Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 2.0.5
    • Fix Version/s: 3.0.0.RC2
    • Component/s: ACLs
    • Labels:
      None

      Description

      In AclImpl#verifyAceIndexExists(...)
      I think this is an "off by one" bug. I may be wrong but shouldn't
      this:

      if (aceIndex > this.aces.size())

      { throw new NotFoundException("aceIndex must correctly refer to an index of the AccessControlEntry collection"); }

      be this:

      if (aceIndex > this.aces.size() - 1) { throw new NotFoundException("aceIndex must correctly refer to an index of the AccessControlEntry collection"); }

      Since I'm getting the exception but wondered how it passed verifyAceIndexExists?:

      eption Handler execution resulted in exception - forwarding to resolved error view
      java.lang.IndexOutOfBoundsException: Index: 2, Size: 2
      at java.util.ArrayList.RangeCheck(ArrayList.java:572)
      at java.util.ArrayList.remove(ArrayList.java:415)
      at org.springframework.security.acls.domain.AclImpl.deleteAce(AclImpl.java:131)
      at com.acme.app.springframework.security.AclSecurityServiceImpl.replaceUserPermissions(AclSecurityServiceImpl.jav

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          Appears to already be fixed as SEC-1151

          Show
          Luke Taylor added a comment - Appears to already be fixed as SEC-1151

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Tim
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: