pdb icon indicating copy to clipboard operation
pdb copied to clipboard
verified publisher icon feedzai

Truncating an MD5 hash might fail

Open afsmeira opened this issue 9 years ago • 2 comments

When truncating an MD5 hash to a specific number of chars, it is not validated if the number of chars is larger than the hash itself. Since we are using substring to truncate the hash, this will cause an IndexOutOfBoundsException. See substring documentation.

Reproducing this issue is fairly easy: just configure PDB property maxIdentifierSize to a value larger than 32.

If I have a little spare time I will submit a PR for this.

afsmeira avatar Feb 23 '16 15:02 afsmeira

Keep in mind that the thing that needs to be protected is the substring operation itself and not allowing more characters by default since it will fail on some database vendors that do not support more than 30 chars for example.

rpvilao-gymondo avatar Feb 23 '16 15:02 rpvilao-gymondo

PDB already depends on commons-lang, so using org.apache.commons.lang.StringUtils#substring would solve the exception but wouldn't match the expectation of having a larger maxIdentifierSize.

defer avatar Feb 23 '16 15:02 defer