From 58ccf74bce134992e10ce52c70830ef4108ff5d6 Mon Sep 17 00:00:00 2001 From: Atsuhiko Yamanaka Date: Mon, 13 May 2013 22:45:06 -0700 Subject: [PATCH] fixed ArrayIndexOutOfBoundsException in signing Before writing data to a buffer, its available size should be checked. --- README | 2 +- README.md | 2 +- examples/README | 2 +- examples/pom.xml | 2 +- jsch-agent-proxy-core/pom.xml | 2 +- .../main/java/com/jcraft/jsch/agentproxy/AgentProxy.java | 6 ++++++ jsch-agent-proxy-jsch/pom.xml | 2 +- jsch-agent-proxy-pageant/pom.xml | 2 +- jsch-agent-proxy-sshagent/pom.xml | 2 +- jsch-agent-proxy-usocket-jna/pom.xml | 2 +- jsch-agent-proxy-usocket-junixsocket/pom.xml | 2 +- jsch-agent-proxy-usocket-nc/pom.xml | 2 +- pom.xml | 2 +- 13 files changed, 18 insertions(+), 12 deletions(-) diff --git a/README b/README index 8ffc583..a9b0f72 100644 --- a/README +++ b/README @@ -39,7 +39,7 @@ Examples $ cd examples $ mvn compile $ mvn exec:java \ - -Dexec.mainClass="com.jcraft.jsch.agentproxy.examples.UsingJSchWithAgentProxy" \ + -Dexec.mainClass="com.jcraft.jsch.agentproxy.examples.JSchWithAgentProxy" \ -Dexec.args="foo@bar.com" diff --git a/README.md b/README.md index 454e182..d333a95 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ This software is licensed under [BSD style license](https://github.com/ymnk/jsch $ cd examples $ mvn compile $ mvn exec:java \ - -Dexec.mainClass="com.jcraft.jsch.agentproxy.examples.UsingJSchWithAgentProxy" \ + -Dexec.mainClass="com.jcraft.jsch.agentproxy.examples.JSchWithAgentProxy" \ -Dexec.args="foo@bar.com" ## Dependencies diff --git a/examples/README b/examples/README index 4190883..3604741 100644 --- a/examples/README +++ b/examples/README @@ -19,5 +19,5 @@ README $ cd examples $ mvn compile $ mvn exec:java \ - -Dexec.mainClass="com.jcraft.jsch.agentproxy.examples.UsingJSchWithAgentProxy" \ + -Dexec.mainClass="com.jcraft.jsch.agentproxy.examples.JSchWithAgentProxy" \ -Dexec.args="foo@bar.com" diff --git a/examples/pom.xml b/examples/pom.xml index 08ceac3..1556997 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -5,7 +5,7 @@ com.jcraft jsch.agentproxy.examples - 0.0.5 + 0.0.6 examples to demonstrate how to use jsch-agent-proxy diff --git a/jsch-agent-proxy-core/pom.xml b/jsch-agent-proxy-core/pom.xml index 53b23a8..22130d7 100644 --- a/jsch-agent-proxy-core/pom.xml +++ b/jsch-agent-proxy-core/pom.xml @@ -6,7 +6,7 @@ com.jcraft jsch.agentproxy - 0.0.5 + 0.0.6 jsch.agentproxy.core diff --git a/jsch-agent-proxy-core/src/main/java/com/jcraft/jsch/agentproxy/AgentProxy.java b/jsch-agent-proxy-core/src/main/java/com/jcraft/jsch/agentproxy/AgentProxy.java index edf7e7e..2d17775 100644 --- a/jsch-agent-proxy-core/src/main/java/com/jcraft/jsch/agentproxy/AgentProxy.java +++ b/jsch-agent-proxy-core/src/main/java/com/jcraft/jsch/agentproxy/AgentProxy.java @@ -121,7 +121,9 @@ public synchronized