Author: kkolinko
Date: Sat Jun 23 11:54:19 2012
New Revision: 1353112
URL: http://svn.apache.org/viewvc?rev=1353112&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53050
Fix XOR arithmetics and charset issue when calculating entropy to
initialize random numbers generator in session manager. Based on
proposal by Andras Rozsa.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1353112&r1=1353111&r2=1353112&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Jun 23 11:54:19 2012
@@ -152,14 +152,6 @@ PATCHES PROPOSED TO BACKPORT:
to TC6. As a minimum, the WebappClassLoader needs the changes
from
r1201555 before this patch is applied
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53050
- Fix XOR arithmetics and charset issue when calculating entropy to
- initialize random numbers generator in session manager. Based on
- proposal by Andras Rozsa.
- https://issues.apache.org/bugzilla/attachment.cgi?id=28894
- +1: kkolinko, schultz, markt
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53032
Make JspC extend o.a.tools.ant.Task so it works with namespaces
http://svn.apache.org/viewvc?rev=1346644&view=rev
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java?rev=1353112&r1=1353111&r2=1353112&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java Sat
Jun 23 11:54:19 2012
@@ -25,6 +25,7 @@ import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.MessageDigest;
@@ -416,7 +417,12 @@ public abstract class ManagerBase implem
// Ignore
}
if (apr) {
- setEntropy(new String(result));
+ try {
+ setEntropy(new String(result, "ISO-8859-1"));
+ } catch (UnsupportedEncodingException ux) {
+ // ISO-8859-1 should always be supported
+ throw new Error(ux);
+ }
} else {
setEntropy(this.toString());
}
@@ -580,7 +586,7 @@ public abstract class ManagerBase implem
long t1 = seed;
char entropy[] = getEntropy().toCharArray();
for (int i = 0; i < entropy.length; i++) {
- long update = ((byte) entropy[i]) << ((i % 8) * 8);
+ long update = ((long) entropy[i]) << ((i % 8) * 8);
seed ^= update;
}
try {
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1353112&r1=1353111&r2=1353112&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Jun 23 11:54:19 2012
@@ -119,6 +119,11 @@
that checks for non-permitted classes in web application JARs. (markt)
</fix>
<fix>
+ <bug>53050</bug>: Fix handling of entropy value when initializing
+ session id generator in session manager. Based on proposal by
+ Andras Rozsa. (kkolinko)
+ </fix>
+ <fix>
<bug>53056</bug>: Add APR version number to tcnative version INFO log
message. (schultz)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
