2 Replies Latest reply on May 2, 2002 10:16 AM by robinsonra

bug in Util.calculatePasswordHash

robinsonra Apr 26, 2002 12:58 PM

Hi,

I have a strange hobby of browsing through source code and started looking at JBoss' security source code today. In doing so, I think I've spotted a bug. This is from the snapshot for Apr 17th in
jboss-all/security/src/main/org/jboss/security/Util.java
starting at line 151:
for(int n = 0, p = 0; p < password.length; p ++)
{
char c = password[p];
passBytes[n ++] = (byte) (c & 0x00FF00);
passBytes[n ++] = (byte) (c & 0x0000FF);
}

as it stands now, the high order byte of each Unicode character in the password is always considered zero when it's hashed, which is probably a problem.

To fix it line 154 should be (I think):
passBytes[n ++] = (byte) ((c & 0x00FF00) >> 8);

At the moment I haven't yet installed JBoss on my system, can't build it and don't have CVS capability. It sure does look like a bug though.

1. Re: bug in Util.calculatePasswordHash

starksm64 Apr 28, 2002 2:53 AM (in response to robinsonra)

Yes, but bugs should be reported through sourceforge, not the forums.
Actions
2. Re: bug in Util.calculatePasswordHash

robinsonra May 2, 2002 10:16 AM (in response to robinsonra)

I've submitted the bug report in sourceforge. Thanks.
Actions

Go to original post