Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 16404 invoked from network); 28 Apr 2006 18:09:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 28 Apr 2006 18:09:05 -0000 Received: (qmail 78295 invoked by uid 500); 28 Apr 2006 18:09:04 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 78261 invoked by uid 500); 28 Apr 2006 18:09:04 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 78246 invoked by uid 99); 28 Apr 2006 18:09:04 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Apr 2006 11:09:04 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Apr 2006 11:09:03 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 9F7BE7142E6 for ; Fri, 28 Apr 2006 18:08:38 +0000 (GMT) Message-ID: <2349224.1146247718649.JavaMail.jira@brutus> Date: Fri, 28 Apr 2006 18:08:38 +0000 (GMT+00:00) From: "Andrew McIntyre (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Resolved: (DERBY-746) NullPointerException when 'encryptionKey' length is an odd number, or it contains invalid chars In-Reply-To: <1869313150.1133963710560.JavaMail.jira@ajax.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/DERBY-746?page=all ] Andrew McIntyre resolved DERBY-746: ----------------------------------- Resolution: Fixed Committed to 10.1 with revision 397972. > NullPointerException when 'encryptionKey' length is an odd number, or it contains invalid chars > ----------------------------------------------------------------------------------------------- > > Key: DERBY-746 > URL: http://issues.apache.org/jira/browse/DERBY-746 > Project: Derby > Type: Bug > Components: Security > Versions: 10.1.1.2, 10.1.2.1, 10.2.0.0, 10.1.3.0, 10.1.2.2 > Environment: All environments. > Reporter: Kristian Waagan > Assignee: Kristian Waagan > Priority: Minor > Fix For: 10.2.0.0, 10.1.3.0, 10.1.2.4 > Attachments: derby-746.diff, derby-746.stat, derby-746a.diff, derby-746a.stat > > When booting/creating an encrypted database, a NullPointerException is thrown if the length of the connection string attribute 'encryptionKey' is an odd number, or the encryption key contains invalid characters for hexadecimal numbers (char not in the set [0-9a-fA-F]). > The reason for the exception being thrown, is that the method 'iapi.util.StringUtil.fromHexString(String, int, int)' returns null for the cases described above. The code calling the method in 'JCECipherFactory.boot(boolean, Properties)' does not check that the return value is not null. > A related trivial issue is that 'fromHexString' does not allow the caller to see the distinction between a string with invalid length and a string containing invalid characters (both cases return null). > [To reproduce] > (connection string copied from test 'store/encryptionKey.sql' and then modified) > Supply the following connection string, for instance in ij: > connect 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656'; > (deleted the last digit in the encryption key) > 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656X'; > (replaced last digit with an X) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira