[ https://issues.apache.org/jira/browse/NIFI-13429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Villard updated NIFI-13429: ---------------------------------- Fix Version/s: 2.0.0-M4 > EncryptContentPGP Packet Detection Invalid for JPEG Files > --------------------------------------------------------- > > Key: NIFI-13429 > URL: https://issues.apache.org/jira/browse/NIFI-13429 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions > Affects Versions: 1.15.0, 1.26.0, 2.0.0-M3 > Reporter: David Handermann > Assignee: David Handermann > Priority: Major > Fix For: 2.0.0-M4, 1.27.0 > > > The {{EncryptContentPGP}} Processor performs input content evaluation to > avoid additional wrapping around signed OpenPGP payloads. This content > evaluation inspects the initial bytes for an OpenPGP Packet Tag, but does not > evaluate the Packet Type. As a result, some types of input files, such as > JPEG, can result in incorrect evaluation, producing invalid output from > {{EncryptContentPGP}}. When attempting to decrypt malformed files in > {{DecryptContentPGP}}, the following error occurs: > {noformat} > DecryptContentPGP[id=3687fd8a-0190-1000-345b-fcaaba5a3e0c] Decryption Failed > StandardFlowFileRecord[uuid=2c60ab6c-16cd-49c5-b2c8-f4e3d3a8f920,claim=StandardContentClaim > [resourceClaim=StandardResourceClaim[id=1718901851045-2, container=default, > section=2], offset=0, length=82192],offset=0,name=unsplash.jpg,size=82192] > org.bouncycastle.openpgp.PGPRuntimeOperationException: Iterator failed to get > next object: invalid header encountered > at org.bouncycastle.openpgp.PGPObjectFactory$1.getObject(Unknown Source) > at org.bouncycastle.openpgp.PGPObjectFactory$1.hasNext(Unknown Source) > at > org.apache.nifi.processors.pgp.DecryptContentPGP$DecryptStreamCallback.getLiteralData(DecryptContentPGP.java:357) > at > org.apache.nifi.processors.pgp.DecryptContentPGP$DecryptStreamCallback.getLiteralData(DecryptContentPGP.java:347) > at > org.apache.nifi.processors.pgp.DecryptContentPGP$DecryptStreamCallback.process(DecryptContentPGP.java:278) > at > org.apache.nifi.controller.repository.StandardProcessSession.write(StandardProcessSession.java:3425) > at > org.apache.nifi.processors.pgp.DecryptContentPGP.onTrigger(DecryptContentPGP.java:181) > at > org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27) > at > org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1274) > at > org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:244) > at > org.apache.nifi.controller.scheduling.AbstractTimeBasedSchedulingAgent.lambda$doScheduleOnce$0(AbstractTimeBasedSchedulingAgent.java:59) > at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110) > at > java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) > at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) > at > java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) > at > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) > at > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) > at java.base/java.lang.Thread.run(Thread.java:1583) > Caused by: java.io.IOException: invalid header encountered > at org.bouncycastle.bcpg.BCPGInputStream.readPacket(Unknown Source) > at org.bouncycastle.openpgp.PGPSignature.<init>(Unknown Source) > at org.bouncycastle.openpgp.PGPObjectFactory.nextObject(Unknown Source) > ... 18 common frames omitted > {noformat} > The input packet evaluation should be improved to avoid incorrect > identification of non-OpenPGP files. -- This message was sent by Atlassian Jira (v8.20.10#820010)