From 53dd398ded4fb9a29695483fd56f66b40ac02450 Mon Sep 17 00:00:00 2001
From: Appu Goundan <appu@google.com>
Date: Thu, 3 Aug 2023 14:26:40 -0400
Subject: [PATCH] Fix some issues found by fuzzer

- Catch parsing exceptions when handling rekor response
- Check bundle before reading first tlog entry

Signed-off-by: Appu Goundan <appu@google.com>
---
 .../dev/sigstore/bundle/BundleFactoryInternal.java     |  3 +++
 .../dev/sigstore/rekor/client/RekorParseException.java |  4 ++++
 .../java/dev/sigstore/rekor/client/RekorResponse.java  | 10 ++++++++--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java
index 2df52b54..c0ea8df3 100644
--- a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java
+++ b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java
@@ -158,6 +158,9 @@ static KeylessSignature readBundle(Reader jsonReader) throws BundleParseExceptio
     }
     Bundle bundle = bundleBuilder.build();
 
+    if (bundle.getVerificationMaterial().getTlogEntriesCount() == 0) {
+      throw new BundleParseException("Could not find any tlog entries in bundle json");
+    }
     var bundleEntry = bundle.getVerificationMaterial().getTlogEntries(0);
     var bundleInclusionProof = bundleEntry.getInclusionProof();
 
diff --git a/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorParseException.java b/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorParseException.java
index 7a65b85d..d4b42643 100644
--- a/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorParseException.java
+++ b/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorParseException.java
@@ -19,4 +19,8 @@ public class RekorParseException extends Exception {
   public RekorParseException(String message) {
     super(message);
   }
+
+  public RekorParseException(String message, Throwable cause) {
+    super(message, cause);
+  }
 }
diff --git a/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorResponse.java b/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorResponse.java
index ede4695d..709eb4f9 100644
--- a/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorResponse.java
+++ b/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorResponse.java
@@ -18,6 +18,7 @@
 import static dev.sigstore.json.GsonSupplier.GSON;
 
 import com.google.common.reflect.TypeToken;
+import com.google.gson.JsonSyntaxException;
 import java.net.URI;
 import java.util.Map;
 import org.immutables.value.Value;
@@ -53,10 +54,15 @@ public interface RekorResponse {
    * @return an immutable {@link RekorResponse} instance
    * @throws RekorParseException if the rawResponse doesn't parse directly to a single rekor entry
    */
-  static RekorResponse newRekorResponse(URI entryLocation, String rawResponse)
+  public static RekorResponse newRekorResponse(URI entryLocation, String rawResponse)
       throws RekorParseException {
     var type = new TypeToken<Map<String, RekorEntry>>() {}.getType();
-    Map<String, RekorEntry> entryMap = GSON.get().fromJson(rawResponse, type);
+    Map<String, RekorEntry> entryMap;
+    try {
+      entryMap = GSON.get().fromJson(rawResponse, type);
+    } catch (JsonSyntaxException | NullPointerException | StringIndexOutOfBoundsException ex) {
+      throw new RekorParseException("Rekor entry json could not be parsed: " + rawResponse, ex);
+    }
     if (entryMap == null) {
       throw new RekorParseException("Expecting a single rekor entry in response but found none");
     }