tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Tomcat 6 org.apache.catalina.session.ManagerBase issue
Date Mon, 09 Apr 2012 17:23:50 GMT
> From: Christopher Schultz [mailto:chris@christopherschultz.net] 
> Subject: Re: Tomcat 6 org.apache.catalina.session.ManagerBase issue

> Line 567: long update = ((byte) entropy[i]) << ((i % 8) * 8);

> 2. 'i' is reduced by the modulus operator to 0..7

And then multiplied by 8.

> 3. Thus, the value of entropy[i] is never left-shifted more than 7 bits

No, it's left shifted between 0 and 56 bits (maintaining byte alignment).  Information is
lost.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Mime
View raw message