You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2022/02/02 20:33:20 UTC

[cxf] branch 3.5.x-fixes updated: Adding guard for array in Base64Utility

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/3.5.x-fixes by this push:
     new 0a75ab2  Adding guard for array in Base64Utility
0a75ab2 is described below

commit 0a75ab23495ae1bd1b9fbbcac4ed481351cf97df
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Feb 2 20:32:28 2022 +0000

    Adding guard for array in Base64Utility
    
    (cherry picked from commit 128881c08184e8dde09c823122ede5a103cfd4e3)
---
 core/src/main/java/org/apache/cxf/common/util/Base64Utility.java        | 2 +-
 .../src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java b/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java
index c4f6531..9a12b2b 100644
--- a/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java
+++ b/core/src/main/java/org/apache/cxf/common/util/Base64Utility.java
@@ -468,7 +468,7 @@ public final class Base64Utility {
     }
 
     public static boolean isValidBase64(int ch) {
-        return ch == PAD || BDT[ch] != Byte.MAX_VALUE;
+        return ch == PAD || ch >= 0 && ch < BDT.length && BDT[ch] != Byte.MAX_VALUE;
     }
 
 }
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
index 8c4317e..78f4774 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
@@ -42,7 +42,7 @@ import org.apache.cxf.common.util.Base64Utility;
 
 public final class HmacUtils {
 
-    private static final Logger LOG = LogUtils.getL7dLogger(CryptoUtils.class);
+    private static final Logger LOG = LogUtils.getL7dLogger(HmacUtils.class);
 
     private HmacUtils() {