Author: jim
Date: Tue Jul 10 16:12:46 2012
New Revision: 1359751
URL: http://svn.apache.org/viewvc?rev=1359751&view=rev
Log:
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53050
Fix XOR arithmetics and charset issue when calculating entropy to
initialize random numbers generator in session manager. Based on
proposal by Andras Rozsa.
https://issues.apache.org/bugzilla/attachment.cgi?id=28895
+1: kkolinko, schultz, jim
-1:
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1359751&r1=1359750&r2=1359751&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Tue Jul 10 16:12:46 2012
@@ -24,13 +24,6 @@ $Id$
PATCHES ACCEPTED TO BACKPORT FROM TRUNK/OTHER:
[ start all new proposals below, under PATCHES PROPOSED. ]
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53050
- Fix XOR arithmetics and charset issue when calculating entropy to
- initialize random numbers generator in session manager. Based on
- proposal by Andras Rozsa.
- https://issues.apache.org/bugzilla/attachment.cgi?id=28895
- +1: kkolinko, schultz, jim
- -1:
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
Modified:
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java?rev=1359751&r1=1359750&r2=1359751&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java
(original)
+++
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java
Tue Jul 10 16:12:46 2012
@@ -25,6 +25,7 @@ import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.MessageDigest;
@@ -396,7 +397,12 @@ public abstract class ManagerBase implem
// Ignore
}
if (apr) {
- setEntropy(new String(result));
+ try {
+ setEntropy(new String(result, "ISO-8859-1"));
+ } catch (UnsupportedEncodingException ux) {
+ // ISO-8859-1 should always be supported
+ throw new Error(ux);
+ }
} else {
setEntropy(this.toString());
}
@@ -561,7 +567,7 @@ public abstract class ManagerBase implem
long t1 = seed;
char entropy[] = getEntropy().toCharArray();
for (int i = 0; i < entropy.length; i++) {
- long update = ((byte) entropy[i]) << ((i % 8) * 8);
+ long update = ((long) entropy[i]) << ((i % 8) * 8);
seed ^= update;
}
try {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
