JDAPFilterOpers.java throws StringIndexOutOfBoundsException

RESOLVED FIXED

Status

Directory
LDAP Java SDK
P3
normal
RESOLVED FIXED
18 years ago
17 years ago

People

(Reporter: thiel, Assigned: miodrag)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

18 years ago
The PhoneList servlet queries our LDAP server using the text in the "Find" box
to create the filter.  When the filter includes a backslash character, the
JDAPFilterOpers.getByteValues method tries to covert the characters after the
backslash as a hex value.  If the filter ends with a backslash character,
the getByteValues method throws:


  [Fri Sep 10 10:39:57 EDT 1999] (default) : ServletExec: the service method of
PhoneList
  threw an exception: java.lang.StringIndexOutOfBoundsException: String index
out of range: 6
  [Fri Sep 10 10:39:57 EDT 1999] (default) :
java.lang.StringIndexOutOfBoundsException: String index out of range: 6
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.Throwable.(Compiled
Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at java.lang.Exception.(Compiled
Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
java.lang.RuntimeException.(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  java.lang.IndexOutOfBoundsException.(IndexOutOfBoundsException.java:47)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at

java.lang.StringIndexOutOfBoundsException.(StringIndexOutOfBoundsException.java:
59)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
java.lang.String.substring(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPFilterOpers.getByteValues(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPFilterOpers.getOctetString(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPFilterSubString.getBERElement(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPFilterSet.getBERElement(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.opers.JDAPSearchRequest.getBERElement(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.client.JDAPMessage.write(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.LDAPConnThread.sendRequest(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.LDAPConnection.sendRequest(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.LDAPConnection.search(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  netscape.ldap.LDAPConnection.search(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at PhoneList.service(Compiled Code)
  [Fri Sep 10 10:39:57 EDT 1999] (default) : at
  javax.servlet.http.HttpServlet.service(Compiled Code)


I believe that since the substring method calls in the getByteValues method
do not check for any index being beyond the length of the string, the
exception is thrown.

Updated

18 years ago
Assignee: mcs → miodrag
(Assignee)

Updated

18 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 1

17 years ago
JDAPFilterOpers.getByteValues(String str) is now catching 
the StringIndexOutOfBoundsException and converting it into 
IllegalArgumentException("Bad search filter"). The IllegalArgumentException is 
in turn caught by LDAPConnection.sendRequest() and returned to the user as 
LDAPException.PARAM_ERROR.

The fix has been checked in 05-06-00.

Checking in ldapjdk/netscape/ldap/client/JDAPFilterOpers.java;
/cvsroot/mozilla/directory/java-sdk/ldapjdk/netscape/ldap/client/JDAPFilterOpers
.java,v  <--  JDAPFilterOpers.java
new revision: 1.4; previous revision: 1.3
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.