You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/01/28 14:02:40 UTC

[tomcat] branch 8.5.x updated: Correct a regression in the fix for BZ 64110

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 4794347  Correct a regression in the fix for BZ 64110
4794347 is described below

commit 47943476385b002f410f1ca0c6924e30750682c7
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 28 14:01:35 2021 +0000

    Correct a regression in the fix for BZ 64110
    
    Larger TLS grease values triggered an overflow when being converted to a
    String value for logging / reporting purposes. This broke the TLS
    handshake which in turn broke the TLS connection.
---
 java/org/apache/tomcat/util/buf/HexUtils.java     | 4 ++--
 test/org/apache/tomcat/util/buf/TestHexUtils.java | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/HexUtils.java b/java/org/apache/tomcat/util/buf/HexUtils.java
index fffa5f9..379217f 100644
--- a/java/org/apache/tomcat/util/buf/HexUtils.java
+++ b/java/org/apache/tomcat/util/buf/HexUtils.java
@@ -79,8 +79,8 @@ public final class HexUtils {
         // 2 bytes / 4 hex digits
         StringBuilder sb = new StringBuilder(4);
 
-        sb.append(hex[(c & 0xf000) >> 4]);
-        sb.append(hex[(c & 0x0f00)]);
+        sb.append(hex[(c & 0xf000) >> 12]);
+        sb.append(hex[(c & 0x0f00) >> 8]);
 
         sb.append(hex[(c & 0xf0) >> 4]);
         sb.append(hex[(c & 0x0f)]);
diff --git a/test/org/apache/tomcat/util/buf/TestHexUtils.java b/test/org/apache/tomcat/util/buf/TestHexUtils.java
index 5b78416..0dd3608 100644
--- a/test/org/apache/tomcat/util/buf/TestHexUtils.java
+++ b/test/org/apache/tomcat/util/buf/TestHexUtils.java
@@ -68,4 +68,9 @@ public class TestHexUtils {
         // Odd number of hex characters
         HexUtils.fromHexString("aaa");
     }
+
+    @Test
+    public void testToHex01() {
+        Assert.assertEquals("fedc", HexUtils.toHexString((char) 0xfedc));
+    }
 }
\ No newline at end of file


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org