On 4/9/12 1:23 PM, Caldarale, Charles R wrote:
From: Christopher Schultz [mailto:chr...@christopherschultz.net]
Subject: Re: Tomcat 6 org.apache.catalina.session.ManagerBase issue
Line 567: long update = ((byte) entropy[i]) << ((i % 8) * 8);
2. 'i' is reduced by the modulus operator to 0..7
And then multiplied by 8.
3. Thus, the value of entropy[i] is never left-shifted more than 7 bits
No, it's left shifted between 0 and 56 bits (maintaining byte
alignment). Information is lost.
Rrr. Duh. In fact, the upper 3 bytes of the entropy are lost, which is
quite a bit. This definitely should be cast to long at some point before
the << occurs.
Andros, please log a bug report in Bugzilla: