Allow a maximum length to be specified when reading strings or byte

arrays, check it before allocating the buffer, and always specify the
maximum length when reading untrusted data - otherwise
CountingConsumer will reject the packet, but not before we've tried to
allocate a buffer of the specified size (up to 2 GB).
This commit is contained in:
akwizgran
2011-08-03 19:29:30 +01:00
parent 5fd87647f8
commit c90a18278b
13 changed files with 73 additions and 31 deletions

View File

@@ -132,6 +132,16 @@ public class ReaderImplTest extends TestCase {
assertTrue(r.eof());
}
@Test
public void testReadStringMaxLength() throws Exception {
setContents("83666F6F" + "83666F6F");
assertEquals("foo", r.readString(3));
try {
r.readString(2);
assertTrue(false);
} catch(FormatException expected) {}
}
@Test
public void testReadBytes() throws Exception {
setContents("F603010203" + "93010203" + "F600" + "90");
@@ -142,6 +152,16 @@ public class ReaderImplTest extends TestCase {
assertTrue(r.eof());
}
@Test
public void testReadBytesMaxLength() throws Exception {
setContents("93010203" + "93010203");
assertTrue(Arrays.equals(new byte[] {1, 2, 3}, r.readBytes(3)));
try {
r.readBytes(2);
assertTrue(false);
} catch(FormatException expected) {}
}
@Test
public void testReadShortList() throws Exception {
setContents("A" + "3" + "01" + "83666F6F" + "FC0080");