[jira] [Comment Edited] (SHIRO-766) ArrayIndexOutOfBoundsException in Base64#decode

Tue, 05 May 2020 07:24:36 -0700 


    [ 
https://issues.apache.org/jira/browse/SHIRO-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17099945#comment-17099945
 ] 

Brian Demers edited comment on SHIRO-766 at 5/5/20, 2:23 PM:
-------------------------------------------------------------

Hi [~eiden]!

Are the requests failing for you? Or is it log spam? (I'm assuming the former)

I'd also like to understand what caused this.  Do you have two different shiro 
applications configured on the same domain (and sharing cookies)?

 

If so can you provide examples of the two cookies (anonymized)?

 

 


was (Author: bdemers):
Hi [~eiden]!

Are the requests failing for you? Or is it log spam in your case (I'm assuming 
the former)

I'd also like to understand what caused this.  Do you have two different shiro 
applications configured on the same domain (and sharing cookies)?

 

If so can you provide examples of the two cookies (anonymized)?

 

 

> ArrayIndexOutOfBoundsException in Base64#decode
> -----------------------------------------------
>
>                 Key: SHIRO-766
>                 URL: https://issues.apache.org/jira/browse/SHIRO-766
>             Project: Shiro
>          Issue Type: Bug
>          Components: RememberMe
>            Reporter: Christoffer Eide
>            Priority: Minor
>             Fix For: 1.5.4
>
>
> While investigating a bug in our application, I stumbled upon this mail 
> thread:
> https://www.mail-archive.com/[email protected]/msg05654.html
> We have encountered the same issue.
> In 
> {{org.apache.shiro.web.mgt.CookieRememberMeManager#getRememberedSerializedIdentity}}:
> {code}
> String base64 = getCookie().readValue(request, response);
> base64 = ensurePadding(base64);
> byte[] decoded = Base64.decode(base64);
> {code}
> If the cookie value contains characters that are not valid base64, the call 
> to {{Base64.decode}}, fails with:
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: Index 30 out of bounds for length 30
>       at org.apache.shiro.codec.Base64.decode(Base64.java:470)
>       at org.apache.shiro.codec.Base64.decode(Base64.java:414)
> {noformat}
> It can be reproduced like this:
> {code}
> Base64.decode(ensurePadding("383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm"))
> {code}
> If the same value is passed to guavas base64 encoder, it fails with:
> {noformat}
> com.google.common.io.BaseEncoding$DecodingException: Unrecognized character: -
> {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to