Bug 1432440

Summary: [GSS](6.4.z) The username is not getting parsed properly in the method getUsername() of LdapExtLoginModule which results in StringIndexOutOfBoundsException .
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: indrajit <iingawal>
Component: SecurityAssignee: Petr Jurak <pjurak>
Status: CLOSED CURRENTRELEASE QA Contact: Josef Cacek <jcacek>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.4.12CC: anmiller, bdawidow, bmaxwell, darran.lofthouse, dhorton, ihradek, jtruhlar, olukas, pjurak, pskopek, rnetuka, rstancel
Target Milestone: CR1Keywords: Regression
Target Release: EAP 6.4.16   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1434171 (view as bug list) Environment:
Last Closed: 2017-06-22 09:18:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1434171, 1434495, 1452022    

Description indrajit 2017-03-15 12:05:10 UTC 
Description of problem:

Getting StringIndexOutOfBoundsException while executing getUsername() of org.jboss.security.auth.spi.LdapExtLoginModule in picketbox-4.1.3.Final-redhat-1.jar .

Version-Release number of selected component (if applicable):


How reproducible:

To reproduce the issue , run below Junit test case.

--------------------------------------------

import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
 
import java.util.HashMap;
import java.util.Map;
 
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
 
public class LDAPUsernameTest {
 
    private static final String PARSE_USERNAME = "parseUsername";
    private static final String USERNAME_BEGIN_STRING = "usernameBeginString";
    private static final String USERNAME_END_STRING = "usernameEndString";
    protected Map options = new HashMap<String, String>();
    protected boolean parseUsername;
    protected String usernameBeginString;
    protected String usernameEndString;
 
    @Before
    public void setUp() throws Exception {
        options.put(PARSE_USERNAME, "true");
        options.put(USERNAME_BEGIN_STRING, "C=XX, O=aaaabbbbccccdddd, CN=");
        options.put(USERNAME_END_STRING, "@aa.xxxxxxx.zz");
    }
 
    @Test
    public void testGetUsername() {
        Assert.assertThat("user1111", is(equalTo(getUsername_4_1_2_Final_redhat_1())));
        Assert.assertThat("user1111", is(equalTo(getUsername_4_1_3_Final_redhat_1())));
    }
 
    protected String getUsername_4_1_2_Final_redhat_1() {
        String username = "C=XX, O=aaaabbbbccccdddd, CN=user1111.zz";// super.getUsername();
        parseUsername = Boolean.valueOf((String) options.get(PARSE_USERNAME));
        if (parseUsername) {
            usernameBeginString = (String) options.get(USERNAME_BEGIN_STRING);
            usernameEndString = (String) options.get(USERNAME_END_STRING);
            int beginIndex = 0;
            if (usernameBeginString != null && !usernameBeginString.equals(""))
                beginIndex = username.indexOf(usernameBeginString) + usernameBeginString.length();
            if (beginIndex == -1) // not allowed. reset
                beginIndex = 0;
            int endIndex = username.length();
            if (usernameEndString != null && !usernameEndString.equals(""))
                endIndex = username.substring(beginIndex).indexOf(usernameEndString);
            if (endIndex == -1) // not allowed. reset
                endIndex = username.length();
            else
                endIndex += beginIndex;
            System.out.println("beginIndex = "+beginIndex +"endIndex ="+endIndex);
            username = username.substring(beginIndex, endIndex);
        }
        return username;
    }
 
    protected String getUsername_4_1_3_Final_redhat_1() {
        String username = "C=XX, O=aaaabbbbccccdddd, CN=user1111.zz";// super.getUsername();
        parseUsername = Boolean.valueOf((String) options.get(PARSE_USERNAME));
        if (parseUsername) {
            usernameBeginString = (String) options.get(USERNAME_BEGIN_STRING);
            usernameEndString = (String) options.get(USERNAME_END_STRING);
            int beginIndex = 0;
            if (usernameBeginString != null && !usernameBeginString.equals(""))
                beginIndex = username.indexOf(usernameBeginString) + usernameBeginString.length();
            if (beginIndex == -1) // not allowed. reset
            {
                beginIndex = 0;
            } else {
                beginIndex += usernameBeginString.length();
            }
 
            if (usernameEndString == null || usernameEndString.equals("")) {
                return username.substring(beginIndex, username.length());
            }
 
            int endIndex = username.indexOf(usernameEndString, beginIndex);
            if (endIndex == -1) { // not allowed. reset
                endIndex = username.length();
            }
            System.out.println("beginIndex = "+beginIndex +"endIndex ="+endIndex);
 
            username = username.substring(beginIndex, endIndex);
        }
        return username;
    }
}
--------------------------------------------

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

However , it is working in picketbox-4.1.2.Final-redhat-1.jar .

Additional info:
Comment 11 Ivo Hradek 2017-06-06 06:42:16 UTC 
Working as expected now, verified with EAP-6.4.16-CP.CR1;

Thanks to @olukas for catching the "missing" part.
Comment 12 Petr Penicka 2017-06-22 09:18:56 UTC 
Released on June 20 2017 as part of the EAP 6.4.16 maintenance release.