subject:"RE\: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 \?"

Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

2019-10-08 Thread Konstantin Kolinko

ср, 9 окт. 2019 г. в 00:06, :
>
> How do we get access to the dev list for information around release 
> candidates, etc.?

In the same way as for the current (users) mailing list that you are writing to:
either subscribe or read past messages in an archive.
http://tomcat.apache.org/lists.html

And do not forget to follow the rules. They are the same as for the users list:
http://tomcat.apache.org/lists.html#tomcat-users
6. Top-posting is bad.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

2019-10-08 Thread jonmcalexander

How do we get access to the dev list for information around release candidates, 
etc.?


Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President

Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com


This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.


-Original Message-
From: Konstantin Kolinko  
Sent: Tuesday, October 8, 2019 5:26 AM
To: Tomcat Users List 
Subject: Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

вт, 8 окт. 2019 г. в 12:24, Arnaud Yahoo :
>
> Hello,
>
> I am using a 3rd party valve for OpenId Connect authentication that 
> stop working upgrading from tomcat 8.5.24 to 8.5.46
>
> I managed to isolate the issue behing this and it is caused by a 
> change in org.apache.tomcat.util.codec.binary.Base64
>
> It can be reproduce with a simple test case
>
> @Test
>  public void decodeBase64Test() {
>  String str =
> "YZJXP8zFDY6WPk1NZx4RtkH95lA4H_GM_XmFjouJImtqy-PD27-GUYVrCq1QM3M09TzRF
> ZTL4aMMTweZFj3h1M-4Pqb4xrRq9URICQ9ffpnB9OGKjEwEpzhICwbE8C8-zEbhFOEgdXc
> yeP0pJc9uHEUH9Z4rTEg0jxmOmffIAbX9zfjhIla0XUsFd2C2QQGXu1nTFrb2EqfhLDls4
> ZLCcnLZE6Be3SpHCtvZiFN4w3xlI0TZitX4S3SjTocK4Xobb3Ey0RnewDP6jw78JniFTbu
> uGB962GlHDJvaQoda2dON9j7Yhv_pTvxBlHDmIKYINYsBfTwEQ_qtLJtmcvv41Q";
>
> assertArrayEquals(org.apache.tomcat.util.codec.binary.Base64.decodeBas
> e64(str), java.util.Base64.getUrlDecoder().decode(str));
>  }
>
> This test is ok with 8.5.24 but fails with 8.5.46. Are there any known 
> issues with Base64 utility ?

Please test with 8.5.47 release candidate that is currently being voted (see 
e-mails on the dev@ list for links).

There have been changes in the decoding code between 8.5.46 and .47.

c8fcc65e74d43b8201a50a30f88836264e565f79
709b45b42020d6cbc59940ab04380f5b0134b946
(on 17 and 18 of September)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

2019-10-08 Thread Mark Thomas

On 08/10/2019 11:26, Konstantin Kolinko wrote:
> вт, 8 окт. 2019 г. в 12:24, Arnaud Yahoo :
>>
>> Hello,
>>
>> I am using a 3rd party valve for OpenId Connect authentication that stop
>> working upgrading from tomcat 8.5.24 to 8.5.46
>>
>> I managed to isolate the issue behing this and it is caused by a change
>> in org.apache.tomcat.util.codec.binary.Base64
>>
>> It can be reproduce with a simple test case
>>
>> @Test
>>  public void decodeBase64Test() {
>>  String str =
>> "YZJXP8zFDY6WPk1NZx4RtkH95lA4H_GM_XmFjouJImtqy-PD27-GUYVrCq1QM3M09TzRFZTL4aMMTweZFj3h1M-4Pqb4xrRq9URICQ9ffpnB9OGKjEwEpzhICwbE8C8-zEbhFOEgdXcyeP0pJc9uHEUH9Z4rTEg0jxmOmffIAbX9zfjhIla0XUsFd2C2QQGXu1nTFrb2EqfhLDls4ZLCcnLZE6Be3SpHCtvZiFN4w3xlI0TZitX4S3SjTocK4Xobb3Ey0RnewDP6jw78JniFTbuuGB962GlHDJvaQoda2dON9j7Yhv_pTvxBlHDmIKYINYsBfTwEQ_qtLJtmcvv41Q";
>>
>> assertArrayEquals(org.apache.tomcat.util.codec.binary.Base64.decodeBase64(str),
>> java.util.Base64.getUrlDecoder().decode(str));
>>  }
>>
>> This test is ok with 8.5.24 but fails with 8.5.46. Are there any known
>> issues with Base64 utility ?
> 
> Please test with 8.5.47 release candidate that is currently being
> voted (see e-mails on the dev@ list for links).
> 
> There have been changes in the decoding code between 8.5.46 and .47.
> 
> c8fcc65e74d43b8201a50a30f88836264e565f79
> 709b45b42020d6cbc59940ab04380f5b0134b946
> (on 17 and 18 of September)

And you probably want
org.apache.tomcat.util.codec.binary.Base64.decodeBase64URLSafe(String)

The short(ish) version is:
- Commons CODEC fixed a bug to handle incomplete encodings at the end of
  the input (CODEC-134)
- That triggered a failure in one of Tomcat's unit tests
- Fixing the particular failure meant removing the "seamless" decoding
  of both standard and URL-safe Base64 with the same code
- We (OK, I) incorrectly thought Tomcat didn't need the URL-safe
  decoding so it was removed - this triggered the issue you describe
  above
- Testing of the HTTP/2 showed we did need it so it was restored but
  separate methods were provided for standard and URL-safe decoding

HTH,

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

2019-10-08 Thread Konstantin Kolinko

вт, 8 окт. 2019 г. в 12:24, Arnaud Yahoo :
>
> Hello,
>
> I am using a 3rd party valve for OpenId Connect authentication that stop
> working upgrading from tomcat 8.5.24 to 8.5.46
>
> I managed to isolate the issue behing this and it is caused by a change
> in org.apache.tomcat.util.codec.binary.Base64
>
> It can be reproduce with a simple test case
>
> @Test
>  public void decodeBase64Test() {
>  String str =
> "YZJXP8zFDY6WPk1NZx4RtkH95lA4H_GM_XmFjouJImtqy-PD27-GUYVrCq1QM3M09TzRFZTL4aMMTweZFj3h1M-4Pqb4xrRq9URICQ9ffpnB9OGKjEwEpzhICwbE8C8-zEbhFOEgdXcyeP0pJc9uHEUH9Z4rTEg0jxmOmffIAbX9zfjhIla0XUsFd2C2QQGXu1nTFrb2EqfhLDls4ZLCcnLZE6Be3SpHCtvZiFN4w3xlI0TZitX4S3SjTocK4Xobb3Ey0RnewDP6jw78JniFTbuuGB962GlHDJvaQoda2dON9j7Yhv_pTvxBlHDmIKYINYsBfTwEQ_qtLJtmcvv41Q";
>
> assertArrayEquals(org.apache.tomcat.util.codec.binary.Base64.decodeBase64(str),
> java.util.Base64.getUrlDecoder().decode(str));
>  }
>
> This test is ok with 8.5.24 but fails with 8.5.46. Are there any known
> issues with Base64 utility ?

Please test with 8.5.47 release candidate that is currently being
voted (see e-mails on the dev@ list for links).

There have been changes in the decoding code between 8.5.46 and .47.

c8fcc65e74d43b8201a50a30f88836264e565f79
709b45b42020d6cbc59940ab04380f5b0134b946
(on 17 and 18 of September)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

RE: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

4 matches

Site Navigation

Mail list logo

Footer information