(tomcat) branch 9.0.x updated: Fix regression in SPNEGO authenticator when processing Base64

Wed, 29 May 2024 08:00:41 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new a569ee3323 Fix regression in SPNEGO authenticator when processing 
Base64
a569ee3323 is described below

commit a569ee33234925bd4443772fbe7f0052866d76ea
Author: remm <[email protected]>
AuthorDate: Wed May 29 16:58:16 2024 +0200

    Fix regression in SPNEGO authenticator when processing Base64
    
    BZ 69066
    Submitted by Daniel Lyko
---
 java/org/apache/catalina/authenticator/SpnegoAuthenticator.java | 3 ++-
 webapps/docs/changelog.xml                                      | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 
b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
index 4678cf1326..56ba47a864 100644
--- a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
@@ -166,7 +166,8 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
         authorizationBC.setStart(authorizationBC.getStart() + 10);
 
         byte[] encoded = new byte[authorizationBC.getLength()];
-        System.arraycopy(authorizationBC.getBuffer(), 0, encoded, 0, 
authorizationBC.getLength());
+        System.arraycopy(authorizationBC.getBuffer(), 
authorizationBC.getStart(),
+                encoded, 0, authorizationBC.getLength());
         byte[] decoded = Base64.getDecoder().decode(encoded);
 
         if (getApplyJava8u40Fix()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 31a03720b3..1cca834da8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -114,6 +114,10 @@
         Deprecate the <code>WebdavFixFilter</code> as it is no longer required.
         (markt)
       </scode>
+      <fix>
+        <bug>69066</bug>: Fix regression in SPNEGO authenticator when
+        processing Base64. Submitted by Daniel Lyko. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to