Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-746

NullPointerException when 'encryptionKey' length is an odd number, or it contains invalid chars

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 10.1.2.1, 10.1.3.1, 10.2.1.6
    • Fix Version/s: 10.1.3.1, 10.2.1.6
    • Component/s: None
    • Labels:
      None
    • Environment:
      All environments.
    • Bug behavior facts:
      Security

      Description

      When booting/creating an encrypted database, a NullPointerException is thrown if the length of the connection string attribute 'encryptionKey' is an odd number, or the encryption key contains invalid characters for hexadecimal numbers (char not in the set [0-9a-fA-F]).

      The reason for the exception being thrown, is that the method 'iapi.util.StringUtil.fromHexString(String, int, int)' returns null for the cases described above. The code calling the method in 'JCECipherFactory.boot(boolean, Properties)' does not check that the return value is not null.

      A related trivial issue is that 'fromHexString' does not allow the caller to see the distinction between a string with invalid length and a string containing invalid characters (both cases return null).

      [To reproduce]
      (connection string copied from test 'store/encryptionKey.sql' and then modified)
      Supply the following connection string, for instance in ij:
      connect 'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656';
      (deleted the last digit in the encryption key)
      'jdbc:derby:encdbcbc_key;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768696162636465656X';
      (replaced last digit with an X)

        Attachments

        1. derby-746a.diff
          2 kB
          Kristian Waagan
        2. derby-746a.stat
          0.2 kB
          Kristian Waagan
        3. derby-746.diff
          6 kB
          Kristian Waagan
        4. derby-746.stat
          0.4 kB
          Kristian Waagan

          Activity

            People

            • Assignee:
              kristwaa Kristian Waagan
              Reporter:
              kristwaa Kristian Waagan
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: