You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Nathan Beyer (JIRA)" <ji...@apache.org> on 2009/12/08 05:38:18 UTC
[jira] Created: (GERONIMO-4978) [geronimo-security]
FileCertificateRequestStore inappropriately uses InputStream.available()
[geronimo-security] FileCertificateRequestStore inappropriately uses InputStream.available()
--------------------------------------------------------------------------------------------
Key: GERONIMO-4978
URL: https://issues.apache.org/jira/browse/GERONIMO-4978
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 3.0
Reporter: Nathan Beyer
The FileCertificateRequestStore.getRequest(String) method assumes that the value returned by FileInputStream.available() is the entire length of the stream. This is not guaranteed to be true.
Additionally, the method constructs a String from a byte[] without defining a character encoding, which means that the default encoding of the OS is used.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4978) [geronimo-security]
FileCertificateRequestStore inappropriately uses InputStream.available()
Posted by "Nathan Beyer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4978?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nathan Beyer updated GERONIMO-4978:
-----------------------------------
Attachment: geronimo-security-fcrs.patch
geronimo-security-fcrs.patch
This patch re-implements the getRequest method to loop over the InputStream and constructs the Strings with the 'US-ASCII' encoding.
> [geronimo-security] FileCertificateRequestStore inappropriately uses InputStream.available()
> --------------------------------------------------------------------------------------------
>
> Key: GERONIMO-4978
> URL: https://issues.apache.org/jira/browse/GERONIMO-4978
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: Nathan Beyer
> Attachments: geronimo-security-fcrs.patch
>
>
> The FileCertificateRequestStore.getRequest(String) method assumes that the value returned by FileInputStream.available() is the entire length of the stream. This is not guaranteed to be true.
> Additionally, the method constructs a String from a byte[] without defining a character encoding, which means that the default encoding of the OS is used.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4978) [geronimo-security]
FileCertificateRequestStore inappropriately uses InputStream.available()
Posted by "Nathan Beyer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12787311#action_12787311 ]
Nathan Beyer commented on GERONIMO-4978:
----------------------------------------
I'd like to create a test case for the FileCertificateRequestStore, but I'm not quite sure where to begin. If there are any similar test cases that I could compare it to, please let me know.
> [geronimo-security] FileCertificateRequestStore inappropriately uses InputStream.available()
> --------------------------------------------------------------------------------------------
>
> Key: GERONIMO-4978
> URL: https://issues.apache.org/jira/browse/GERONIMO-4978
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: Nathan Beyer
> Attachments: geronimo-security-fcrs.patch
>
>
> The FileCertificateRequestStore.getRequest(String) method assumes that the value returned by FileInputStream.available() is the entire length of the stream. This is not guaranteed to be true.
> Additionally, the method constructs a String from a byte[] without defining a character encoding, which means that the default encoding of the OS is used.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.