qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7470) [Java Broker] Address javax.xml.bind.DatatypeConverter shortcomings
Date Tue, 01 Nov 2016 12:54:59 GMT

    [ https://issues.apache.org/jira/browse/QPID-7470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15625357#comment-15625357

ASF subversion and git services commented on QPID-7470:

Commit 1767490 from [~k-wall] in branch 'java/branches/6.0.x'
[ https://svn.apache.org/r1767490 ]

QPID-7470 : Wrap use of DatatypeConverter.parseBase64Binary to validate that only valid characters
exist within the string

Merged from branch 6.1.x with command:

svn merge -c 1767487 ^/qpid/java/branches/6.1.x

> [Java Broker] Address javax.xml.bind.DatatypeConverter shortcomings
> -------------------------------------------------------------------
>                 Key: QPID-7470
>                 URL: https://issues.apache.org/jira/browse/QPID-7470
>             Project: Qpid
>          Issue Type: Task
>          Components: Java Broker
>            Reporter: Lorenz Quack
>             Fix For: qpid-java-6.1, qpid-java-6.2, quid-java-6.0.6
> javax.xml.bind.DatatypeConverterImpl#parseBase64Binary has shortcomings that we should
address.  It does not (as the java docs suggest) throw IllegalArgumentException when the argument
contains characters outside the valid base64 value space. Instead it will skip invalid characters
in the (7-bit) ASCII range and throw a ArrayIndexOutOfBoundsException on non-ASCII characters.
> We should guard against these cases. Maybe by wrapping javax.xml.bind.DatatypeConverterImpl
in our own class and doing input validation there.
> See also (https://bugs.openjdk.java.net/browse/JDK-8168456)

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message