[jira] [Commented] (DIRSERVER-2406) Exceptions in DhcpMessageDecoder

Tue, 23 Jul 2024 14:19:45 -0700 


    [ 
https://issues.apache.org/jira/browse/DIRSERVER-2406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17868189#comment-17868189
 ] 

Emmanuel Lécharny commented on DIRSERVER-2406:
----------------------------------------------

Hi,

not the most used part of the server, by far ;^)
I agree something should be fixed there.

Thanks for the report!


> Exceptions in DhcpMessageDecoder
> --------------------------------
>
>                 Key: DIRSERVER-2406
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2406
>             Project: Directory ApacheDS
>          Issue Type: Bug
>            Reporter: Ekaterina Zilotina
>            Priority: Major
>         Attachments: DecodeFuzzer.java.txt, jazzer_output.txt, samples.tgz
>
>
> Class: DhcpMessageDecoder
> Method: decode()
> In result of fuzzing tests of function decode() there are some unhandled 
> exceptions:
>  # BufferUnderflowException in methods 
> [ByteBuffer.get()|https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/nio/ByteBuffer.html#get()]
>  , 
> [ByteBuffer.getInt()|https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/nio/ByteBuffer.html#getInt()]
>  , 
> [ByteBuffer.getShort()|https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/nio/ByteBuffer.html#getShort()].
>  These methods also are using in other DhcpMessageDecoder methods like 
> decodeOptions(), decodeString(), decodeAddress(), where jazzer found 
> BufferUnderflowException too.
>  # ArrayIndexOutOfBoundsException [in method 
> decodeString()|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/protocol-dhcp/src/main/java/org/apache/directory/server/dhcp/io/DhcpMessageDecoder.java#L109]
>  # NegativeArraySizeException [in method 
> decodeOptions()|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/protocol-dhcp/src/main/java/org/apache/directory/server/dhcp/io/DhcpMessageDecoder.java#L183]
> this may not pose a threat to apacheds, but there is no handling in this area 
> of ​​code. Perhaps you should add another exception types (or base Exception) 
> to the decode() function signature, or wrap the specified methods in 
> try/catch blocks. Crash samples, fuzz test and part of jazzer log are below



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to