8129544: ArrayIndexOutOfBoundsException when decoding corrupt Base64 string
Summary: to take input bytes as unsigned before check range
Reviewed-by: alanb
--- a/jdk/src/java.base/share/classes/java/util/Base64.java Wed Jun 24 18:50:19 2015 +0300
+++ b/jdk/src/java.base/share/classes/java/util/Base64.java Wed Jun 24 11:15:23 2015 -0700
@@ -737,7 +737,7 @@
// anything left is invalid, if is not MIME.
// if MIME, ignore all non-base64 character
while (sp < sl) {
- if (isMIME && base64[src[sp++]] < 0)
+ if (isMIME && base64[src[sp++] & 0xff] < 0)
continue;
throw new IllegalArgumentException(
"Input byte array has incorrect ending byte at " + sp);
--- a/jdk/test/java/util/Base64/TestBase64.java Wed Jun 24 18:50:19 2015 +0300
+++ b/jdk/test/java/util/Base64/TestBase64.java Wed Jun 24 11:15:23 2015 -0700
@@ -23,7 +23,7 @@
/**
* @test 4235519 8004212 8005394 8007298 8006295 8006315 8006530 8007379 8008925
- * 8014217 8025003 8026330 8028397
+ * 8014217 8025003 8026330 8028397 8129544
* @summary tests java.util.Base64
* @key randomness
*/
@@ -408,7 +408,16 @@
}});
}
}
- }
+
+ // anything left after padding is "invalid"/IAE, if
+ // not MIME. In case of MIME, non-base64 character(s)
+ // is ignored.
+ checkIAE(new Runnable() { public void run() {
+ Base64.getDecoder().decode("AA==\u00D2"); }});
+ checkIAE(new Runnable() { public void run() {
+ Base64.getUrlDecoder().decode("AA==\u00D2"); }});
+ Base64.getMimeDecoder().decode("AA==\u00D2");
+ }
private static void testDecodeUnpadded() throws Throwable {
byte[] srcA = new byte[] { 'Q', 'Q' };