byte[] sign(byte[] blob, byte[] data) { byte code1 = SSH2_AGENTC_SIGN_REQUEST; byte code2 = SSH2_AGENT_SIGN_RESPONSE; + int required_size = 1 + 4*4 + blob.length + data.length; buffer.reset(); + buffer.checkFreeSize(required_size); buffer.putByte(code1); buffer.putString(blob); buffer.putString(data); @@ -150,7 +152,9 @@ public synchronized byte[] sign(byte[] blob, byte[] data) { public synchronized boolean removeIdentity(byte[] blob) { byte code1 = SSH2_AGENTC_REMOVE_IDENTITY; + int required_size = 1 + 4*2 + blob.length; buffer.reset(); + buffer.checkFreeSize(required_size); buffer.putByte(code1); buffer.putString(blob); buffer.insertLength(); @@ -189,7 +193,9 @@ public synchronized void removeAllIdentities() { public synchronized boolean addIdentity(byte[] identity) { byte code1 = SSH2_AGENTC_ADD_IDENTITY; + int required_size = 1 + 4 + identity.length; buffer.reset(); + buffer.checkFreeSize(required_size); buffer.putByte(code1); buffer.putByte(identity); buffer.insertLength(); diff --git a/jsch-agent-proxy-jsch/pom.xml b/jsch-agent-proxy-jsch/pom.xml index 9f8aa5a..9ec7b0c 100644 --- a/jsch-agent-proxy-jsch/pom.xml +++ b/jsch-agent-proxy-jsch/pom.xml @@ -6,7 +6,7 @@ com.jcraft jsch.agentproxy - 0.0.5 + 0.0.6 jsch.agentproxy.jsch diff --git a/jsch-agent-proxy-pageant/pom.xml b/jsch-agent-proxy-pageant/pom.xml index 3725ce0..2038b37 100644 --- a/jsch-agent-proxy-pageant/pom.xml +++ b/jsch-agent-proxy-pageant/pom.xml @@ -6,7 +6,7 @@ com.jcraft jsch.agentproxy - 0.0.5 + 0.0.6 jsch.agentproxy.pageant diff --git a/jsch-agent-proxy-sshagent/pom.xml b/jsch-agent-proxy-sshagent/pom.xml index 1d066fa..cef2469 100644 --- a/jsch-agent-proxy-sshagent/pom.xml +++ b/jsch-agent-proxy-sshagent/pom.xml @@ -6,7 +6,7 @@ com.jcraft jsch.agentproxy - 0.0.5 + 0.0.6 jsch.agentproxy.sshagent diff --git a/jsch-agent-proxy-usocket-jna/pom.xml b/jsch-agent-proxy-usocket-jna/pom.xml index 0642809..ffd5005 100644 --- a/jsch-agent-proxy-usocket-jna/pom.xml +++ b/jsch-agent-proxy-usocket-jna/pom.xml @@ -6,7 +6,7 @@ com.jcraft jsch.agentproxy - 0.0.5 + 0.0.6 jsch.agentproxy.usocket-jna diff --git a/jsch-agent-proxy-usocket-junixsocket/pom.xml b/jsch-agent-proxy-usocket-junixsocket/pom.xml index cffe0e6..f48a2a8 100644 --- a/jsch-agent-proxy-usocket-junixsocket/pom.xml +++ b/jsch-agent-proxy-usocket-junixsocket/pom.xml @@ -6,7 +6,7 @@ com.jcraft jsch.agentproxy - 0.0.5 + 0.0.6 jsch.agentproxy.usocket-junixsocket diff --git a/jsch-agent-proxy-usocket-nc/pom.xml b/jsch-agent-proxy-usocket-nc/pom.xml index 4e3a6db..5986aa5 100644 --- a/jsch-agent-proxy-usocket-nc/pom.xml +++ b/jsch-agent-proxy-usocket-nc/pom.xml @@ -6,7 +6,7 @@ com.jcraft jsch.agentproxy - 0.0.5 + 0.0.6 jsch.agentproxy.usocket-nc diff --git a/pom.xml b/pom.xml index 78339a8..0b61bff 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ com.jcraft jsch.agentproxy - 0.0.5 + 0.0.6 pom jsch-agent-proxy: a parent of modules