[jira] [Created] (DIRSERVER-2408) Exceptions in EntrySerializer

Mon, 22 Jul 2024 04:57:03 -0700 

Ekaterina Zilotina created DIRSERVER-2408:
---------------------------------------------

             Summary: Exceptions in EntrySerializer
                 Key: DIRSERVER-2408
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2408
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: jdbm
            Reporter: Ekaterina Zilotina
         Attachments: 
ArrayIndexOutOfBoundsException_entrySerializercrash-bb662918c3c5b52aef5bb949285ae5cd46db2900,
 DeserializeFuzzer.java.txt, 
IllegalArgumentException_entrySerializercrash-89989028ed53bb2aa1611da91746de61252b1095,
 
NegativeArraySizeException_entrySerializercrash-64473e185b8cb9d1a448ac522e160174375941e3,
 
NegativeArraySizeException_entrySerializercrash-ac848f2d23a9f12ddf250f529c3fe654eef5b233,
 
NegativeArraySizeException_entrySerializercrash-eeb4c93175ddce8ebc177647324566d4c5e3ca61,
 
NullPointerException_entrySerializercrash-085a2198d7a7a20a61c7f16fd90ef3129068bb1b,
 
NullPointerException_entrySerializercrash-60a07478c87366934a3b0dce34f0f2067f84f154,
 
OutOfMemoryError_entrySerializercrash-1fc0f54909703034301896bca67ba829d81bfa66, 
OutOfMemoryError_entrySerializercrash-4bdb2cd90ef530efe10247e208023c6ec2f15d6f, 
OutOfMemoryError_entrySerializercrash-c4b87b00b80bf9024e4f693271bf51f02a9f076a, 
dismatch-errorFile-01842911-6276-4fda-88f4-7515b30cdafe, 
dismatch-errorFile-01a9c722-588d-4299-b95a-e79d2d2fe9a6, 
dismatch-errorFile-01dcbb78-1a94-4620-bf4d-115f31f678c1, jazzer_output.txt

Class: EntrySerializer 
Method: deserialize()

I performed fuzz testing of the deserialize() method of EntrySerializer object 
(for example I took ServerEntrySerializerTest class). In result of fuzzing 
tests there are some unhandled exceptions:

1. OutOfMemoryError when running with '-Xmx1620m' option while create massive 
with size value from input data (look DEDUP_TOKEN: 3c53e16103f7df69, 
0e0655117383aa9c, bac12c1dd0658676 in fuzzer_output.txt)

2. NegativeArraySizeException in readExternal() method in line 
[184|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L184]
 (DEDUP_TOKEN: c027ed383c214f09 in fuzzer_output.txt) and 
[219|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L219]
 (DEDUP_TOKEN: 52fd84779ea9dc9e, d13ede94b076c4f2 in fuzzer_output.txt). Values 
are using incorrect when create byte[] ([ 
here|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/entry/Value.java#L1622]
 and 
[here|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/entry/Value.java#L1643]
 )

3. IllegalArgumentException with when add attribute in [line 
221|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L221]
 (DEDUP_TOKEN: 75318c370e556bae in fuzzer_output.txt).

4. NullPointerException in line 184 when calling readExternal() (DEDUP_TOKEN: 
e8c7485e75d40809, 368480f2ec2323a7 in fuzzer_output.txt). 
[SchemaUtils.stripOptions()|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/schema/SchemaUtils.java#L538]
 takes Null string

5. ArrayIndexOutOfBoundsException in [line 
213|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L213]
 (DEDUP_TOKEN: 171eddc8777f746e in fuzzer_output.txt)

this may not pose a threat to apacheds, but there is no handling of it in this 
area of ​​code. Perhaps should you add another exception types (or base 
Exception) to the deserialize() function signature, or wrap the specified 
methods in try/catch blocks?

Secondly, my tests compared the result of deserialization into a ServerEntry 
object and serialization into a set of bytes back with the input bytes. Is this 
correct that in some cases there are sets of bytes that did not match entry 
value, but correctly deserializing into ServerEntry object? Important to say, 
that in 60 seconds of working jazzer it was 80k+ executed units and found ~10k 
mismatched input and output bytes (that is strange, imho). Example of these 
input samples, crash samples, fuzz test, jazzer log are below



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

Reply via email to