[
https://issues.apache.org/jira/browse/DIRKRB-730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16734650#comment-16734650
]
Stefan Seelmann commented on DIRKRB-730:
----------------------------------------
I still found some easy ways to break it, parsing is not fun :)
If the first line is a comment or an empty line an OutOfBounds exception is
thrown, for example:
{code}
auth_to_local = {
# comment (or empty line) in first line
RULE:[2:$1](johndoe)s/^.*$/guest/
RULE:[2:$1;$2](^.*;admin$)s/;admin$//
RULE:[2:$2](^.*;root)s/^.*$/root/
DEFAULT
}
{code}
If there is a comment or empty line with *leading* spaces it is not ignored but
added to the result list. Is that intended? Seems some trim() is missing (which
then would lead to the next issue)?
{code}
auth_to_local = {
RULE:[2:$1](johndoe)s/^.*$/guest/
RULE:[2:$1;$2](^.*;admin$)s/;admin$//
# comment with leading spaces (or just some whitespace)
RULE:[2:$2](^.*;root)s/^.*$/root/
DEFAULT
}
{code}
If there is a comment or empty line without leading spaces it runs into an
infinite loop:
{code}
auth_to_local = {
RULE:[2:$1](johndoe)s/^.*$/guest/
RULE:[2:$1;$2](^.*;admin$)s/;admin$//
# comment without leading space
RULE:[2:$2](^.*;root)s/^.*$/root/
DEFAULT
}
{code}
I don't know if comments and/or empty lines are at all allowed in such a
multi-line block, but then parsing should fail. I didn't find a specification
for the format, does one exist? I only found the example here:
https://web.mit.edu/Kerberos/krb5-1.16/doc/admin/conf_files/krb5_conf.html#realms
> Unable to parse krb5.conf rules due to java.lang.IndexOutOfBoundsException
> --------------------------------------------------------------------------
>
> Key: DIRKRB-730
> URL: https://issues.apache.org/jira/browse/DIRKRB-730
> Project: Directory Kerberos
> Issue Type: Bug
> Affects Versions: 1.1.1
> Reporter: Bolke de Bruin
> Priority: Major
> Attachments: 0001-Make-sure-multi-line-value-can-be-parsed.patch,
> 0002-Make-sure-multi-line-value-can-be-parsed.patch
>
>
> This is a valid krb5.conf (MIT style):
>
> {code:java}
> [libdefaults]
> default_realm = EXAMPLE.COM
> [realms]
> EXAMPLE.COM = {
> kdc = localhost:88
> auth_to_local = {
> RULE:[2:$1](johndoe)s/^.*$/guest/
> RULE:[2:$1;$2](^.*;admin$)s/;admin$//
> RULE:[2:$2](root)
> DEFAULT
> }
> }
> {code}
> It fails with a "java.lang.IndexOutOfBoundsException : Invalid array range: 1
> to 1" as it doesn't understand that values can be multi-line between "{}".
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
