[jira] [Commented] (DIRKRB-730) Unable to parse krb5.conf rules due to java.lang.IndexOutOfBoundsException

Fri, 04 Jan 2019 15:04:54 -0800 


    [ 
https://issues.apache.org/jira/browse/DIRKRB-730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16734650#comment-16734650
 ] 

Stefan Seelmann commented on DIRKRB-730:
----------------------------------------

I still found some easy ways to break it, parsing is not fun :)

If the first line is a comment or an empty line an OutOfBounds exception is 
thrown, for example:
{code}
        auth_to_local = {
            # comment (or empty line) in first line
            RULE:[2:$1](johndoe)s/^.*$/guest/
            RULE:[2:$1;$2](^.*;admin$)s/;admin$//
            RULE:[2:$2](^.*;root)s/^.*$/root/
            DEFAULT
        }
{code}

If there is a comment or empty line with *leading* spaces it is not ignored but 
added to the result list. Is that intended? Seems some trim() is missing (which 
then would lead to the next issue)?
{code}
        auth_to_local = {
            RULE:[2:$1](johndoe)s/^.*$/guest/
            RULE:[2:$1;$2](^.*;admin$)s/;admin$//
        # comment with leading spaces (or just some whitespace)
            RULE:[2:$2](^.*;root)s/^.*$/root/
            DEFAULT
        }
{code} 

If there is a comment or empty line without leading spaces it runs into an 
infinite loop:
{code}
        auth_to_local = {
            RULE:[2:$1](johndoe)s/^.*$/guest/
            RULE:[2:$1;$2](^.*;admin$)s/;admin$//
# comment without leading space
            RULE:[2:$2](^.*;root)s/^.*$/root/
            DEFAULT
        }
{code}

I don't know if comments and/or empty lines are at all allowed in such a 
multi-line block, but then parsing should fail. I didn't find a specification 
for the format, does one exist? I only found the example here: 
https://web.mit.edu/Kerberos/krb5-1.16/doc/admin/conf_files/krb5_conf.html#realms


> Unable to parse krb5.conf rules due to java.lang.IndexOutOfBoundsException
> --------------------------------------------------------------------------
>
>                 Key: DIRKRB-730
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-730
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 1.1.1
>            Reporter: Bolke de Bruin
>            Priority: Major
>         Attachments: 0001-Make-sure-multi-line-value-can-be-parsed.patch, 
> 0002-Make-sure-multi-line-value-can-be-parsed.patch
>
>
> This is a valid krb5.conf (MIT style):
>  
> {code:java}
> [libdefaults]
>    default_realm = EXAMPLE.COM
> [realms]
>         EXAMPLE.COM = {
>                 kdc = localhost:88
>                 auth_to_local = {
>                     RULE:[2:$1](johndoe)s/^.*$/guest/
>                     RULE:[2:$1;$2](^.*;admin$)s/;admin$//
>                     RULE:[2:$2](root)
>                     DEFAULT
>                 }
>        }
> {code}
> It fails with a "java.lang.IndexOutOfBoundsException : Invalid array range: 1 
> to 1" as it doesn't understand that values can be multi-line between "{}".
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to