honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove unnecessary String creation from password char[] (elastic/x-pack-elasticsearch#713) 

This commit removes an unnecessary String creation from the char[] of a password and instead uses
a byte[] that is cleared after it is used to prevent the password bytes from sticking around in
memory longer than required.

Original commit: elastic/x-pack-elasticsearch@1154a68965
This commit is contained in:
Jay Modi 2017-03-13 18:50:48 -07:00 committed by GitHub
parent db48e92f54
commit 8df7a82435
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plugin/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactory.java
View File

@ -171,11 +171,14 @@ class LdapUserSearchSessionFactory extends SessionFactory {
listener.onResponse(null); listener.onResponse(null);
} else { } else {
final String dn = entry.getDN(); final String dn = entry.getDN();
final byte[] passwordBytes = CharArrays.toUtf8Bytes(password.internalChars());
try { try {
LdapUtils.privilegedConnect(() -> connectionPool.bindAndRevertAuthentication(dn, new String(password.internalChars()))); LdapUtils.privilegedConnect(() -> connectionPool.bindAndRevertAuthentication(new SimpleBindRequest(dn, passwordBytes)));
listener.onResponse(new LdapSession(logger, connectionPool, dn, groupResolver, timeout, entry.getAttributes())); listener.onResponse(new LdapSession(logger, connectionPool, dn, groupResolver, timeout, entry.getAttributes()));
} catch (LDAPException e) { } catch (LDAPException e) {
listener.onFailure(e); listener.onFailure(e);
} finally {
Arrays.fill(passwordBytes, (byte) 0);
} }
} }
}, listener::onFailure)); }, listener::onFailure));