You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In file: SExpression.java, there is a potential case of null pointer dereference. In method parse(), there is a call to parseExpression(), passing parameter SExpression to be null.
But this null case isn't handled in parseExpression(), and addValue() method is invoked on this null object, which will cause NullPointerException.
It is not immediately clear whether consumeUntilSkipCRorLF(), will always return -1 or will always return ( first before entering any other condition when expr is set to null. If that is indeed the case, you may choose to ignore this issue.
Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.
The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.
The text was updated successfully, but these errors were encountered:
Thank you for identifying this potential issue. I’m curious how a valid test case might reach line 140, as the function appears to rely on recursive calls to reach that line. If possible, please provide a valid test case—your assistance is much appreciated.
Thanks. I've managed to reproduce the exception - see org.bouncycastle.openpgp.test.SExprTest.corruptStreamTest(). This is now dealt with, fix should appear on github shortly.
What happended?
In file: SExpression.java, there is a potential case of null pointer dereference. In method parse(), there is a call to parseExpression(), passing parameter
SExpression
to be null.But this
null
case isn't handled inparseExpression()
, and addValue() method is invoked on this null object, which will causeNullPointerException
.It is not immediately clear whether consumeUntilSkipCRorLF(), will always return -1 or will always return
(
first before entering any other condition whenexpr
is set to null. If that is indeed the case, you may choose to ignore this issue.Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.
The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.
The text was updated successfully, but these errors were encountered: