/hg/icedtea-web: Fixed ArrayIndexOutOfBound in version cornercas...

jvanek at icedtea.classpath.org jvanek at icedtea.classpath.org
Thu Sep 3 13:11:19 UTC 2015 

changeset 1a1cbf3b1123 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=1a1cbf3b1123
author: Jiri Vanek <jvanek at redhat.com>
date: Thu Sep 03 15:10:54 2015 +0200

	Fixed ArrayIndexOutOfBound in version cornercase issue

	* netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java: length of array is checked,
	* tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/VersionRestrictionTest.java: added tests for this case


diffstat:

 ChangeLog                                                                                             |   8 +
 netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java   |   5 +-
 tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/VersionRestrictionTest.java |  43 +++++++++-
 3 files changed, 50 insertions(+), 6 deletions(-)

diffs (104 lines):

diff -r 5ddfe3e389ab -r 1a1cbf3b1123 ChangeLog
--- a/ChangeLog	Thu Sep 03 14:55:14 2015 +0200
+++ b/ChangeLog	Thu Sep 03 15:10:54 2015 +0200
@@ -1,3 +1,11 @@
+2015-09-03  Jiri Vanek  <jvanek at redhat.com>
+
+	Fixed ArrayIndexOutOfBound in version cornercase issue
+	* netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java:
+	length of array is checked,
+	* tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/VersionRestrictionTest.java:
+	added tests for this case
+
 2015-09-03  Jiri Vanek  <jvanek at redhat.com>
 
 	Added identificator to .appletTrustSettings to specify version of file
diff -r 5ddfe3e389ab -r 1a1cbf3b1123 netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java	Thu Sep 03 14:55:14 2015 +0200
+++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/impl/UnsignedAppletActionStorageImpl.java	Thu Sep 03 15:10:54 2015 +0200
@@ -90,8 +90,7 @@
     protected void readLine(String line) {
         if (line.trim().length() != 0) {
             lineCounter++;
-            //note, there is an sapce at the beggining of  versionPreffix
-            if (line.startsWith(versionPreffix)) {
+            if (line.startsWith(versionPreffix) && line.trim().split("\\s+").length > 1) {
                 if (readVersion == null) {
                     readVersion = line.trim();
                     actOnVersionLoad();
@@ -281,8 +280,6 @@
     }
 
     private void actOnVersionLoad() {
-        //note, there is an sapce at the beggining of  versionPreffix
-        //so inut have always length at least 2
         String versionS = readVersion.split("\\s+")[1];
         int version = 0;
         try{
diff -r 5ddfe3e389ab -r 1a1cbf3b1123 tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/VersionRestrictionTest.java
--- a/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/VersionRestrictionTest.java	Thu Sep 03 14:55:14 2015 +0200
+++ b/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/impl/VersionRestrictionTest.java	Thu Sep 03 15:10:54 2015 +0200
@@ -55,7 +55,7 @@
 import org.junit.Before;
 import org.junit.Test;
 
-public class VersionRestrictionTest extends  NoStdOutErrTest{
+public class VersionRestrictionTest extends NoStdOutErrTest {
 
     private static File testFile;
     private static final SavedRememberAction sra = new SavedRememberAction(ExecuteAppletAction.ALWAYS, "NO");
@@ -90,7 +90,7 @@
 
             @Override
             public boolean accept(File dir, String name) {
-                return name.matches(testFile.getName() + "\\.[0123456789]+"+UnsignedAppletActionStorageImpl.BACKUP_SUFFIX);
+                return name.matches(testFile.getName() + "\\.[0123456789]+" + UnsignedAppletActionStorageImpl.BACKUP_SUFFIX);
             }
         });
         return f;
@@ -139,6 +139,45 @@
     }
 
     @Test
+    public void numberFormatExceptionInOnInLoad2() throws IOException {
+        ServerAccess.saveFile("#VERSION\n"
+                + "cN:N{YES}; 1 \\Qhttp://some.url/\\E \\Qhttp://some.url/\\E jar.jar", testFile);
+        UnsignedAppletActionStorageImpl i1 = new UnsignedAppletActionStorageImpl(testFile);
+        i1.readContents();
+        Assert.assertEquals(0, i1.items.size());
+        i1.add(aq);
+        i1.readContents();
+        Assert.assertEquals(1, i1.items.size());
+        checkBackupFile(true, 0);
+    }
+
+    @Test
+    public void numberFormatExceptionInOnInLoad3() throws IOException {
+        ServerAccess.saveFile("#VERSION \n"
+                + "cN:N{YES}; 1 \\Qhttp://some.url/\\E \\Qhttp://some.url/\\E jar.jar", testFile);
+        UnsignedAppletActionStorageImpl i1 = new UnsignedAppletActionStorageImpl(testFile);
+        i1.readContents();
+        Assert.assertEquals(0, i1.items.size());
+        i1.add(aq);
+        i1.readContents();
+        Assert.assertEquals(1, i1.items.size());
+        checkBackupFile(true, 0);
+    }
+
+    @Test
+    public void numberFormatExceptionInOnInLoad4() throws IOException {
+        ServerAccess.saveFile("#VERSION                \n"
+                + "cN:N{YES}; 1 \\Qhttp://some.url/\\E \\Qhttp://some.url/\\E jar.jar", testFile);
+        UnsignedAppletActionStorageImpl i1 = new UnsignedAppletActionStorageImpl(testFile);
+        i1.readContents();
+        Assert.assertEquals(0, i1.items.size());
+        i1.add(aq);
+        i1.readContents();
+        Assert.assertEquals(1, i1.items.size());
+        checkBackupFile(true, 0);
+    }
+
+    @Test
     public void correctLoad() throws IOException {
         ServerAccess.saveFile("#VERSION 2\n"
                 + "cN:N{YES}; 1 \\Qhttp://some.url/\\E \\Qhttp://some.url/\\E jar.jar", testFile);

More information about the distro-pkg-dev mailing list