diff options
author | Alexander Kriegisch <Alexander@Kriegisch.name> | 2022-11-13 11:28:22 +0100 |
---|---|---|
committer | Alexander Kriegisch <Alexander@Kriegisch.name> | 2022-11-13 11:57:20 +0100 |
commit | 063d3cc59aad88f02bc82bc6e417a828dae9ef2d (patch) | |
tree | 62dc48b5bafc6eaf954cf8b2e3395dd8454f4d26 /bcel-builder/src | |
parent | 21d651573103fee74dec9b01c36ad3932d355bcf (diff) | |
download | aspectj-063d3cc59aad88f02bc82bc6e417a828dae9ef2d.tar.gz aspectj-063d3cc59aad88f02bc82bc6e417a828dae9ef2d.zip |
Address upstream BCEL vulnerability CVE-2022-42920
Fixes #192.
See https://github.com/advisories/GHSA-97xg-phpr-rg8q.
See https://issues.apache.org/jira/browse/BCEL-363.
See https://github.com/apache/commons-bcel/pull/147.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
Diffstat (limited to 'bcel-builder/src')
-rw-r--r-- | bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java b/bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java index f8894def4..5b434651e 100644 --- a/bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java +++ b/bcel-builder/src/main/java/org/aspectj/apache/bcel/classfile/ConstantPool.java @@ -59,6 +59,7 @@ import java.io.IOException; import java.util.HashMap; import java.util.Map; +import com.sun.org.apache.bcel.internal.Const; import org.aspectj.apache.bcel.Constants; import org.aspectj.apache.bcel.generic.ArrayType; import org.aspectj.apache.bcel.generic.ObjectType; @@ -288,8 +289,14 @@ public class ConstantPool implements Node { } // TEMPORARY, DONT LIKE PASSING THIS DATA OUT! public void dump(DataOutputStream file) throws IOException { - file.writeShort(poolSize); - for (int i = 1; i < poolSize; i++) + /* + * Constants over the size of the constant pool shall not be written out. + * This is a redundant measure as the ConstantPoolGen should have already + * reported an error back in the situation. + */ + final int size = Math.min(poolSize, Const.MAX_CP_ENTRIES); + file.writeShort(size); + for (int i = 1; i < size; i++) if (pool[i] != null) pool[i].dump(file); } @@ -417,9 +424,19 @@ public class ConstantPool implements Node { } private void adjustSize() { - if (poolSize + 3 >= pool.length) { + // 3 extra spaces are needed as some entries may take 3 slots + if (poolSize + 3 >= Const.MAX_CP_ENTRIES + 1) { + throw new IllegalStateException( + "The number of constants " + (poolSize + 3) + + " is over the size of the constant pool: " + Const.MAX_CP_ENTRIES + ); + } + if (poolSize + 3 >= pool.length) { Constant[] cs = pool; - pool = new Constant[cs.length + 8]; + int size = cs.length + 8; + // the constant array shall not exceed the size of the constant pool + size = Math.min(size, Const.MAX_CP_ENTRIES + 1); + pool = new Constant[size]; System.arraycopy(cs, 0, pool, 0, cs.length); } if (poolSize == 0) |