[jira] [Commented] (DIRSERVER-1950) Unsafe cast to int in getPwdTimeBeforeExpiry calculation of AuthenticationInterceptor

Tue, 28 Jan 2014 23:19:22 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-1950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13885095#comment-13885095
 ] 

Emmanuel Lecharny commented on DIRSERVER-1950:
----------------------------------------------

BER encoding an integer will result in a TLV where :
o T is either 0X02, or a user defined tag (one single byte)
o L is the length of the value as a number of bytes. As an integer will be 
encoded in a specific way, we have to first encode the integer, then get the 
number of bytes (which will be from 1 to 4 bytes). In any case, the L part 
might be longer than 1 bytes, but here, this won't be the case. There is a 
method that computes the L length, this is TLV.getBytes( valueLength), which 
will always return 1 in this case, as valueLength will always be in[1..4]
o V is the encoded value, as a byte[]. Encode an integer into a byte[] is done 
with the BerValue.getBytes( value ) (note that the method name collides with 
the TLV.getBytes() method, but they do two different things).

The proposed modification I made was to use the dedicated BerValue.encode( 
buffer, tag, value ) method, which computes the T, L and V values when the tag 
is specific. For a normal integer, which tag is 0x02, the method to use would 
be BerValue.encode(buffer, value ). If you look closely at those two methods, 
they do the same thing, except that the tag will be specified in one case.

A side note : the BerValue.encode( buffer, tag, value )  is never used 
anywhere, but it should...

> Unsafe cast to int in getPwdTimeBeforeExpiry calculation of 
> AuthenticationInterceptor
> -------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1950
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1950
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M15
>            Reporter: lucas theisen
>         Attachments: DIRSERVER-1950.patch
>
>
>         int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
> Will cast to int before the division which causes overflow of int if the 
> difference is too large.  Even with division, it could still be too large so 
> it is unsafe to use an int value for pwdAge.  As it is only used for 
> comparison, we can leave it as a long.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to