directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "lucas theisen (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-1950) Unsafe cast to int in getPwdTimeBeforeExpiry calculation of AuthenticationInterceptor
Date Tue, 28 Jan 2014 16:39:40 GMT


lucas theisen commented on DIRSERVER-1950:

I'm not sure this would work, and not sure it wouldn't.  However, the 2 code snippets do not
do the same thing.  They could come up with very different lengths as the second example uses
BerValue.getNbBytes to calculate the length of the TLV value while the first uses TLV.getNbBytes
for its length value.  I'm not sure why the 2 would encode the length differently as an int
is 4 bytes by definition but the TLV encoding seems to allow for 5.  I assume this may have
something to do with signed vs unsigned but still a little stumped.  All in all, i would think
the approach used in example 1 might be more correct because it uses TLV calculations for
the TLV part and BerValue calculations for the Ber part.  Does that make sense?  (it also
should be a little faster as the length part is cached from the previous compute length call).
 What do you think?  Am I missing something?

> Unsafe cast to int in getPwdTimeBeforeExpiry calculation of AuthenticationInterceptor
> -------------------------------------------------------------------------------------
>                 Key: DIRSERVER-1950
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M15
>            Reporter: lucas theisen
>         Attachments: DIRSERVER-1950.patch
>         int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
> Will cast to int before the division which causes overflow of int if the difference is
too large.  Even with division, it could still be too large so it is unsafe to use an int
value for pwdAge.  As it is only used for comparison, we can leave it as a long.

This message was sent by Atlassian JIRA

View raw message