[jira] [Commented] (DIRSERVER-1950) Unsafe cast to int in getPwdTimeBeforeExpiry calculation of AuthenticationInterceptor

[lucas theisen (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-1950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13885470#comment-13885470
 ] 

lucas theisen commented on DIRSERVER-1950:
------------------------------------------

I saw that...  It took a while to understand, but i follow now.  My problem 
with using the {{BerValue.encode( buffer, tag, value )}} is twofold:

# The value of the length of the V (from TLV) is cached by the 
{{PasswordPolicyDecorator.computeLength()}} method so there is no need to 
recalculate it as is done in {{BerValue.encode( buffer, tag, value )}}.
# The {{PasswordPolicyDecorator.encode( buffer )}} method cannot use 
{{BerValue.encode( * )}} methods for all of its parts, so should it use it for 
any of them?  For example, the {{SEQUENCE}} itself cannot be encoded using 
{{BerValue.encode( * )}} because its {{T}} and {{L}} portions must be written 
before its composite {{V}} portion can be processed, but the {{V}} would have 
to have been encoded beforehand to use {{BerValue.encode( * )}}.  This 
chicken/egg issue would cause inconsistency in approach and may lead to 
confusion (as it did for me).  

The first item can be avoided by using the value {{(byte) 1}} in place of the 
calculation as {{L}} will always be {{1}} when dealing with int/long values.  
However, per the second point, I think it is probably better to follow a 
consistent approach in encoding the entire password policy control.  I do not 
feel strongly about this, so if you would prefer, I can modify to use the 
{{BerValue.encode( buffer, tag, value )}} approach where possible.

> Unsafe cast to int in getPwdTimeBeforeExpiry calculation of 
> AuthenticationInterceptor
> -------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1950
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1950
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M15
>            Reporter: lucas theisen
>         Attachments: DIRSERVER-1950.patch
>
>
>         int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
> Will cast to int before the division which causes overflow of int if the 
> difference is too large.  Even with division, it could still be too large so 
> it is unsafe to use an int value for pwdAge.  As it is only used for 
> comparison, we can leave it as a long.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)