commit fd345be4e7b2cb5825092ce6b39bfb75b0d3ea9c
author Jim Jagielski <jim@apache.org> Tue Jul 10 16:12:46 2012 +0000
committer Jim Jagielski <jim@apache.org> Tue Jul 10 16:12:46 2012 +0000
tree 10f52afb5d3d20208960d4da399e58da71e7006d
parent d44aef413d2aebadcbfcbe5c02cc8d186f6eebb7

* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53050
  Fix XOR arithmetics and charset issue when calculating entropy to
  initialize random numbers generator in session manager. Based on
  proposal by Andras Rozsa.
  https://issues.apache.org/bugzilla/attachment.cgi?id=28895
  +1: kkolinko, schultz, jim
  -1:



git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc5.5.x/trunk@1359751 13f79535-47bb-0310-9956-ffa450edef68

STATUS.txt

diff --git a/STATUS.txt b/STATUS.txt
index 346d1af..f0a6bad 100644
--- a/STATUS.txt
+++ b/STATUS.txt
@@ -24,13 +24,6 @@
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK/OTHER:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53050
-  Fix XOR arithmetics and charset issue when calculating entropy to
-  initialize random numbers generator in session manager. Based on
-  proposal by Andras Rozsa.
-  https://issues.apache.org/bugzilla/attachment.cgi?id=28895
-  +1: kkolinko, schultz, jim
-  -1:
 
 PATCHES PROPOSED TO BACKPORT:
   [ New proposals should be added at the end of the list ]

container/catalina/src/share/org/apache/catalina/session/ManagerBase.java

diff --git a/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java b/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java
index ec08b70..97e6261 100644
--- a/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java
+++ b/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java
@@ -25,6 +25,7 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.lang.reflect.Method;
 import java.security.AccessController;
 import java.security.MessageDigest;
@@ -396,7 +397,12 @@
                 // Ignore
             }
             if (apr) {
-                setEntropy(new String(result));
+                try {
+                    setEntropy(new String(result, "ISO-8859-1"));
+                } catch (UnsupportedEncodingException ux) {
+                    // ISO-8859-1 should always be supported
+                    throw new Error(ux);
+                }
             } else {
                 setEntropy(this.toString());
             }
@@ -561,7 +567,7 @@
             long t1 = seed;
             char entropy[] = getEntropy().toCharArray();
             for (int i = 0; i < entropy.length; i++) {
-                long update = ((byte) entropy[i]) << ((i % 8) * 8);
+                long update = ((long) entropy[i]) << ((i % 8) * 8);
                 seed ^= update;
             }
             try {