[
https://issues.apache.org/jira/browse/DIRSERVER-1950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13884333#comment-13884333
]
lucas theisen commented on DIRSERVER-1950:
------------------------------------------
The don't _really_ do the same thing... The TLV version can have the values of
1 through 5, the BerValue version only 1 through 4. Also the TLV version
appears to ignore negative values where the BerValue version doesnt. They also
break the size calculations down at different spots. So the integer value
{{70000}} would be calculated as length 3 by BerValue.getNbBytes and length 4
by TLV.getNbBytes. So clearly there is a difference, but not sure which of the
2 is correct.
> Unsafe cast to int in getPwdTimeBeforeExpiry calculation of
> AuthenticationInterceptor
> -------------------------------------------------------------------------------------
>
> Key: DIRSERVER-1950
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1950
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.0-M15
> Reporter: lucas theisen
> Attachments: DIRSERVER-1950.patch
>
>
> int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
> Will cast to int before the division which causes overflow of int if the
> difference is too large. Even with division, it could still be too large so
> it is unsafe to use an int value for pwdAge. As it is only used for
> comparison, we can leave it as a long.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
