-
Bug
-
Resolution: Fixed
-
P3
-
1.4.1
-
None
-
mantis
-
generic
-
generic
-
Verified
Empty AVA values are not handled correctly. For example,
X500Principal p = new X500Principal("cn=");
System.out.println(p);
produces this stacktrace:
Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.StringBuffer.charAt(StringBuffer.java:274)
at sun.security.x509.AVA.toKeywordValueString(AVA.java:1002)
at sun.security.x509.AVA.toString(AVA.java:570)
at sun.security.x509.RDN.toString(X500Name.java:1651)
at sun.security.x509.X500Name.generateDN(X500Name.java:966)
at sun.security.x509.X500Name.toString(X500Name.java:547)
at javax.security.auth.x500.X500Principal.toString(X500Principal.java:329)
at java.lang.String.valueOf(String.java:2177)
at java.io.PrintStream.print(PrintStream.java:462)
at java.io.PrintStream.println(PrintStream.java:599)
at Test.main(Test.java:12)
This is an issue to X500Principal.toString() and X500Principal.toString("RFC1779") but not for the RFC2253 or the CANONICAL form. Therefore, this problem affects mostly debug output and should not be a problem for most applications.
However, it also appears that empty values are invalid per X.500. This means if we want to be strict, we should reject such values when parsing.
This problem was discovered when examining 4720736, certificate attached.
X500Principal p = new X500Principal("cn=");
System.out.println(p);
produces this stacktrace:
Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.StringBuffer.charAt(StringBuffer.java:274)
at sun.security.x509.AVA.toKeywordValueString(AVA.java:1002)
at sun.security.x509.AVA.toString(AVA.java:570)
at sun.security.x509.RDN.toString(X500Name.java:1651)
at sun.security.x509.X500Name.generateDN(X500Name.java:966)
at sun.security.x509.X500Name.toString(X500Name.java:547)
at javax.security.auth.x500.X500Principal.toString(X500Principal.java:329)
at java.lang.String.valueOf(String.java:2177)
at java.io.PrintStream.print(PrintStream.java:462)
at java.io.PrintStream.println(PrintStream.java:599)
at Test.main(Test.java:12)
This is an issue to X500Principal.toString() and X500Principal.toString("RFC1779") but not for the RFC2253 or the CANONICAL form. Therefore, this problem affects mostly debug output and should not be a problem for most applications.
However, it also appears that empty values are invalid per X.500. This means if we want to be strict, we should reject such values when parsing.
This problem was discovered when examining 4720736, certificate attached.
- relates to
-
-
- Closed
-