Bug 53050 - org.apache.catalina.session.ManagerBase has issues with update the seed (initialized to System.currentTimeMillis()), since only the 32 least significant bits are changed by the XOR.
org.apache.catalina.session.ManagerBase has issues with update the seed (init...
Status: RESOLVED FIXED
Product: Tomcat 5
Classification: Unclassified
Component: Catalina
5.5.35
PC Windows Vista
: P2 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2012-04-09 18:08 UTC by Andras Rozsa
Modified: 2012-10-01 08:35 UTC (History)
1 user (show)



Attachments
2012-06-05_tc6_53050_ManagerBase.patch (1.36 KB, patch)
2012-06-05 20:42 UTC, Konstantin Kolinko
Details | Diff
2012-06-05_tc55_53050_ManagerBase.patch (1.43 KB, patch)
2012-06-05 20:43 UTC, Konstantin Kolinko
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andras Rozsa 2012-04-09 18:08:03 UTC
Line 563: long seed = System.currentTimeMillis();
...
Line 567: long update = ((byte) entropy[i]) << ((i % 8) * 8);
Line 568: seed ^= update;

The byte-cast in Line 567 should be replaced by a long-cast.

With the byte-cast of entropy[i] the long update becomes a 32-bit int, so the 32 most significant bits of the seed will not be updated by the XOR in Line 568.
Comment 1 Christopher Schultz 2012-04-10 17:44:44 UTC
For reference, a short discussion on the dev list:
http://markmail.org/thread/r7kvsx3epauzw5qq
Comment 2 Konstantin Kolinko 2012-06-05 20:42:41 UTC
Created attachment 28894 [details]
2012-06-05_tc6_53050_ManagerBase.patch

Patch to be proposed for Tomcat 6.0
Comment 3 Konstantin Kolinko 2012-06-05 20:43:09 UTC
Created attachment 28895 [details]
2012-06-05_tc55_53050_ManagerBase.patch

Patch to be proposed for Tomcat 5.5
Comment 4 Konstantin Kolinko 2012-06-05 20:57:01 UTC
Proposed for 6.0 and 5.5.
Comment 5 Konstantin Kolinko 2012-06-23 11:56:08 UTC
Fixed in 6.0 with r1353112 and will be in 6.0.36.

I am reassigning this issue from 6.0.24 to 5.5.
Comment 6 Mark Thomas 2012-10-01 08:35:29 UTC
This was fixed some time ago in 5.5.x (r1359751) and will be included in 5.5.36 onwards.