Added a fix for ASN1 PDU with negative length; JIRA DIRAPI-401

Author: elecharny

asn1/ber/src/main/java/org/apache/directory/api/asn1/ber/Asn1Decoder.java

@@ -246,8 +246,9 @@ else if ( ( octet & TLV.LENGTH_EXTENSION_RESERVED ) != TLV.LENGTH_EXTENSION_RESE
      * the result and other informations.
      * @return <code>true</code> if there are more bytes to read, <code>false
      * </code> otherwise
+     * @throws DecoderException Thrown if anything went wrong
      */
-    private static boolean treatLengthPendingState( ByteBuffer stream, Asn1Container container )
+    private static boolean treatLengthPendingState( ByteBuffer stream, Asn1Container container ) throws DecoderException
     {
         if ( stream.hasRemaining() )
         {
@@ -265,6 +266,13 @@ private static boolean treatLengthPendingState( ByteBuffer stream, Asn1Container
 
                 tlv.incLengthBytesRead();
                 length = ( length << 8 ) | ( octet & 0x00FF );
+                
+                if ( length < 0 )
+                {
+                    String msg = I18n.err( I18n.ERR_01002_TLV_NULL );
+                    LOG.error( msg );
+                    throw new DecoderException( msg );
+                }
 
                 if ( !stream.hasRemaining() )
                 {

i18n/src/main/java/org/apache/directory/api/i18n/I18n.java

@@ -55,6 +55,7 @@ public enum I18n
     ERR_01308_ZERO_LENGTH_TLV( "ERR_01308_ZERO_LENGTH_TLV" ),
     ERR_01309_EMPTY_TLV( "ERR_01309_EMPTY_TLV" ),
     ERR_01310_INTEGER_DECODING_ERROR( "ERR_01310_INTEGER_DECODING_ERROR" ),
+    ERR_01311_NEGATIVE_LENGTH( "ERR_01311_NEGATIVE_LENGTH" ),
 
     //     actions                      1100 -  1199
     ERR_01100_INCORRECT_LENGTH( "ERR_01100_INCORRECT_LENGTH" ),

i18n/src/main/resources/org/apache/directory/api/i18n/errors.properties

@@ -59,7 +59,7 @@ ERR_01307_0_BYTES_LONG_LONG=The value is 0 byte long. This is not allowed for a
 ERR_01308_ZERO_LENGTH_TLV=The TLV has a zero length. This is not allowed
 ERR_01309_EMPTY_TLV=The LdapMessage should not be empty
 ERR_01310_INTEGER_DECODING_ERROR=The integer cannot be decoded: {0}
-
+ERR_01311_NEGATIVE_LENGTH=The length should not be negative
 
 # asn1-codec
 ERR_01001=Encoded result is not a ByteBuffer: {0}

ldap/codec/core/src/test/java/org/apache/directory/api/ldap/codec/LdapMessageTest.java

@@ -36,6 +36,7 @@
 import org.apache.directory.api.ldap.codec.api.LdapEncoder;
 import org.apache.directory.api.ldap.codec.api.LdapMessageContainer;
 import org.apache.directory.api.ldap.codec.osgi.AbstractCodecServiceTest;
+import org.apache.directory.api.ldap.model.exception.LdapURLEncodingException;
 import org.apache.directory.api.ldap.model.message.Message;
 import org.apache.directory.api.ldap.model.message.UnbindRequest;
 import org.junit.jupiter.api.Test;
@@ -270,4 +271,28 @@ public void testDecodeUnBindRequestNoControls() throws DecoderException, Encoder
 
         assertArrayEquals( stream.array(), result.array() );
     }
+    
+    
+    /**
+     * test a negative length
+     */
+    @Test
+    public void testNegativeLength() throws LdapURLEncodingException
+    {
+    	String base64Bytes = String.join("", "CoT/gwr/Jg==");
+    	
+    	byte[] input = java.util.Base64.getDecoder().decode(base64Bytes);
+    	
+    	ByteBuffer stream = ByteBuffer.allocate(input.length);
+        stream.put(input);
+        stream.flip();
+
+        org.apache.directory.api.ldap.codec.api.LdapApiService codec = new org.apache.directory.api.ldap.codec.osgi.DefaultLdapCodecService();
+        LdapMessageContainer<Message> container = new LdapMessageContainer<>(codec);
+
+        assertThrows( DecoderException.class, ( ) ->
+        {
+            Asn1Decoder.decode(stream, container);
+        } );
+    }
 }