[jboss-jira] [JBoss JIRA] (SECURITY-992) org.jboss.security.Base64Encoder doesn't work for certain lengths (1026 or 3072 for example)
Ricardo Martin Camarero (JIRA)
issues at jboss.org
Tue Jun 12 03:53:00 EDT 2018
[ https://issues.jboss.org/browse/SECURITY-992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ricardo Martin Camarero updated SECURITY-992:
---------------------------------------------
Component/s: JBossSX
Description: When a byte array of certain lengths (1026 and 3072 for example) is encoded in base64 using the class {{org.jboss.security.Base64Encoder}} the last chunk of four bytes is omitted.
Steps to Reproduce:
Attached a simple reproducer (the length of the array is passed):
{noformat}
javac -cp ~/picketbox/dist/target/picketbox-5.1.1.Beta1-SNAPSHOT.jar Reproducer.java
java -cp picketbox/main/picketbox-5.1.1.Final.jar:. Reproducer 1026
{noformat}
You will see that with 1026 and 3072 the first base64 is missing the last four bytes (one is using picketbox and the other java8 Base64 class).
Summary: org.jboss.security.Base64Encoder doesn't work for certain lengths (1026 or 3072 for example) (was: git diff)
Workaround Description: None, use another Base64 implementation like the one in JDK.
Affects Version/s: PicketBox_5_1_0.Final
> org.jboss.security.Base64Encoder doesn't work for certain lengths (1026 or 3072 for example)
> --------------------------------------------------------------------------------------------
>
> Key: SECURITY-992
> URL: https://issues.jboss.org/browse/SECURITY-992
> Project: PicketBox
> Issue Type: Bug
> Components: JBossSX
> Affects Versions: PicketBox_5_1_0.Final
> Reporter: Ricardo Martin Camarero
> Assignee: Stefan Guilhen
>
> When a byte array of certain lengths (1026 and 3072 for example) is encoded in base64 using the class {{org.jboss.security.Base64Encoder}} the last chunk of four bytes is omitted.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list