Closed Bug 13546 Opened 25 years ago Closed 25 years ago

JDAPFilterOpers.java throws StringIndexOutOfBoundsException

Categories

(Directory :: LDAP Java SDK, defect, P3)

Product:
Directory
Component:
LDAP Java SDK
Platform:
All
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: thiel, Assigned: miodrag)

References

(
URL
)

Details

The PhoneList servlet queries our LDAP server using the text in the "Find" box to create the filter. When the filter includes a backslash character, the JDAPFilterOpers.getByteValues method tries to covert the characters after the backslash as a hex value. If the filter ends with a backslash character, the getByteValues method throws: [Fri Sep 10 10:39:57 EDT 1999] (default) : ServletExec: the service method of PhoneList threw an exception: java.lang.StringIndexOutOfBoundsException: String index out of range: 6 [Fri Sep 10 10:39:57 EDT 1999] (default) : java.lang.StringIndexOutOfBoundsException: String index out of range: 6 [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.Throwable.(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.Exception.(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.RuntimeException.(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.IndexOutOfBoundsException.(IndexOutOfBoundsException.java:47) [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.StringIndexOutOfBoundsException.(StringIndexOutOfBoundsException.java: 59) [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.String.substring(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.client.JDAPFilterOpers.getByteValues(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.client.JDAPFilterOpers.getOctetString(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.client.JDAPFilterSubString.getBERElement(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.client.JDAPFilterSet.getBERElement(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.client.opers.JDAPSearchRequest.getBERElement(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.client.JDAPMessage.write(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.LDAPConnThread.sendRequest(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.LDAPConnection.sendRequest(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.LDAPConnection.search(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at netscape.ldap.LDAPConnection.search(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at PhoneList.service(Compiled Code) [Fri Sep 10 10:39:57 EDT 1999] (default) : at javax.servlet.http.HttpServlet.service(Compiled Code) I believe that since the substring method calls in the getByteValues method do not check for any index being beyond the length of the string, the exception is thrown.
Assignee: mcs → miodrag
Status: NEW → ASSIGNED
JDAPFilterOpers.getByteValues(String str) is now catching the StringIndexOutOfBoundsException and converting it into IllegalArgumentException("Bad search filter"). The IllegalArgumentException is in turn caught by LDAPConnection.sendRequest() and returned to the user as LDAPException.PARAM_ERROR. The fix has been checked in 05-06-00. Checking in ldapjdk/netscape/ldap/client/JDAPFilterOpers.java; /cvsroot/mozilla/directory/java-sdk/ldapjdk/netscape/ldap/client/JDAPFilterOpers .java,v <-- JDAPFilterOpers.java new revision: 1.4; previous revision: 1.3
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.