(tomcat) branch 10.1.x updated: Fix regression in SPNEGO authenticator when processing Base64

Wed, 29 May 2024 08:00:37 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new b8ece8725f Fix regression in SPNEGO authenticator when processing 
Base64
b8ece8725f is described below

commit b8ece8725f746e2273536e87818d3fc03d428554
Author: remm <r...@apache.org>
AuthorDate: Wed May 29 16:58:16 2024 +0200

    Fix regression in SPNEGO authenticator when processing Base64
    
    BZ 69066
    Submitted by Daniel Lyko
---
 java/org/apache/catalina/authenticator/SpnegoAuthenticator.java | 3 ++-
 webapps/docs/changelog.xml                                      | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 
b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
index 874ef310d0..c314f5d893 100644
--- a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
@@ -167,7 +167,8 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
         authorizationBC.setStart(authorizationBC.getStart() + 10);
 
         byte[] encoded = new byte[authorizationBC.getLength()];
-        System.arraycopy(authorizationBC.getBuffer(), 0, encoded, 0, 
authorizationBC.getLength());
+        System.arraycopy(authorizationBC.getBuffer(), 
authorizationBC.getStart(),
+                encoded, 0, authorizationBC.getLength());
         byte[] decoded = Base64.getDecoder().decode(encoded);
 
         if (getApplyJava8u40Fix()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5a644959bb..777b0e9598 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -114,6 +114,10 @@
         Deprecate the <code>WebdavFixFilter</code> as it is no longer required.
         (markt)
       </scode>
+      <fix>
+        <bug>69066</bug>: Fix regression in SPNEGO authenticator when
+        processing Base64. Submitted by Daniel Lyko. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to