directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [13/27] directory-kerby git commit: Avoid array out of bounds exception if the client forgets to configure pkinit trust anchors
Date Thu, 07 Jul 2016 06:41:58 GMT
Avoid array out of bounds exception if the client forgets to configure pkinit trust anchors


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/36ed64d8
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/36ed64d8
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/36ed64d8

Branch: refs/heads/kpasswd
Commit: 36ed64d8f02753adb37c22c0bd16231674c2e607
Parents: 2d31702
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Jul 5 12:31:29 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Jul 5 12:31:29 2016 +0100

----------------------------------------------------------------------
 .../kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java | 4 ++++
 1 file changed, 4 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/36ed64d8/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index 3620f23..9a15c4e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -350,6 +350,10 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
             PkinitCrypto.verifyCmsSignedData(
                     CmsMessageType.CMS_SIGN_SERVER, signedData);
 
+            if (kdcRequest.getContext().getConfig().getPkinitAnchors().isEmpty()) {
+                LOG.error("No PKINIT anchors specified");
+                throw new KrbException("No PKINIT anchors specified");
+            }
             String anchorFileName = kdcRequest.getContext().getConfig().getPkinitAnchors().get(0);
 
             X509Certificate x509Certificate = null;


Mime
View raw message