Merge branch '1433-illegal-characters' into 'master'

Handle illegal byte sequences safely in BdfReaderImpl Closes #1433 See merge request briar/briar!967
2026-02-14 03:39:05 +01:00 · 2018-10-30 13:58:36 +00:00
parent 90b7b4e67f 0d7e4feaf2
commit 69e7366226
4 changed files with 67 additions and 7 deletions
--- a/bramble-core/src/main/java/org/briarproject/bramble/data/BdfReaderImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/data/BdfReaderImpl.java
@@ -29,6 +29,7 @@ import static org.briarproject.bramble.data.Types.STRING_16;
 import static org.briarproject.bramble.data.Types.STRING_32;
 import static org.briarproject.bramble.data.Types.STRING_8;
 import static org.briarproject.bramble.data.Types.TRUE;
+import static org.briarproject.bramble.util.StringUtils.fromUtf8;

@NotThreadSafe
@NotNullByDefault
@@ -253,7 +254,7 @@ class BdfReaderImpl implements BdfReader {
 		if (length < 0 || length > maxBufferSize) throw new FormatException();
 		if (length == 0) return "";
 		readIntoBuffer(length);
-		return new String(buf, 0, length, "UTF-8");
+		return fromUtf8(buf, 0, length);
 	}

 	private int readStringLength() throws IOException {
--- a/bramble-core/src/test/java/org/briarproject/bramble/data/BdfReaderImplFuzzingTest.java
+++ b/bramble-core/src/test/java/org/briarproject/bramble/data/BdfReaderImplFuzzingTest.java
@@ -0,0 +1,41 @@
+package org.briarproject.bramble.data;
+
+import org.briarproject.bramble.test.BrambleTestCase;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.ByteArrayInputStream;
+import java.util.Random;
+
+import static org.briarproject.bramble.api.data.BdfReader.DEFAULT_MAX_BUFFER_SIZE;
+import static org.briarproject.bramble.api.data.BdfReader.DEFAULT_NESTED_LIMIT;
+import static org.briarproject.bramble.test.TestUtils.isOptionalTestEnabled;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
+
+public class BdfReaderImplFuzzingTest extends BrambleTestCase {
+
+	@Before
+	public void setUp() {
+		assumeTrue(isOptionalTestEnabled(BdfReaderImplFuzzingTest.class));
+	}
+
+	@Test
+	public void testStringFuzzing() throws Exception {
+		Random random = new Random();
+		byte[] buf = new byte[22];
+		ByteArrayInputStream in = new ByteArrayInputStream(buf);
+		for (int i = 0; i < 100_000_000; i++) {
+			random.nextBytes(buf);
+			buf[0] = 0x41; // String with 1-byte length
+			buf[1] = 0x14; // Length 20 bytes
+			in.reset();
+			BdfReaderImpl r = new BdfReaderImpl(in, DEFAULT_NESTED_LIMIT,
+					DEFAULT_MAX_BUFFER_SIZE);
+			int length = r.readString().length();
+			assertTrue(length >= 0);
+			assertTrue(length <= 20);
+			assertTrue(r.eof());
+		}
+	}
+}