[ http://issues.apache.org/jira/browse/DERBY-746?page=all ]
Kristian Waagan reassigned DERBY-746: ------------------------------------- Assign To: Kristian Waagan > NullPointerException when 'encryptionKey' length is an odd number, or it > contains invalid chars > ----------------------------------------------------------------------------------------------- > > Key: DERBY-746 > URL: http://issues.apache.org/jira/browse/DERBY-746 > Project: Derby > Type: Bug > Components: Security > Versions: 10.2.0.0, 10.1.1.2, 10.1.2.1, 10.1.3.0, 10.1.2.2 > Environment: All environments. > Reporter: Kristian Waagan > Assignee: Kristian Waagan > Priority: Minor > > When booting/creating an encrypted database, a NullPointerException is thrown > if the length of the connection string attribute 'encryptionKey' is an odd > number, or the encryption key contains invalid characters for hexadecimal > numbers (char not in the set [0-9a-fA-F]). > The reason for the exception being thrown, is that the method > 'iapi.util.StringUtil.fromHexString(String, int, int)' returns null for the > cases described above. The code calling the method in > 'JCECipherFactory.boot(boolean, Properties)' does not check that the return > value is not null. > A related trivial issue is that 'fromHexString' does not allow the caller to > see the distinction between a string with invalid length and a string > containing invalid characters (both cases return null). > [To reproduce] > (connection string copied from test 'store/encryptionKey.sql' and then > modified) > Supply the following connection string, for instance in ij: > connect > 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656'; > (deleted the last digit in the encryption key) > 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656X'; > (replaced last digit with an X) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira