[jboss-jira] [JBoss JIRA] (ELY-100) Digest-MD5 authorization check is incorrect
Peter Skopek (JIRA)
issues at jboss.org
Thu Oct 16 03:17:35 EDT 2014
[ https://issues.jboss.org/browse/ELY-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13012393#comment-13012393 ]
Peter Skopek commented on ELY-100:
----------------------------------
This code is removed as part of PR: https://github.com/wildfly-security/wildfly-elytron/pull/46
> Digest-MD5 authorization check is incorrect
> -------------------------------------------
>
> Key: ELY-100
> URL: https://issues.jboss.org/browse/ELY-100
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Reporter: David Lloyd
> Assignee: Peter Skopek
>
> In MD5DigestSaslServer.java line 232-233 we have this code:
> {code}
> byte[] authzid = parsedDigestResponse.get("authzid");
> String authorizationId = (authzid==null || authzid.equals(userName)) ? null : new String(authzid, Charsets.UTF_8);
> {code}
> The {{equals}} compare between {{authzid}} (a byte array) and {{userName}} (a String) is invalid. However if I fix it in the obvious manner, tests fail.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list