Skip to content

Commit

Permalink
added check for corrupted stream and escaping NullPointer - relates t…
Browse files Browse the repository at this point in the history
…o github #1888
  • Loading branch information
dghgit committed Jan 11, 2025
1 parent 3d0c6a4 commit 25a49a4
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pg/src/main/java/org/bouncycastle/gpg/SExpression.java
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,10 @@ private static SExpression parseExpression(InputStream src, SExpression expr, By

if (c == ':')
{
if (expr == null)
{
throw new IOException("invalid input stream at ':'");
}
try
{
int len = Integer.parseInt(Strings.fromByteArray(accumulator.toByteArray()));
Expand Down
19 changes: 19 additions & 0 deletions pg/src/test/java/org/bouncycastle/openpgp/test/SExprTest.java
Original file line number Diff line number Diff line change
@@ -1,15 +1,18 @@
package org.bouncycastle.openpgp.test;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Security;

import org.bouncycastle.gpg.SExprParser;
import org.bouncycastle.gpg.SExpression;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBEProtectionRemoverFactory;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.test.SimpleTest;

Expand Down Expand Up @@ -139,9 +142,25 @@ public String getName()
return "SExprTest";
}

private void corruptStreamTest()
throws Exception
{
try
{
SExpression.parse(new ByteArrayInputStream(Strings.toByteArray("2:3abc")), 2);
fail("no exception");
}
catch (IOException e)
{
isEquals("invalid input stream at ':'", e.getMessage());
}
}

public void performTest()
throws Exception
{
corruptStreamTest();

SExprParser parser = new SExprParser(new JcaPGPDigestCalculatorProviderBuilder().build());

PGPSecretKey k1 = parser.parseSecretKey(new ByteArrayInputStream(key1), new JcePBEProtectionRemoverFactory("fred".toCharArray()), new JcaKeyFingerprintCalculator());
Expand Down

0 comments on commit 25a49a4

Please sign in to comment.