[jira] [Commented] (DIRSERVER-1950) Unsafe cast to int in getPwdTimeBeforeExpiry calculation of AuthenticationInterceptor

Mon, 27 Jan 2014 23:52:57 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-1950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13883871#comment-13883871
 ] 

Emmanuel Lecharny commented on DIRSERVER-1950:
----------------------------------------------

Good job fixing this issue !!!

FTR, I have checked the commit, and there is a slight modification which can be 
done in the encoder part. The following lines :

{code}
                if ( getResponse().getTimeBeforeExpiration() >= 0 )
                {
                    buffer.put( ( byte ) 
PasswordPolicyTags.TIME_BEFORE_EXPIRATION_TAG.getValue() );
                    buffer.put( TLV.getBytes( timeBeforeExpirationTagLength ) );
                    buffer.put( BerValue.getBytes( 
getResponse().getTimeBeforeExpiration() ) );
                }
                else if ( getResponse().getGraceAuthNRemaining() >= 0 )
                {
                    buffer.put( ( byte ) 
PasswordPolicyTags.GRACE_AUTHNS_REMAINING_TAG.getValue() );
                    buffer.put( TLV.getBytes( graceAuthNsRemainingTagLength ) );
                    buffer.put( BerValue.getBytes( 
getResponse().getGraceAuthNRemaining() ) );
                }
            }

            if ( getResponse().getPasswordPolicyError() != null )
            {
                buffer.put( ( byte ) 
PasswordPolicyTags.PPOLICY_ERROR_TAG.getValue() );
                buffer.put( ( byte ) 0x01 );
                buffer.put( BerValue.getBytes( 
getResponse().getPasswordPolicyError().getValue() ) );
            }
{code}

can be replaced by :


{code}
                if ( getResponse().getTimeBeforeExpiration() >= 0 )
                {
                    BerValue.encode(
                        buffer,
                        ( byte ) 
PasswordPolicyTags.TIME_BEFORE_EXPIRATION_TAG.getValue(),
                        getResponse().getTimeBeforeExpiration() );
                }
                else if ( getResponse().getGraceAuthNRemaining() >= 0 )
                {
                    BerValue.encode(
                        buffer,
                        ( byte ) 
PasswordPolicyTags.GRACE_AUTHNS_REMAINING_TAG.getValue(),
                        getResponse().getGraceAuthNRemaining() );
                }
            }

            if ( getResponse().getPasswordPolicyError() != null )
            {
                BerValue.encode(
                    buffer,
                    ( byte ) PasswordPolicyTags.PPOLICY_ERROR_TAG.getValue(),
                    getResponse().getPasswordPolicyError().getValue() );
            }
{code}





> Unsafe cast to int in getPwdTimeBeforeExpiry calculation of 
> AuthenticationInterceptor
> -------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1950
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1950
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M15
>            Reporter: lucas theisen
>         Attachments: DIRSERVER-1950.patch
>
>
>         int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
> Will cast to int before the division which causes overflow of int if the 
> difference is too large.  Even with division, it could still be too large so 
> it is unsafe to use an int value for pwdAge.  As it is only used for 
> comparison, we can leave it as a long.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to