Thanks Jan,

Will incorporate the mods into the codebase. This will hopefully fix the
problem reported by Hermann.

Fred

----- Original Message -----
From: "Jan Hustak" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: 06 September 2003 14:46
Subject: [Hsqldb-developers] improved handling of null username/password


Greetings,

while trying to use alpha-N as a data source for OpenOffice, I
discovered that org.hsqldb.Database.connect() throws a
NullPointerException if invoked with a null password. Upon closer
inspection, I found the method tries to use the submitted strings
without making sure they're non-null. Further digging revealed that null
username and password are handled in org.hsqldb.UserManager.getUser() -
but also after one of them is used!

The attached patch fixes both methods. As a part of the fix, I moved the
upper-case conversion from connect() to getUser().

Hope this saves someone some work.

jh



----------------------------------------------------------------------------
----


--- src/org/hsqldb/Database.java.orig 2003-09-02 16:04:58.000000000 +0200
+++ src/org/hsqldb/Database.java 2003-09-06 15:28:50.000000000 +0200
@@ -342,9 +342,8 @@
      */
     synchronized Session connect(String username,
                                  String password) throws HsqlException {
-
-        User user = userManager.getUser(username.toUpperCase(),
-                                        password.toUpperCase());
+
+        User user = userManager.getUser(username, password);
         Session session = sessionManager.newSession(this, user,
             databaseReadOnly);

--- src/org/hsqldb/UserManager.java.orig 2003-09-01 20:50:37.000000000 +0200
+++ src/org/hsqldb/UserManager.java 2003-09-06 15:29:55.000000000 +0200
@@ -319,8 +319,6 @@
      */
     User getUser(String name, String password) throws HsqlException {

-        Trace.check(!name.equals("PUBLIC"), Trace.ACCESS_IS_DENIED);
-
         if (name == null) {
             name = "";
         }
@@ -329,6 +327,11 @@
             password = "";
         }

+        name = name.toUpperCase ();
+        password = password.toUpperCase ();
+
+        Trace.check(!name.equals("PUBLIC"), Trace.ACCESS_IS_DENIED);
+
         User u = get(name);

         Trace.check(u != null, Trace.USER_NOT_FOUND);



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
hsqldb-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/hsqldb-developers

Reply via email to