DO NOT REPLY [Bug 33157] New: - basic authentication fails in some cases

Tue, 18 Jan 2005 12:29:20 -0800 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33157>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33157

           Summary: basic authentication fails in some cases
           Product: Tomcat 5
           Version: 5.5.4
          Platform: All
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: [EMAIL PROTECTED]


setup
- java 1.5.0.1
- tomcat 5.5.4
- UserDatabaseRealm

to cause failuer, using wget as my test client
- wget -O o --http-user=user --http-
passwd=pinotnoir "http://localhost:8080/myapp/myjsp.jsp";
- wget -O o --http-user=user --http-
passwd=pinotnoir1 "http://localhost:8080/myapp/myjsp.jsp";
- wget -O o --http-user=user --http-
passwd=pinotnoir "http://localhost:8080/myapp/myjsp.jsp";

by setting a breakpoint in RealmBase.authenticate, the username/credentials 
strings show up as
- user/pinotnoir
- user/pinotnoir1
- user/pinotnoir1  <==== incorrect, should be pinotnoir

The issues seems to be in Base64.decode:

decodedDataCC.allocate(lastData - numberQuadruple, -1);
decodedDataCC.setEnd(lastData - numberQuadruple);
decodedData = decodedDataCC.getBuffer();


decodedDataCC.allocate(lastData - numberQuadruple, -1);
- allocate does not reallocate for the 3 test (pinotnoir) since the buffer was 
already big enough from the previous request (pinotnoir1)
- setEnd sets an end flag
- getBuffer just gets the byte[], which is too big (pinotnoir1)

from there on, things are just messed up.

for a quicky, I have just hacked the CharChunk.allocate to remove the size 
check:

    public void allocate( int initial, int limit  ) {
        isOutput=true;
//      if( buff==null || buff.length < initial ) {
            buff=new char[initial];
//      }
        this.limit=limit;
        start=0;
        end=0;
        isOutput=true;
        isSet=true;
    }

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to