authSequence = ASN1Util.as(ASN1Sequence.class, stream);
            }
        } catch (IOException e) {
            throw new PACDecodingException("Malformed kerberos ticket", e);
        }

        this.authorizations = new ArrayList<>();
        Enumeration<?> authElements = authSequence.getObjects();
        while (authElements.hasMoreElements()) {

        // Test that PACDecodingException is thrown for a malformed token
        byte[] malformedToken = new byte[] { 0x01, 0x02, 0x03 };
        PACDecodingException e = assertThrows(PACDecodingException.class, () -> new KerberosTicket(malformedToken, (byte) 0, keys));
        assertTrue(e.getMessage().startsWith("Malformed kerberos ticket"));
    }

    @Test

   * An HTTP/2 response cannot contain uppercase header characters and must be treated as
   * malformed.
   */
  @Throws(IOException::class)
  fun checkLowercase(name: ByteString): ByteString {
    for (i in 0 until name.size) {
      if (name[i] in 'A'.code.toByte()..'Z'.code.toByte()) {
        throw IOException("PROTOCOL_ERROR response malformed: mixed case name: ${name.utf8()}")
      }
    }
    return name
  }

  for (i in namesAndValues.indices) {
    require(namesAndValues[i] != null) { "Headers cannot be null" }
    namesAndValues[i] = inputNamesAndValues[i].trim()
  }

  // Check for malformed headers.
  for (i in namesAndValues.indices step 2) {
    val name = namesAndValues[i]
    val value = namesAndValues[i + 1]
    headersCheckName(name)
    headersCheckValue(value, name)
  }

// lineTooLong is generated as chunk header is bigger than 4KiB.
var errLineTooLong = errors.New("header line too long")

// malformed encoding is generated when chunk header is wrongly formed.
var errMalformedEncoding = errors.New("malformed chunked encoding")

// chunk is considered too big if its bigger than > 16MiB.
var errChunkTooBig = errors.New("chunk too big: choose chunk size <= 16MiB")

import jcifs.internal.SMBProtocolDecodingException;
import jcifs.internal.smb2.Smb2Constants;
import jcifs.internal.util.SMBUtil;

/**
 * Security-focused test cases for Smb2NegotiateResponse input validation.
 * Tests various malformed input scenarios to ensure proper validation and
 * protection against buffer overflow, integer overflow, and other attacks.
 */
public class Smb2NegotiateResponseInputValidationTest {

    private Configuration mockConfig;

    responseCode != HTTP_NOT_MODIFIED
  ) {
    return true
  }

  // If the Content-Length or Transfer-Encoding headers disagree with the response code, the
  // response is malformed. For best compatibility, we honor the headers.
  if (headersContentLength() != -1L ||
    "chunked".equals(header("Transfer-Encoding"), ignoreCase = true)
  ) {
    return true
  }

  return false
}

     *
     */
    public CIFSContextWrapper(final CIFSContext delegate) {
        this.delegate = delegate;
    }

    /**
     * {@inheritDoc}
     *
     * @throws CIFSException if the URL is malformed or there is an error creating the SMB resource
     *
     * @see jcifs.CIFSContext#get(java.lang.String)
     */
    @Override
    public SmbResource get(final String url) throws CIFSException {
        try {

    private int userFlags;

    /**
     * Constructs a PAC logon information object from raw PAC data.
     * @param data the raw PAC logon info buffer data
     * @throws PACDecodingException if the data is malformed or invalid
     */
    public PacLogonInfo(final byte[] data) throws PACDecodingException {
        try {

     * @param unshared whether to use an exclusive connection
     * @throws DcerpcException if DCERPC initialization fails
     * @throws MalformedURLException if the URL is malformed
     */
    public DcerpcPipeHandle(final String url, final CIFSContext tc, final boolean unshared) throws DcerpcException, MalformedURLException {
        super(tc, DcerpcHandle.parseBinding(url));