[GitHub] [solr] madrob commented on a change in pull request #575: SOLR-15961: Only consider the number in the SolrAuth header a timestamp if it's between a valid range of digits

GitBox Fri, 28 Jan 2022 15:21:42 -0800


madrob commented on a change in pull request #575:
URL: https://github.com/apache/solr/pull/575#discussion_r794949342




##########
File path: 
solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
##########
@@ -187,7 +198,7 @@ private static PKIHeaderData parseCipher(String cipher, 
PublicKey key) {
     }
     String s = new String(bytes, UTF_8).trim();
     int splitPoint = s.lastIndexOf(' ');
-    if (splitPoint == -1) {
+    if (splitPoint == -1 || s.length() - 1 - splitPoint < MIN_TIMESTAMP_DIGITS 
|| s.length() - 1 - splitPoint > MAX_TIMESTAMP_DIGITS) {

Review comment:
       For clarity let's store length-1-splitPoint as a variable?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[GitHub] [solr] madrob commented on a change in pull request #575: SOLR-15961: Only consider the number in the SolrAuth header a timestamp if it's between a valid range of digits

Reply via email to