Ekaterina Zilotina created DIRSERVER-2408: ---------------------------------------------
Summary: Exceptions in EntrySerializer Key: DIRSERVER-2408 URL: https://issues.apache.org/jira/browse/DIRSERVER-2408 Project: Directory ApacheDS Issue Type: Bug Components: jdbm Reporter: Ekaterina Zilotina Attachments: ArrayIndexOutOfBoundsException_entrySerializercrash-bb662918c3c5b52aef5bb949285ae5cd46db2900, DeserializeFuzzer.java.txt, IllegalArgumentException_entrySerializercrash-89989028ed53bb2aa1611da91746de61252b1095, NegativeArraySizeException_entrySerializercrash-64473e185b8cb9d1a448ac522e160174375941e3, NegativeArraySizeException_entrySerializercrash-ac848f2d23a9f12ddf250f529c3fe654eef5b233, NegativeArraySizeException_entrySerializercrash-eeb4c93175ddce8ebc177647324566d4c5e3ca61, NullPointerException_entrySerializercrash-085a2198d7a7a20a61c7f16fd90ef3129068bb1b, NullPointerException_entrySerializercrash-60a07478c87366934a3b0dce34f0f2067f84f154, OutOfMemoryError_entrySerializercrash-1fc0f54909703034301896bca67ba829d81bfa66, OutOfMemoryError_entrySerializercrash-4bdb2cd90ef530efe10247e208023c6ec2f15d6f, OutOfMemoryError_entrySerializercrash-c4b87b00b80bf9024e4f693271bf51f02a9f076a, dismatch-errorFile-01842911-6276-4fda-88f4-7515b30cdafe, dismatch-errorFile-01a9c722-588d-4299-b95a-e79d2d2fe9a6, dismatch-errorFile-01dcbb78-1a94-4620-bf4d-115f31f678c1, jazzer_output.txt Class: EntrySerializer Method: deserialize() I performed fuzz testing of the deserialize() method of EntrySerializer object (for example I took ServerEntrySerializerTest class). In result of fuzzing tests there are some unhandled exceptions: 1. OutOfMemoryError when running with '-Xmx1620m' option while create massive with size value from input data (look DEDUP_TOKEN: 3c53e16103f7df69, 0e0655117383aa9c, bac12c1dd0658676 in fuzzer_output.txt) 2. NegativeArraySizeException in readExternal() method in line [184|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L184] (DEDUP_TOKEN: c027ed383c214f09 in fuzzer_output.txt) and [219|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L219] (DEDUP_TOKEN: 52fd84779ea9dc9e, d13ede94b076c4f2 in fuzzer_output.txt). Values are using incorrect when create byte[] ([ here|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/entry/Value.java#L1622] and [here|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/entry/Value.java#L1643] ) 3. IllegalArgumentException with when add attribute in [line 221|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L221] (DEDUP_TOKEN: 75318c370e556bae in fuzzer_output.txt). 4. NullPointerException in line 184 when calling readExternal() (DEDUP_TOKEN: e8c7485e75d40809, 368480f2ec2323a7 in fuzzer_output.txt). [SchemaUtils.stripOptions()|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/schema/SchemaUtils.java#L538] takes Null string 5. ArrayIndexOutOfBoundsException in [line 213|https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/jdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/jdbm/EntrySerializer.java#L213] (DEDUP_TOKEN: 171eddc8777f746e in fuzzer_output.txt) this may not pose a threat to apacheds, but there is no handling of it in this area of code. Perhaps should you add another exception types (or base Exception) to the deserialize() function signature, or wrap the specified methods in try/catch blocks? Secondly, my tests compared the result of deserialization into a ServerEntry object and serialization into a set of bytes back with the input bytes. Is this correct that in some cases there are sets of bytes that did not match entry value, but correctly deserializing into ServerEntry object? Important to say, that in 60 seconds of working jazzer it was 80k+ executed units and found ~10k mismatched input and output bytes (that is strange, imho). Example of these input samples, crash samples, fuzz test, jazzer log are below -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org