[jira] [Created] (OAK-7228) Potential long overflow in MountPermissionProvider.getNumEntries

angela (JIRA) Wed, 31 Jan 2018 07:38:21 -0800

angela created OAK-7228:
---------------------------

             Summary: Potential long overflow in 
MountPermissionProvider.getNumEntries 
                 Key: OAK-7228
                 URL: https://issues.apache.org/jira/browse/OAK-7228
             Project: Jackrabbit Oak
          Issue Type: Bug
          Components: core, security
            Reporter: angela



[~stillalex], just came across {{MountPermissionProvider.getNumEntries}}, which 
looks as follows:

{code}
@Override
        public long getNumEntries(String principalName, long max) {
            long num = 0;
            for (PermissionStoreImpl store : stores) {
                num += store.getNumEntries(principalName, max);
                if (num >= max) {
                    break;
                }
            }
            return num;
        }
{code}

If I am not mistaken this may lead to long overflow similar to the one we 
spotted it in {{PermissionEntryProviderImpl.init}}.

Proposed (but untested fix) could look as follows:

{code}
@Override
        public long getNumEntries(String principalName, long max) {
            long num = 0;
            for (PermissionStoreImpl store : stores) {
                num = LongUtils.safeAdd(num, store.getNumEntries(principalName, 
max))
                if (num >= max) {
                    break;
                }
            }
            return num;
        }
{code}




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (OAK-7228) Potential long overflow in MountPermissionProvider.getNumEntries

Reply via email to