[
https://issues.apache.org/jira/browse/OAK-7228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela updated OAK-7228:
------------------------
Description:
[~stillalex], just came across {{MountPermissionProvider.getNumEntries}}, which
looks as follows:
{code}
@Override
public long getNumEntries(String principalName, long max) {
long num = 0;
for (PermissionStoreImpl store : stores) {
num += store.getNumEntries(principalName, max);
if (num >= max) {
break;
}
}
return num;
}
{code}
If I am not mistaken this may lead to long overflow similar to the one we
spotted it in {{PermissionEntryProviderImpl.init}}.
Proposed (but untested fix) could look as follows:
{code}
@Override
public long getNumEntries(String principalName, long max) {
long num = 0;
for (PermissionStoreImpl store : stores) {
num = LongUtils.safeAdd(num, store.getNumEntries(principalName,
max))
if (num >= max) {
break;
}
}
return num;
}
{code}
wdyt?
was:
[~stillalex], just came across {{MountPermissionProvider.getNumEntries}}, which
looks as follows:
{code}
@Override
public long getNumEntries(String principalName, long max) {
long num = 0;
for (PermissionStoreImpl store : stores) {
num += store.getNumEntries(principalName, max);
if (num >= max) {
break;
}
}
return num;
}
{code}
If I am not mistaken this may lead to long overflow similar to the one we
spotted it in {{PermissionEntryProviderImpl.init}}.
Proposed (but untested fix) could look as follows:
{code}
@Override
public long getNumEntries(String principalName, long max) {
long num = 0;
for (PermissionStoreImpl store : stores) {
num = LongUtils.safeAdd(num, store.getNumEntries(principalName,
max))
if (num >= max) {
break;
}
}
return num;
}
{code}
> Potential long overflow in MountPermissionProvider.getNumEntries
> -----------------------------------------------------------------
>
> Key: OAK-7228
> URL: https://issues.apache.org/jira/browse/OAK-7228
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core, security
> Reporter: angela
> Priority: Major
>
> [~stillalex], just came across {{MountPermissionProvider.getNumEntries}},
> which looks as follows:
> {code}
> @Override
> public long getNumEntries(String principalName, long max) {
> long num = 0;
> for (PermissionStoreImpl store : stores) {
> num += store.getNumEntries(principalName, max);
> if (num >= max) {
> break;
> }
> }
> return num;
> }
> {code}
> If I am not mistaken this may lead to long overflow similar to the one we
> spotted it in {{PermissionEntryProviderImpl.init}}.
> Proposed (but untested fix) could look as follows:
> {code}
> @Override
> public long getNumEntries(String principalName, long max) {
> long num = 0;
> for (PermissionStoreImpl store : stores) {
> num = LongUtils.safeAdd(num,
> store.getNumEntries(principalName, max))
> if (num >= max) {
> break;
> }
> }
> return num;
> }
> {code}
> wdyt?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
