Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Minor
Fix Version/s: RHDG 8.5.1 GA
Affects Version/s: RHDG 8.4.6 GA
Component/s: None
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

RHDG 8.5.1 GA
Git Pull Request:
https://github.com/infinispan/infinispan/pull/12704
Intelligence Requested:
Market:

Severity:
Moderate

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

If users.properties is in encrypted form, but there's an invalid entry it causes a StringIndexOutOfBoundsException instead of more clear error message.

Correct format (if it had a correct hash):

user=scram-sha-1\:aaaaaaaaaa;

Bad format:

user=aaaaaaaaa

The issue is in org.infinispan.server.security.realm.EncryptedPropertiesSecurityRealm#load.

    int colon = password.indexOf(':');
    PasswordFactory factory = getPasswordFactory(password.substring(0, colon));

It looks for a colon, but does not verify it actualy found one before calling substring with an invalid index.
It should check If colon == -1 and return a more descriptive error message.

is cloned by

ISPN-16309 [GSS](8.4.z) StringIndexOutOfBoundsException if users.properties is malformed

Resolved

Assignee:: Tristan Tarrant

Reporter:: Dennis Reed

Tester:: Pavel Drobek

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/01/04 8:43 PM

Updated:: 2024/08/26 2:34 PM

Resolved:: 2024/08/06 9:41 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates