directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1950) Unsafe cast to int in getPwdTimeBeforeExpiry calculation of AuthenticationInterceptor
Date Tue, 28 Jan 2014 07:51:42 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13883871#comment-13883871
] 

Emmanuel Lecharny commented on DIRSERVER-1950:
----------------------------------------------

Good job fixing this issue !!!

FTR, I have checked the commit, and there is a slight modification which can be done in the
encoder part. The following lines :

{code}
                if ( getResponse().getTimeBeforeExpiration() >= 0 )
                {
                    buffer.put( ( byte ) PasswordPolicyTags.TIME_BEFORE_EXPIRATION_TAG.getValue()
);
                    buffer.put( TLV.getBytes( timeBeforeExpirationTagLength ) );
                    buffer.put( BerValue.getBytes( getResponse().getTimeBeforeExpiration()
) );
                }
                else if ( getResponse().getGraceAuthNRemaining() >= 0 )
                {
                    buffer.put( ( byte ) PasswordPolicyTags.GRACE_AUTHNS_REMAINING_TAG.getValue()
);
                    buffer.put( TLV.getBytes( graceAuthNsRemainingTagLength ) );
                    buffer.put( BerValue.getBytes( getResponse().getGraceAuthNRemaining()
) );
                }
            }

            if ( getResponse().getPasswordPolicyError() != null )
            {
                buffer.put( ( byte ) PasswordPolicyTags.PPOLICY_ERROR_TAG.getValue() );
                buffer.put( ( byte ) 0x01 );
                buffer.put( BerValue.getBytes( getResponse().getPasswordPolicyError().getValue()
) );
            }
{code}

can be replaced by :


{code}
                if ( getResponse().getTimeBeforeExpiration() >= 0 )
                {
                    BerValue.encode(
                        buffer,
                        ( byte ) PasswordPolicyTags.TIME_BEFORE_EXPIRATION_TAG.getValue(),
                        getResponse().getTimeBeforeExpiration() );
                }
                else if ( getResponse().getGraceAuthNRemaining() >= 0 )
                {
                    BerValue.encode(
                        buffer,
                        ( byte ) PasswordPolicyTags.GRACE_AUTHNS_REMAINING_TAG.getValue(),
                        getResponse().getGraceAuthNRemaining() );
                }
            }

            if ( getResponse().getPasswordPolicyError() != null )
            {
                BerValue.encode(
                    buffer,
                    ( byte ) PasswordPolicyTags.PPOLICY_ERROR_TAG.getValue(),
                    getResponse().getPasswordPolicyError().getValue() );
            }
{code}





> Unsafe cast to int in getPwdTimeBeforeExpiry calculation of AuthenticationInterceptor
> -------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1950
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1950
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M15
>            Reporter: lucas theisen
>         Attachments: DIRSERVER-1950.patch
>
>
>         int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
> Will cast to int before the division which causes overflow of int if the difference is
too large.  Even with division, it could still be too large so it is unsafe to use an int
value for pwdAge.  As it is only used for comparison, we can leave it as a long.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message