[jira] Assigned: (DERBY-746) NullPointerException when 'encryptionKey' length is an odd number, or it contains invalid chars

Wed, 07 Dec 2005 07:13:19 -0800 

     [ http://issues.apache.org/jira/browse/DERBY-746?page=all ]

Kristian Waagan reassigned DERBY-746:
-------------------------------------

    Assign To: Kristian Waagan

> NullPointerException when 'encryptionKey' length is an odd number, or it 
> contains invalid chars
> -----------------------------------------------------------------------------------------------
>
>          Key: DERBY-746
>          URL: http://issues.apache.org/jira/browse/DERBY-746
>      Project: Derby
>         Type: Bug
>   Components: Security
>     Versions: 10.2.0.0, 10.1.1.2, 10.1.2.1, 10.1.3.0, 10.1.2.2
>  Environment: All environments.
>     Reporter: Kristian Waagan
>     Assignee: Kristian Waagan
>     Priority: Minor

>
> When booting/creating an encrypted database, a NullPointerException is thrown 
> if the length of the connection string attribute 'encryptionKey' is an odd 
> number, or the encryption key contains invalid characters for hexadecimal 
> numbers (char not in the set [0-9a-fA-F]).
> The reason for the exception being thrown, is that the method 
> 'iapi.util.StringUtil.fromHexString(String, int, int)' returns null for the 
> cases described above. The code calling the method in 
> 'JCECipherFactory.boot(boolean, Properties)' does not check that the return 
> value is not null.
> A related trivial issue is that 'fromHexString' does not allow the caller to 
> see the distinction between a string with invalid length and a string 
> containing invalid characters (both cases return null).
> [To reproduce]
> (connection string copied from test 'store/encryptionKey.sql' and then 
> modified)
> Supply the following connection string, for instance in ij:
> connect 
> 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656';
> (deleted the last digit in the encryption key)
> 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656X';
> (replaced last digit with an X)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to