[ http://issues.apache.org/jira/browse/DERBY-746?page=all ]
Kristian Waagan updated DERBY-746: ---------------------------------- Attachment: derby-746a.stat derby-746a.diff Original patch (derby-746.diff) applied to trunk revision 365785. Sunhita Kambhampati pointed out a spelling error in the patch (thanks). An *additional* patch fixing the error in the message file and the test master file is attached as derby-746a.diff. I reran 'store/encryptionKey.sql' - no errors (Gentoo Linux, 64 bit, Sun JDK 1.4.2_10 Blackdown JDK 1.4.2-02 & IBM J9SE 2.2 (1.4.2)). > NullPointerException when 'encryptionKey' length is an odd number, or it > contains invalid chars > ----------------------------------------------------------------------------------------------- > > Key: DERBY-746 > URL: http://issues.apache.org/jira/browse/DERBY-746 > Project: Derby > Type: Bug > Components: Security > Versions: 10.1.1.2, 10.1.2.1, 10.2.0.0, 10.1.3.0, 10.1.2.2 > Environment: All environments. > Reporter: Kristian Waagan > Assignee: Kristian Waagan > Priority: Minor > Attachments: derby-746.diff, derby-746.stat, derby-746a.diff, derby-746a.stat > > When booting/creating an encrypted database, a NullPointerException is thrown > if the length of the connection string attribute 'encryptionKey' is an odd > number, or the encryption key contains invalid characters for hexadecimal > numbers (char not in the set [0-9a-fA-F]). > The reason for the exception being thrown, is that the method > 'iapi.util.StringUtil.fromHexString(String, int, int)' returns null for the > cases described above. The code calling the method in > 'JCECipherFactory.boot(boolean, Properties)' does not check that the return > value is not null. > A related trivial issue is that 'fromHexString' does not allow the caller to > see the distinction between a string with invalid length and a string > containing invalid characters (both cases return null). > [To reproduce] > (connection string copied from test 'store/encryptionKey.sql' and then > modified) > Supply the following connection string, for instance in ij: > connect > 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656'; > (deleted the last digit in the encryption key) > 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656X'; > (replaced last digit with an X) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira