[jira] [Commented] (DIRSERVER-2408) Exceptions in EntrySerializer

Fri, 26 Jul 2024 03:37:04 -0700 


    [ 
https://issues.apache.org/jira/browse/DIRSERVER-2408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17868915#comment-17868915
 ] 

Emmanuel Lécharny commented on DIRSERVER-2408:
----------------------------------------------

Added some more fix for invalid attributes.

> Exceptions in EntrySerializer
> -----------------------------
>
>                 Key: DIRSERVER-2408
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2408
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: jdbm
>            Reporter: Ekaterina Zilotina
>            Priority: Major
>         Attachments: 
> ArrayIndexOutOfBoundsException_entrySerializercrash-bb662918c3c5b52aef5bb949285ae5cd46db2900,
>  DeserializeFuzzer.java.txt, 
> IllegalArgumentException_entrySerializercrash-89989028ed53bb2aa1611da91746de61252b1095,
>  
> NegativeArraySizeException_entrySerializercrash-64473e185b8cb9d1a448ac522e160174375941e3,
>  
> NegativeArraySizeException_entrySerializercrash-ac848f2d23a9f12ddf250f529c3fe654eef5b233,
>  
> NegativeArraySizeException_entrySerializercrash-eeb4c93175ddce8ebc177647324566d4c5e3ca61,
>  
> NullPointerException_entrySerializercrash-085a2198d7a7a20a61c7f16fd90ef3129068bb1b,
>  
> NullPointerException_entrySerializercrash-60a07478c87366934a3b0dce34f0f2067f84f154,
>  
> OutOfMemoryError_entrySerializercrash-1fc0f54909703034301896bca67ba829d81bfa66,
>  
> OutOfMemoryError_entrySerializercrash-4bdb2cd90ef530efe10247e208023c6ec2f15d6f,
>  
> OutOfMemoryError_entrySerializercrash-c4b87b00b80bf9024e4f693271bf51f02a9f076a,
>  dismatch-errorFile-01842911-6276-4fda-88f4-7515b30cdafe, 
> dismatch-errorFile-01a9c722-588d-4299-b95a-e79d2d2fe9a6, 
> dismatch-errorFile-01dcbb78-1a94-4620-bf4d-115f31f678c1, jazzer_output.txt
>
>
> Class: EntrySerializer 
> Method: deserialize()
> I performed fuzz testing of the deserialize() method of EntrySerializer 
> object (for example I took ServerEntrySerializerTest class). In result of 
> fuzzing tests there are some unhandled exceptions:
> 1. OutOfMemoryError when running with '-Xmx1620m' option while create massive 
> with size value from input data (look DEDUP_TOKEN: 3c53e16103f7df69, 
> 0e0655117383aa9c, bac12c1dd0658676 in fuzzer_output.txt)
> 2. NegativeArraySizeException in readExternal() method in line 
> [184|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L184]
>  (DEDUP_TOKEN: c027ed383c214f09 in fuzzer_output.txt) and 
> [219|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L219]
>  (DEDUP_TOKEN: 52fd84779ea9dc9e, d13ede94b076c4f2 in fuzzer_output.txt). 
> Values are using incorrect when create byte[] ([ 
> here|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/entry/Value.java#L1622]
>  and 
> [here|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/entry/Value.java#L1643]
>  )
> 3. IllegalArgumentException with when add attribute in [line 
> 221|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L221]
>  (DEDUP_TOKEN: 75318c370e556bae in fuzzer_output.txt).
> 4. NullPointerException in line 184 when calling readExternal() (DEDUP_TOKEN: 
> e8c7485e75d40809, 368480f2ec2323a7 in fuzzer_output.txt). 
> [SchemaUtils.stripOptions()|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/schema/SchemaUtils.java#L538]
>  takes Null string
> 5. ArrayIndexOutOfBoundsException in [line 
> 213|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L213]
>  (DEDUP_TOKEN: 171eddc8777f746e in fuzzer_output.txt)
> this may not pose a threat to apacheds, but there is no handling of it in 
> this area of ​​code. Perhaps should you add another exception types (or base 
> Exception) to the deserialize() function signature, or wrap the specified 
> methods in try/catch blocks?
> Secondly, my tests compared the result of deserialization into a ServerEntry 
> object and serialization into a set of bytes back with the input bytes. Is 
> this correct that in some cases there are sets of bytes that did not match 
> entry value, but correctly deserializing into ServerEntry object? Important 
> to say, that in 60 seconds of working jazzer it was 80k+ executed units and 
> found ~10k mismatched input and output bytes (that is strange, imho). Example 
> of these input samples, crash samples, fuzz test, jazzer log are below



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to