Andrey Slepykh created DIRAPI-401: ------------------------------------- Summary: Unhandled Exception (NegativeArraySizeException) in Asn1Decoder Key: DIRAPI-401 URL: https://issues.apache.org/jira/browse/DIRAPI-401 Project: Directory Client API Issue Type: Bug Affects Versions: 2.1.6 Reporter: Andrey Slepykh Attachments: NegativeSizeReproducer.java
Hello, we think we have found a problem in Asn1Decoder implementation for LDAP messages while fuzzing in version 2.1.6. This problem is unhandled exception (NegativeArraySizeException). Steps to reproduce: 1. Download Apache Directory LDAP API v2.1.6: ``` wget wget [https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz] tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz ``` 2. Compile the project (we used jdk-11 and mvn-3.9.6): ``` cd directory-ldap-api-2.1.6 mvn clean package ``` 3. Get the reproducer: ``` mkdir fuzz && cd fuzz mv <path/to/reproducer>/NegativeSizeReproducer.java . ``` 4. Compile the reproducer ``` javac -cp .:../asn1/ber/target/classes/:../asn1/api/target/classes/:../ldap/codec/core/target/classes/:../ldap/model/target/classes/:../ldap/codec/core/target/classes/ ./NegativeSizeReproducer.java ``` 5. Reproduce the exception: ``` java -cp .:../asn1/ber/target/classes/:../asn1/api/target/classes/:../ldap/codec/core/target/classes/:../ldap/model/target/classes/:../ldap/codec/core/target/classes/:../util/target/classes/:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.36.jar:../i18n/target/classes/:../integ-osgi/target/dependency/mina-core-2.2.3.jar NegativeSizeReproducer ``` Found by Linux Verification Center (portal.linuxtesting.ru) with jazzer. Author L.Reviakin (l.revia...@fobos-nt.ru) -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org