Bugs item #551419, was opened at 2002-05-02 07:12
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=376685&aid=551419&group_id=22866
Category: JBossSX
Group: v3.0 Rabbit Hole
Status: Open
Resolution: None
Priority: 5
Submitted By: Richard Robinson (robinsonra)
Assigned to: Nobody/Anonymous (nobody)
Summary: bug in Util.calculatePasswordHash
Initial Comment:
I have a strange hobby of browsing through source code and
started looking at JBoss' security source code the other day. In
doing so, I think I've spotted a bug. This is from the snapshot for Apr
17th in
jboss-
all/security/src/main/org/jboss/security/Util.java
starting
at line 151:
for(int n = 0, p = 0; p < password.length; p ++)
{
char c = password[p];
passBytes[n ++] = (byte) (c &
0x00FF00);
passBytes[n ++] = (byte) (c &
0x0000FF);
}
as it stands now, the high order byte of each
Unicode character in the password is always considered zero when
it's hashed, which is probably a problem.
To fix it line 154
should be:
passBytes[n ++] = (byte) ((c & 0x00FF00) >>
8);
At the moment I haven't yet installed JBoss on my system,
can't build it and don't have CVS capability. It sure does look like a
bug though.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=376685&aid=551419&group_id=22866
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
