#38 JSCH Crashes when invalid entries in known_hosts file

open
nobody
None
5
2008-09-11
2008-09-11
Gavin Camp
No

JSCH can fall over with an array bounds exception if there are invailid keys in the known_hosts file.

The Util.fromBase64 method always expects the buffer length to be a factor of 4, if it is not then it will throw an exception.

I've made a small change that fixes/masks this issue, but a better fix may be to pass the error back up through the calling stack.

-----------------------------------------------

static byte[] fromBase64(byte[] buf, int start, int length){

if (length % 4 != 0) {
int newLength = length + (length % 4);
byte [] newbuf = new byte[newLength];
System.arraycopy(buf, start, newbuf, 0, length);
for (int l=length; l<newLength; l++) {
newbuf[l] = '=';
}
return fromBase64(newbuf, 0, newLength);
}

byte[] foo=new byte[length];
int j=0;
for (int i=start;i<start+length;i+=4){
foo[j]=(byte)((val(buf[i])<<2)|((val(buf[i+1])&0x30)>>>4));
if(buf[i+2]==(byte)'='){ j++; break;}
foo[j+1]=(byte)(((val(buf[i+1])&0x0f)<<4)|((val(buf[i+2])&0x3c)>>>2));
if(buf[i+3]==(byte)'='){ j+=2; break;}
foo[j+2]=(byte)(((val(buf[i+2])&0x03)<<6)|(val(buf[i+3])&0x3f));
j+=3;
}
byte[] bar=new byte[j];
System.arraycopy(foo, 0, bar, 0, j);
return bar;
}

Discussion


Log in to post a comment.