You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kristian Waagan (JIRA)" <de...@db.apache.org> on 2006/01/03 16:06:04 UTC

[jira] Updated: (DERBY-746) NullPointerException when 'encryptionKey' length is an odd number, or it contains invalid chars

     [ http://issues.apache.org/jira/browse/DERBY-746?page=all ]

Kristian Waagan updated DERBY-746:
----------------------------------

    Attachment: derby-746.diff
                derby-746.stat

Stat and diff for the patch (against revision 365637).
No new files added.

Derbyall ran without errors 32 bit (chroot) Gentoo Linux (6 suites skipped - no db2jcc).
The test will fail on Solaris 10 with J2SE 5.0 due to another problem, see DERBY-788.

Patch description:
* JCECipherFactory.boot() now checks the output from the fromHexString-method and throws an exception if it is invalid, instead of failing with NPE.
* Added 2 new SQLStates and messages (only English)
* Added 2 new test cases (invalid char in encryption key and encryption key of with odd length).
* Updated master file.


> NullPointerException when 'encryptionKey' length is an odd number, or it contains invalid chars
> -----------------------------------------------------------------------------------------------
>
>          Key: DERBY-746
>          URL: http://issues.apache.org/jira/browse/DERBY-746
>      Project: Derby
>         Type: Bug
>   Components: Security
>     Versions: 10.1.1.2, 10.1.2.1, 10.2.0.0, 10.1.3.0, 10.1.2.2
>  Environment: All environments.
>     Reporter: Kristian Waagan
>     Assignee: Kristian Waagan
>     Priority: Minor
>  Attachments: derby-746.diff, derby-746.stat
>
> When booting/creating an encrypted database, a NullPointerException is thrown if the length of the connection string attribute 'encryptionKey' is an odd number, or the encryption key contains invalid characters for hexadecimal numbers (char not in the set [0-9a-fA-F]).
> The reason for the exception being thrown, is that the method 'iapi.util.StringUtil.fromHexString(String, int, int)' returns null for the cases described above. The code calling the method in 'JCECipherFactory.boot(boolean, Properties)' does not check that the return value is not null.
> A related trivial issue is that 'fromHexString' does not allow the caller to see the distinction between a string with invalid length and a string containing invalid characters (both cases return null).
> [To reproduce]
> (connection string copied from test 'store/encryptionKey.sql' and then modified)
> Supply the following connection string, for instance in ij:
> connect 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656';
> (deleted the last digit in the encryption key)
> 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656X';
> (replaced last digit with an X)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira