You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2005/01/18 21:29:10 UTC

DO NOT REPLY [Bug 33157] New: - basic authentication fails in some cases

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33157>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33157

           Summary: basic authentication fails in some cases
           Product: Tomcat 5
           Version: 5.5.4
          Platform: All
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: aktweb@msn.com


setup
- java 1.5.0.1
- tomcat 5.5.4
- UserDatabaseRealm

to cause failuer, using wget as my test client
- wget -O o --http-user=user --http-
passwd=pinotnoir "http://localhost:8080/myapp/myjsp.jsp"
- wget -O o --http-user=user --http-
passwd=pinotnoir1 "http://localhost:8080/myapp/myjsp.jsp"
- wget -O o --http-user=user --http-
passwd=pinotnoir "http://localhost:8080/myapp/myjsp.jsp"

by setting a breakpoint in RealmBase.authenticate, the username/credentials 
strings show up as
- user/pinotnoir
- user/pinotnoir1
- user/pinotnoir1  <==== incorrect, should be pinotnoir

The issues seems to be in Base64.decode:

decodedDataCC.allocate(lastData - numberQuadruple, -1);
decodedDataCC.setEnd(lastData - numberQuadruple);
decodedData = decodedDataCC.getBuffer();


decodedDataCC.allocate(lastData - numberQuadruple, -1);
- allocate does not reallocate for the 3 test (pinotnoir) since the buffer was 
already big enough from the previous request (pinotnoir1)
- setEnd sets an end flag
- getBuffer just gets the byte[], which is too big (pinotnoir1)

from there on, things are just messed up.

for a quicky, I have just hacked the CharChunk.allocate to remove the size 
check:

    public void allocate( int initial, int limit  ) {
	isOutput=true;
//	if( buff==null || buff.length < initial ) {
	    buff=new char[initial];
//	}
	this.limit=limit;
	start=0;
	end=0;
	isOutput=true;
	isSet=true;
    }

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org