[jira] Closed: (DERBY-746) NullPointerException when 'encryptionKey' length is an odd number, or it contains invalid chars

Fri, 15 Sep 2006 06:11:37 -0700 

     [ http://issues.apache.org/jira/browse/DERBY-746?page=all ]

Rick Hillegas closed DERBY-746.
-------------------------------

    Resolution: Fixed

> NullPointerException when 'encryptionKey' length is an odd number, or it 
> contains invalid chars
> -----------------------------------------------------------------------------------------------
>
>                 Key: DERBY-746
>                 URL: http://issues.apache.org/jira/browse/DERBY-746
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.1.1.2, 10.1.2.1, 10.2.1.0, 10.1.3.0, 10.1.2.2
>         Environment: All environments.
>            Reporter: Kristian Waagan
>         Assigned To: Kristian Waagan
>            Priority: Minor
>             Fix For: 10.2.1.0, 10.1.3.0, 10.1.2.4
>
>         Attachments: derby-746.diff, derby-746.stat, derby-746a.diff, 
> derby-746a.stat
>
>
> When booting/creating an encrypted database, a NullPointerException is thrown 
> if the length of the connection string attribute 'encryptionKey' is an odd 
> number, or the encryption key contains invalid characters for hexadecimal 
> numbers (char not in the set [0-9a-fA-F]).
> The reason for the exception being thrown, is that the method 
> 'iapi.util.StringUtil.fromHexString(String, int, int)' returns null for the 
> cases described above. The code calling the method in 
> 'JCECipherFactory.boot(boolean, Properties)' does not check that the return 
> value is not null.
> A related trivial issue is that 'fromHexString' does not allow the caller to 
> see the distinction between a string with invalid length and a string 
> containing invalid characters (both cases return null).
> [To reproduce]
> (connection string copied from test 'store/encryptionKey.sql' and then 
> modified)
> Supply the following connection string, for instance in ij:
> connect 
> 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656';
> (deleted the last digit in the encryption key)
> 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656X';
> (replaced last digit with an X)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to