json parsing exception handling, see Coverity issues 72297, 72296, 72295

2026-04-19 09:06:54 -04:00 · 2016-03-04 01:20:38 +01:00
parent edf92adfec
commit d5b4fb4fe9
2 changed files with 9 additions and 0 deletions
--- a/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/CryptorImpl.java
+++ b/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/CryptorImpl.java
@@ -35,6 +35,7 @@ import org.cryptomator.crypto.engine.UnsupportedVaultFormatException;

 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.exc.InvalidFormatException;

 class CryptorImpl implements Cryptor {

@@ -99,9 +100,13 @@ class CryptorImpl implements Cryptor {
 		try {
 			final ObjectMapper om = new ObjectMapper();
 			keyFile = om.readValue(masterkeyFileContents, KeyFile.class);
+			if (keyFile == null) {
+				throw new InvalidFormatException("Could not read masterkey file", keyFile, KeyFile.class);
+			}
 		} catch (IOException e) {
 			throw new IllegalArgumentException("Unable to parse masterkeyFileContents", e);
 		}
+		assert keyFile != null;

 		// check version
 		if (keyFile.getVersion() != CURRENT_VAULT_VERSION || ArrayUtils.isEmpty(keyFile.getVersionMac())) {
--- a/main/ui/src/main/java/org/cryptomator/ui/model/VaultObjectMapperProvider.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/model/VaultObjectMapperProvider.java
@@ -27,6 +27,7 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.JsonSerializer;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.exc.InvalidFormatException;
 import com.fasterxml.jackson.databind.module.SimpleModule;

@Singleton
@@ -70,6 +71,9 @@ public class VaultObjectMapperProvider implements Provider<ObjectMapper> {
 		@Override
 		public Vault deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
 			final JsonNode node = jp.readValueAsTree();
+			if (node == null || !node.has("path")) {
+				throw new InvalidFormatException("Node is null or doesn't contain a path.", node, Vault.class);
+			}
 			final String pathStr = node.get("path").asText();
 			final Path path = FileSystems.getDefault().getPath(pathStr);
 			final Vault vault = vaultFactoy.createVault(path);