From 5fcbeb93b178ae2ac4bf36dfa4ef5311a9b552ba Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 19 May 2011 10:56:23 +0000
Subject: [PATCH] Prevent AVA parsing from throwing StringIndexOutOfBoundsExceptions.

---
 opendj3/opendj-sdk/src/test/java/org/opends/sdk/DNTestCase.java |    2 
 opendj3/opendj-sdk/src/main/java/org/opends/sdk/AVA.java        |   62 +++++++++++++------------------
 2 files changed, 27 insertions(+), 37 deletions(-)

diff --git a/opendj3/opendj-sdk/src/main/java/org/opends/sdk/AVA.java b/opendj3/opendj-sdk/src/main/java/org/opends/sdk/AVA.java
index 033a9dc..d4eb6f1 100644
--- a/opendj3/opendj-sdk/src/main/java/org/opends/sdk/AVA.java
+++ b/opendj3/opendj-sdk/src/main/java/org/opends/sdk/AVA.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2010 Sun Microsystems, Inc.
+ *      Portions copyright 2011 ForgeRock AS.
  */
 
 package org.opends.sdk;
@@ -123,8 +124,18 @@
     // Skip over any spaces at the beginning.
     reader.skipWhitespaces();
 
+    if (reader.remaining() == 0)
+    {
+      final LocalizableMessage message = ERR_ATTR_SYNTAX_DN_ATTR_NO_NAME
+          .get(reader.getString());
+      throw new LocalizedIllegalArgumentException(message);
+    }
+
     final AttributeType attribute = readAttributeName(reader, schema);
 
+    // Skip over any spaces if we have.
+    reader.skipWhitespaces();
+
     // Make sure that we're not at the end of the DN string because
     // that would be invalid.
     if (reader.remaining() == 0)
@@ -134,9 +145,6 @@
       throw new LocalizedIllegalArgumentException(message);
     }
 
-    // Skip over any spaces if we have.
-    reader.skipWhitespaces();
-
     // The next character must be an equal sign. If it is not, then
     // that's an error.
     char c;
@@ -172,7 +180,7 @@
     {
       final LocalizableMessage message = ERR_HEX_DECODE_INVALID_LENGTH
           .get(hexBuffer);
-      DecodeException.error(message);
+      throw DecodeException.error(message);
     }
 
     int pos = 0;
@@ -342,8 +350,9 @@
           {
             final LocalizableMessage msg = ERR_ATTR_SYNTAX_DN_ESCAPED_HEX_VALUE_INVALID
                 .get(reader.getString());
-            DecodeException.error(msg);
+            throw DecodeException.error(msg);
           }
+
           // Check the next byte for hex.
           final char c2 = reader.read();
           if (isHexDigit(c2))
@@ -360,7 +369,7 @@
           {
             final LocalizableMessage message = ERR_ATTR_SYNTAX_DN_ESCAPED_HEX_VALUE_INVALID
                 .get(reader.getString());
-            DecodeException.error(message);
+            throw DecodeException.error(message);
           }
         }
         else
@@ -412,9 +421,16 @@
     if (isDigit(c))
     {
       boolean lastWasPeriod = false;
-      while (reader.remaining() > 0 && (c = reader.read()) != '=')
+      while (reader.remaining() > 0)
       {
-        if (c == '.')
+        c = reader.read();
+
+        if (c == '=' || c == ' ')
+        {
+          // This signals the end of the OID.
+          break;
+        }
+        else if (c == '.')
         {
           if (lastWasPeriod)
           {
@@ -448,38 +464,12 @@
       while (reader.remaining() > 0)
       {
         c = reader.read();
-        if (length == 0 && !isAlpha(c))
-        {
-          // This is an illegal character.
-          final LocalizableMessage message = ERR_ATTR_SYNTAX_DN_ATTR_ILLEGAL_CHAR
-              .get(reader.getString(), c, reader.pos() - 1);
-          throw new LocalizedIllegalArgumentException(message);
-        }
 
-        if (c == '=')
+        if (c == '=' || c == ' ')
         {
-          // End of the attribute.
+          // This signals the end of the OID.
           break;
         }
-        else if (c == ' ')
-        {
-          // Got a whitespace.It MUST be the end of the attribute
-          // Make sure that the next non-whitespace character is '='.
-          reader.skipWhitespaces();
-          // Read back the next char.
-          c = reader.read();
-          if (c == '=')
-          {
-            break;
-          }
-          else
-          {
-            // This is an illegal character.
-            final LocalizableMessage message = ERR_ATTR_SYNTAX_DN_ATTR_ILLEGAL_CHAR
-                .get(reader.getString(), c, reader.pos() - 1);
-            throw new LocalizedIllegalArgumentException(message);
-          }
-        }
         else if (!isAlpha(c) && !isDigit(c) && c != '-')
         {
           // This is an illegal character.
diff --git a/opendj3/opendj-sdk/src/test/java/org/opends/sdk/DNTestCase.java b/opendj3/opendj-sdk/src/test/java/org/opends/sdk/DNTestCase.java
index ad3cc22..7f78229 100644
--- a/opendj3/opendj-sdk/src/test/java/org/opends/sdk/DNTestCase.java
+++ b/opendj3/opendj-sdk/src/test/java/org/opends/sdk/DNTestCase.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2010 Sun Microsystems, Inc.
+ *      Portions copyright 2011 ForgeRock AS.
  */
 
 package org.opends.sdk;
@@ -667,7 +668,6 @@
    *           If the test failed unexpectedly.
    */
   @Test(dataProvider = "illegalDNs", expectedExceptions = {
-      StringIndexOutOfBoundsException.class,
       LocalizedIllegalArgumentException.class, NullPointerException.class })
   public void testIllegalStringDNs(final String dn) throws Exception
   {

--
Gitblit v1.10.0