erdbeerschnitzel

ELFlash sometimes throws ArrayIndexOutOfBoundsException if cookie contains invalid values

1

JSF-Version 2.2.18 The Flash cookie ("csfcfc") with value '7aXBAow%3D' can result in: ``` java.lang.ArrayIndexOutOfBoundsException: null -- at java.lang.System.arraycopy(Native Method) at com.sun.faces.util.ByteArrayGuardAESCTR.decrypt(ByteArrayGuardAESCTR.java:158) at com.sun.faces.context.flash.ELFlash$PreviousNextFlashInfoManager.decode(ELFlash.java:1414) at com.sun.faces.context.flash.ELFlash.getCurrentFlashManager(ELFlash.java:1235) at com.sun.faces.context.flash.ELFlash.doPrePhaseActions(ELFlash.java:619) at com.sun.faces.lifecycle.Phase.handleBeforePhase(Phase.java:215) at...

X500NameTokenizer does not parse certificates containing DN with escaped quotes

1

I guess, due to this code https://github.com/bcgit/bc-java/blob/8ca7bbd856c4077af0150070a9191d47c63f964e/core/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java#L61 a certificate with a DN containing escaped quotes can't be parsed correctly. Example DN (part of it): Wohnungsbaugenossenschaft "Humboldt-Universität" eG openssl output: Subject:...