MapEntries::setByteField() truncates long strings

purejava / kdewallet

A Java library for storing secrets on linux in a KDE wallet over D-Bus

MIT License

13 stars 1 forks source link

MapEntries::setByteField() truncates long strings #4

Closed KJarek closed 2 years ago

KJarek commented 2 years ago

Hi,

MapEntries::setByteField() truncates long strings, it seems there is a problem with deserialization of the initial word containing string length, my guess is because the Java byte type is signed.

Please see the attached JBang PoC:

Written:    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Read:       
Equals:     false

purejava commented 2 years ago

Hi, @KJarek, thank you very much for reporting this issue and providing a PoC!

You are right: the problem was, that the conversion for bytes back to integers did not take care of the fact that bytes are signed.

I'll release an update of kdewallet that contains the fix.