[jira] [Updated] (ARTEMIS-4926) Throw checked URISyntaxException on bad URL

Wed, 22 Jan 2025 11:24:58 -0800 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Bertram updated ARTEMIS-4926:
------------------------------------
    Summary: Throw checked URISyntaxException on bad URL  (was: 
IllegalArgumentException in UriSupport.parseParameters)

> Throw checked URISyntaxException on bad URL
> -------------------------------------------
>
>                 Key: ARTEMIS-4926
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4926
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>            Reporter: Ekaterina Zilotina
>            Assignee: Justin Bertram
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: UriSupportFuzzer.java.txt, 
> UriSupportcrash-00152a429040cf0bb95bdce6422303498a30631a, 
> UriSupportcrash-084e9380bd54a4f1eba0131ca1d67f2720c76025, 
> UriSupportcrash-90b1ee0ba36f0cae32ac20469ce0d3ddcfa8e5fa, 
> UriSupportcrash-a520043b41390db8ef10a6675f43ecf6faa7e859, 
> UriSupportcrash-b46a887ae8b7dea48921f85c09f35694d9f502b9, fuzz_state.txt
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Function *URLDecoder.decode()* uses in lines 
> [147|https://github.com/apache/activemq-artemis/blob/b4d3a776499cb3ef9a350107faa998c81b20c3e6/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/uri/URISupport.java#L147]
>  and 
> [148|https://github.com/apache/activemq-artemis/blob/b4d3a776499cb3ef9a350107faa998c81b20c3e6/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/uri/URISupport.java#L148]
>  (URISupport.java) and can produce {*}IllegalArgumentException{*}, which 
> won't be catched when function *UriSupport.parseParameters()* works. 
> This error was found with pure *UriSupport.parseParameters(URI uri)* fuzz 
> testing and may be it does not pose a risk to artemis, but this is important 
> to me, because in this code area there isn't any handling of it. 
> crash samples, fuzz test and part of jazzer log are below



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to