Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Class: EntrySerializer
Method: deserialize()
I performed fuzz testing of the deserialize() method of EntrySerializer object (for example I took ServerEntrySerializerTest class). In result of fuzzing tests there are some unhandled exceptions:
1. OutOfMemoryError when running with '-Xmx1620m' option while create massive with size value from input data (look DEDUP_TOKEN: 3c53e16103f7df69, 0e0655117383aa9c, bac12c1dd0658676 in fuzzer_output.txt)
2. NegativeArraySizeException in readExternal() method in line 184 (DEDUP_TOKEN: c027ed383c214f09 in fuzzer_output.txt) and 219 (DEDUP_TOKEN: 52fd84779ea9dc9e, d13ede94b076c4f2 in fuzzer_output.txt). Values are using incorrect when create byte[] ([ here|https://github.com/apache/directory-ldap-api/blob/bc63cabe199905158578dbf4936eb60fcd6ae4b4/ldap/model/src/main/java/org/apache/directory/api/ldap/model/entry/Value.java#L1622] and here )
3. IllegalArgumentException with when add attribute in line 221 (DEDUP_TOKEN: 75318c370e556bae in fuzzer_output.txt).
4. NullPointerException in line 184 when calling readExternal() (DEDUP_TOKEN: e8c7485e75d40809, 368480f2ec2323a7 in fuzzer_output.txt). SchemaUtils.stripOptions() takes Null string
5. ArrayIndexOutOfBoundsException in line 213 (DEDUP_TOKEN: 171eddc8777f746e in fuzzer_output.txt)
this may not pose a threat to apacheds, but there is no handling of it in this area of code. Perhaps should you add another exception types (or base Exception) to the deserialize() function signature, or wrap the specified methods in try/catch blocks?
Secondly, my tests compared the result of deserialization into a ServerEntry object and serialization into a set of bytes back with the input bytes. Is this correct that in some cases there are sets of bytes that did not match entry value, but correctly deserializing into ServerEntry object? Important to say, that in 60 seconds of working jazzer it was 80k+ executed units and found ~10k mismatched input and output bytes (that is strange, imho). Example of these input samples, crash samples, fuzz test, jazzer log are below