = headers != null ? headers.length : 0; - byte[] longdata = new byte[length + 2 + hlen]; + byte[] longdata = new byte[Math.addExact(length, hlen) + 2]; if (hlen > 0) { System.arraycopy(headers, 0, longdata, 0, hlen);