From 9582291a9ff7961af7a4ed579a76dc3db3cae66e Mon Sep 17 00:00:00 2001
From: Ludovic Poitou <ludovic.poitou@forgerock.com>
Date: Sun, 21 Nov 2010 19:35:53 +0000
Subject: [PATCH] Update code to log a message when the base64 decoded password is smaller than expected (salt length is zero or less). Provide basic test for SHA384, and minor updates.

---
 opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java
index e986365..49bd575 100644
--- a/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2006-2010 Sun Microsystems, Inc.
+ *      Portions Copyright 2010 ForgeRock AS.
  */
 package org.opends.server.extensions;
 
@@ -278,6 +279,14 @@
       byte[] decodedBytes = Base64.decode(storedPassword.toString());
 
       saltLength = decodedBytes.length - SHA1_LENGTH;
+      if (saltLength <= 0)
+      {
+        Message message =
+          ERR_PWSCHEME_INVALID_BASE64_DECODED_STORED_PASSWORD.get(
+          storedPassword.toString());
+        ErrorLogger.logError(message);
+        return false;
+      }
       saltBytes = new byte[saltLength];
       System.arraycopy(decodedBytes, 0, digestBytes, 0, SHA1_LENGTH);
       System.arraycopy(decodedBytes, SHA1_LENGTH, saltBytes, 0,

--
Gitblit v1.10.0