JDK-5109882 : Usage Limitation: Quotes included in RDN components are not escaped
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 1.4.2
- Priority: P4
- Status: Resolved
- Resolution: Fixed
- OS: windows_xp
- CPU: x86
- Submitted: 2004-10-01
- Updated: 2004-12-17
- Resolved: 2004-12-17
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 6 |
|---|
6 betaFixed  |
Related Reports
|
Relates :
|
Description
Name: js151677 Date: 10/01/2004 FULL PRODUCT VERSION : java version "1.4.2_05" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_05-b04) Java HotSpot(TM) Client VM (build 1.4.2_05-b04, mixed mode) ADDITIONAL OS VERSION INFORMATION : Microsoft Windows XP [Version 5.1.2600] A DESCRIPTION OF THE PROBLEM : When using X500Principal, the output with a RDN containing double quotes are not correctly escaped in RFC1779 format. In most cases, using formats other than RFC1779 will do enough. But when using Microsoft crypto API, the issuer's subject must be in RFC1779 format. So in some cases, this will cause a slight problem. Since, a double quote will not be included in DN's so often, this is not a big problem. STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : First, create an instance of X500Principal using a DN in RFC2253 format, such as CN=SPECIAL CHARS,OU=\#\"\,\<\>\+\;,O=foo, L=bar, ST=baz, C=JP Then, convert the form into RFC1779 format using getName(X500Principal.RFC1779); The output should be CN=SPECIAL CHARS,OU="#\",<>+;",O=foo, L=bar, ST=baz, C=JP but, the double quote in the OU component is not escaped, and will show as CN=SPECIAL CHARS,OU="#",<>+;",O=foo, L=bar, ST=baz, C=JP EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - CN=SPECIAL CHARS,OU="#\",<>+;",O=foo, L=bar, ST=baz, C=JP ACTUAL - CN=SPECIAL CHARS,OU="#",<>+;",O=foo, L=bar, ST=baz, C=JP REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- String aDNString = "CN=SPECIAL CHARS,OU=\\#\\\"\\,\\<\\>\\+\\;,O=foo, L=bar, ST=baz, C=JP"; X500Principal principal = new X500Principal(aDNString); System.out.println(principal.getName(X500Principal.RFC1779)); ---------- END SOURCE ---------- (Incident Review ID: 310624) ======================================================================
Comments
|