added check for corrupted stream and escaping NullPointer - relates to github #1888

dghgit · dghgit · commit 25a49a41df8e · 2025-01-12T10:42:18.000+11:00
diff --git a/pg/src/main/java/org/bouncycastle/gpg/SExpression.java b/pg/src/main/java/org/bouncycastle/gpg/SExpression.java
@@ -104,6 +104,10 @@ private static SExpression parseExpression(InputStream src, SExpression expr, By
 
                 if (c == ':')
                 {
+                    if (expr == null)
+                    {
+                        throw new IOException("invalid input stream at ':'");
+                    }
                     try
                     {
                         int len = Integer.parseInt(Strings.fromByteArray(accumulator.toByteArray()));
diff --git a/pg/src/test/java/org/bouncycastle/openpgp/test/SExprTest.java b/pg/src/test/java/org/bouncycastle/openpgp/test/SExprTest.java
@@ -1,15 +1,18 @@
 package org.bouncycastle.openpgp.test;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.security.Security;
 
 import org.bouncycastle.gpg.SExprParser;
+import org.bouncycastle.gpg.SExpression;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openpgp.PGPPrivateKey;
 import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
 import org.bouncycastle.openpgp.operator.jcajce.JcePBEProtectionRemoverFactory;
+import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.test.SimpleTest;
 
@@ -139,9 +142,25 @@ public String getName()
         return "SExprTest";
     }
 
+    private void corruptStreamTest()
+        throws Exception
+    {
+        try
+        {
+            SExpression.parse(new ByteArrayInputStream(Strings.toByteArray("2:3abc")), 2);
+            fail("no exception");
+        }
+        catch (IOException e)
+        {
+            isEquals("invalid input stream at ':'", e.getMessage());
+        }
+    }
+
     public void performTest()
         throws Exception
     {
+        corruptStreamTest();
+
         SExprParser parser = new SExprParser(new JcaPGPDigestCalculatorProviderBuilder().build());
 
         PGPSecretKey k1 = parser.parseSecretKey(new ByteArrayInputStream(key1), new JcePBEProtectionRemoverFactory("fred".toCharArray()), new JcaKeyFingerprintCalculator());

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,10 @@ private static SExpression parseExpression(InputStream src, SExpression expr, By`
`104`	`104`
`105`	`105`	`if (c == ':')`
`106`	`106`	`{`
	`107`	`+ if (expr == null)`
	`108`	`+ {`
	`109`	`+ throw new IOException("invalid input stream at ':'");`
	`110`	`+ }`
`107`	`111`	`try`
`108`	`112`	`{`
`109`	`113`	`int len = Integer.parseInt(Strings.fromByteArray(accumulator.toByteArray()));`