Bugs item #551419, was opened at 2002-05-02 07:12
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=376685&aid=551419&group_id=22866
Category: JBossSX
Group: v3.0 Rabbit Hole
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Richard Robinson (robinsonra)
>Assigned to: Scott M Stark (starksm)
Summary: bug in Util.calculatePasswordHash
Initial Comment:
I have a strange hobby of browsing through source code and
started looking at JBoss' security source code the other day. In
doing so, I think I've spotted a bug. This is from the snapshot for Apr
17th in
jboss-
all/security/src/main/org/jboss/security/Util.java
starting
at line 151:
for(int n = 0, p = 0; p < password.length; p ++)
{
char c = password[p];
passBytes[n ++] = (byte) (c &
0x00FF00);
passBytes[n ++] = (byte) (c &
0x0000FF);
}
as it stands now, the high order byte of each
Unicode character in the password is always considered zero when
it's hashed, which is probably a problem.
To fix it line 154
should be:
passBytes[n ++] = (byte) ((c & 0x00FF00) >>
8);
At the moment I haven't yet installed JBoss on my system,
can't build it and don't have CVS capability. It sure does look like a
bug though.
----------------------------------------------------------------------
>Comment By: Scott M Stark (starksm)
Date: 2002-05-20 11:00
Message:
Logged In: YES
user_id=175228
Fixed since RC2.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=376685&aid=551419&group_id=22866
_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that's a super model! Visit http://clustering.foundries.sf.net/
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
