https://issues.apache.org/bugzilla/show_bug.cgi?id=53050
Bug #: 53050
Summary: org.apache.catalina.session.ManagerBase has issues
with update the seed (initialized to
System.currentTimeMillis()), since only the 32 least
significant bits are changed by the XOR.
Product: Tomcat 6
Version: 6.0.24
Platform: PC
OS/Version: Windows Vista
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Line 563: long seed = System.currentTimeMillis();
...
Line 567: long update = ((byte) entropy[i]) << ((i % 8) * 8);
Line 568: seed ^= update;
The byte-cast in Line 567 should be replaced by a long-cast.
With the byte-cast of entropy[i] the long update becomes a 32-bit int, so the
32 most significant bits of the seed will not be updated by the XOR in Line
568.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
