From 9040300eec29e8427a3f35a0ab227f14766b6fc0 Mon Sep 17 00:00:00 2001
From: Ludovic Poitou <ludovic.poitou@forgerock.com>
Date: Sun, 21 Nov 2010 19:35:53 +0000
Subject: [PATCH] Update code to log a message when the base64 decoded password is smaller than expected (salt length is zero or less). Provide basic test for SHA384, and minor updates.

---
 opendj-sdk/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java b/opendj-sdk/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java
index 8065641..8e553a9 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java
@@ -283,6 +283,14 @@
       byte[] decodedBytes = Base64.decode(storedPassword.toString());
 
       saltLength = decodedBytes.length - SHA512_LENGTH;
+      if (saltLength <= 0)
+      {
+        Message message =
+          ERR_PWSCHEME_INVALID_BASE64_DECODED_STORED_PASSWORD.get(
+          storedPassword.toString());
+        ErrorLogger.logError(message);
+        return false;
+      }
       saltBytes = new byte[saltLength];
       System.arraycopy(decodedBytes, 0, digestBytes, 0, SHA512_LENGTH);
       System.arraycopy(decodedBytes, SHA512_LENGTH, saltBytes, 0,

--
Gitblit v1.10.0