Closed Bug 13546 Opened 25 years ago Closed 24 years ago

JDAPFilterOpers.java throws StringIndexOutOfBoundsException

Categories

(Directory :: LDAP Java SDK, defect, P3)

Product:
Directory
Component:
LDAP Java SDK
Platform:
All
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: thiel, Assigned: miodrag)

References

(
URL
)

Details

The PhoneList servlet queries our LDAP server using the text in the "Find" box
to create the filter.  When the filter includes a backslash character, the
JDAPFilterOpers.getByteValues method tries to covert the characters after the
backslash as a hex value.  If the filter ends with a backslash character,
the getByteValues method throws:


  [Fri Sep 10 10:39:57 EDT 1999] (default) : ServletExec: the service method of
PhoneList
  threw an exception: java.lang.StringIndexOutOfBoundsException: String index
out of range: 6
  [Fri Sep 10 10:39:57 EDT 1999] (default) :
java.lang.StringIndexOutOfBoundsException: String index out of range: 6
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.Throwable.(Compiled
Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.Exception.(Compiled
Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
java.lang.RuntimeException.(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  java.lang.IndexOutOfBoundsException.(IndexOutOfBoundsException.java:47)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at

java.lang.StringIndexOutOfBoundsException.(StringIndexOutOfBoundsException.java:
59)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
java.lang.String.substring(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPFilterOpers.getByteValues(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPFilterOpers.getOctetString(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPFilterSubString.getBERElement(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPFilterSet.getBERElement(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.opers.JDAPSearchRequest.getBERElement(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPMessage.write(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.LDAPConnThread.sendRequest(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.LDAPConnection.sendRequest(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.LDAPConnection.search(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.LDAPConnection.search(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at PhoneList.service(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  javax.servlet.http.HttpServlet.service(Compiled Code)


I believe that since the substring method calls in the getByteValues method
do not check for any index being beyond the length of the string, the
exception is thrown.
Assignee: mcs → miodrag
Status: NEW → ASSIGNED
JDAPFilterOpers.getByteValues(String str) is now catching 
the StringIndexOutOfBoundsException and converting it into 
IllegalArgumentException("Bad search filter"). The IllegalArgumentException is 
in turn caught by LDAPConnection.sendRequest() and returned to the user as 
LDAPException.PARAM_ERROR.

The fix has been checked in 05-06-00.

Checking in ldapjdk/netscape/ldap/client/JDAPFilterOpers.java;
/cvsroot/mozilla/directory/java-sdk/ldapjdk/netscape/ldap/client/JDAPFilterOpers
.java,v  <--  JDAPFilterOpers.java
new revision: 1.4; previous revision: 1.3
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.