[jira] [Commented] (DIRSERVER-1950) Unsafe cast to int in getPwdTimeBeforeExpiry calculation of AuthenticationInterceptor

Tue, 28 Jan 2014 15:49:40 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-1950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13884923#comment-13884923
 ] 

lucas theisen commented on DIRSERVER-1950:
------------------------------------------

Hi Emmanuel,

Ok, so I did not read enough.  Turns out the calculation for the length of a 
value is totally different from the calculation for the length of the length of 
a value.  So, we do need to use:

{code:java}
    int valueLength = BerValue.getNbBytes( intValue );
{code}

to get the number of bytes necessary encode the value portion of the TLV.  Then 
we need to use:

{code:java}
    int lengthLength = TLV.getNbBytes( valueLength );
{code}

to get the number of bytes necessary to encode the length portion of the TLV.

So, I modified the code back so as to use the proper calculation for the proper 
value.  I also updated the doc with a link to a wiki page on the length 
calculation and renamed the cached value lengths to be more clear as to what 
they are storing.

Given this new understanding, the length of the length portion will always be 
{{(byte)1}} for numeric value portions.  We could short circuit that by not 
never calling {{TLV.getNbBytes( valueLength )}} (which is what the 
{{BerValue.encode( buffer, int/long )}} methods do by just casting the value 
length to a byte).

Anyway, my brain is turning to mush.  If someone could verify this and give an 
opinion on whether or not we should actually call {{TLV.getNbBytes()}} when it 
is basically unnecessary...

Checked in as Revision 1562313

> Unsafe cast to int in getPwdTimeBeforeExpiry calculation of 
> AuthenticationInterceptor
> -------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1950
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1950
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M15
>            Reporter: lucas theisen
>         Attachments: DIRSERVER-1950.patch
>
>
>         int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
> Will cast to int before the division which causes overflow of int if the 
> difference is too large.  Even with division, it could still be too large so 
> it is unsafe to use an int value for pwdAge.  As it is only used for 
> comparison, we can leave it as a long.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to