You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2022/02/02 20:33:03 UTC
[cxf] branch master updated: Adding guard for array in Base64Utility
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 128881c Adding guard for array in Base64Utility
128881c is described below
commit 128881c08184e8dde09c823122ede5a103cfd4e3
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Feb 2 20:32:28 2022 +0000
Adding guard for array in Base64Utility
---
core/src/main/java/org/apache/cxf/common/util/Base64Utility.java | 2 +-
.../src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java b/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java
index c4f6531..9a12b2b 100644
--- a/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java
+++ b/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java
@@ -468,7 +468,7 @@ public final class Base64Utility {
}
public static boolean isValidBase64(int ch) {
- return ch == PAD || BDT[ch] != Byte.MAX_VALUE;
+ return ch == PAD || ch >= 0 && ch < BDT.length && BDT[ch] != Byte.MAX_VALUE;
}
}
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
index 8c4317e..78f4774 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
@@ -42,7 +42,7 @@ import org.apache.cxf.common.util.Base64Utility;
public final class HmacUtils {
- private static final Logger LOG = LogUtils.getL7dLogger(CryptoUtils.class);
+ private static final Logger LOG = LogUtils.getL7dLogger(HmacUtils.class);
private HmacUtils() {