From d2b68eb888b75c3cb66cbf2b16fe5d123ca9b26f Mon Sep 17 00:00:00 2001 From: Arthur Chan Date: Tue, 21 Nov 2023 13:46:48 +0000 Subject: [PATCH 1/2] CODEC-313: Fix possible ArrayIndexOutOfBoundsException Signed-off-by: Arthur Chan --- .../apache/commons/codec/net/QuotedPrintableCodec.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/main/java/org/apache/commons/codec/net/QuotedPrintableCodec.java b/src/main/java/org/apache/commons/codec/net/QuotedPrintableCodec.java index b6eea3ec66..e18a1c4c55 100644 --- a/src/main/java/org/apache/commons/codec/net/QuotedPrintableCodec.java +++ b/src/main/java/org/apache/commons/codec/net/QuotedPrintableCodec.java @@ -84,6 +84,11 @@ public class QuotedPrintableCodec implements BinaryEncoder, BinaryDecoder, Strin private static final byte LF = 10; + /** + * Minimum length required for the byte arrays used by encodeQuotedPrintable method + */ + private static final int MIN_BYTES = 3; + /** * Safe line length for quoted printable encoded text. */ @@ -208,6 +213,10 @@ public static final byte[] encodeQuotedPrintable(BitSet printable, final byte[] final int bytesLength = bytes.length; if (strict) { + if (bytesLength < MIN_BYTES) { + return null; + } + int pos = 1; // encode up to buffer.length - 3, the last three octets will be treated // separately for simplification of note #3 From 130dafc4e981ce2caaa7f65b6e5eee9020a87786 Mon Sep 17 00:00:00 2001 From: Arthur Chan Date: Wed, 22 Nov 2023 19:03:53 +0000 Subject: [PATCH 2/2] CODEC-313: Add unit test Signed-off-by: Arthur Chan --- .../apache/commons/codec/net/QuotedPrintableCodecTest.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/test/java/org/apache/commons/codec/net/QuotedPrintableCodecTest.java b/src/test/java/org/apache/commons/codec/net/QuotedPrintableCodecTest.java index 4bce86d101..940a1d8fba 100644 --- a/src/test/java/org/apache/commons/codec/net/QuotedPrintableCodecTest.java +++ b/src/test/java/org/apache/commons/codec/net/QuotedPrintableCodecTest.java @@ -227,6 +227,12 @@ public void testSoftLineBreakEncode() throws Exception { assertEquals(qpdata, qpcodec.encode(decoded)); } + @Test + public void testTooShortByteArray() throws Exception{ + final QuotedPrintableCodec qpcodec = new QuotedPrintableCodec(true); + assertNull(qpcodec.encode("AA"), "Result should be null."); + } + @Test public void testTrailingSpecial() throws Exception { final QuotedPrintableCodec qpcodec = new QuotedPrintableCodec(true);