Revision: 991
http://stripes.svn.sourceforge.net/stripes/?rev=991&view=rev
Author: bengunter
Date: 2008-10-22 19:14:57 +0000 (Wed, 22 Oct 2008)
Log Message:
-----------
Fixed STS-555. Check the size of the buffer returned by Base64 decoding before
attempting to decrypt it. If it is null or 0-length, log a warning and return
null.
Modified Paths:
--------------
trunk/stripes/src/net/sourceforge/stripes/util/CryptoUtil.java
Modified: trunk/stripes/src/net/sourceforge/stripes/util/CryptoUtil.java
===================================================================
--- trunk/stripes/src/net/sourceforge/stripes/util/CryptoUtil.java
2008-10-22 19:01:48 UTC (rev 990)
+++ trunk/stripes/src/net/sourceforge/stripes/util/CryptoUtil.java
2008-10-22 19:14:57 UTC (rev 991)
@@ -184,6 +184,10 @@
// First un-base64 the String
byte[] bytes = Base64.decode(input, BASE64_OPTIONS);
+ if (bytes == null || bytes.length < 1) {
+ log.warn("Input is not Base64 encoded: ", input);
+ return null;
+ }
// Then fetch a cipher and decrypt the bytes
Cipher cipher = getCipher(Cipher.DECRYPT_MODE);
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
