From 883e0ec158eec04547da6856dbdaef0a8f640cb0 Mon Sep 17 00:00:00 2001
From: Andrew Wnuk <awnuk@redhat.com>
Date: Thu, 6 Dec 2012 17:02:17 -0800
Subject: number verification

This patch improves number verification.

Bug 864397.
---
 .../src/com/netscape/cms/servlet/cert/DisplayCRL.java      | 14 ++++++++++++--
 base/common/src/com/netscape/cms/servlet/cert/GetCRL.java  | 14 ++++++++++++--
 .../com/netscape/cms/servlet/cert/RequestProcessor.java    |  6 +++++-
 .../src/com/netscape/cms/servlet/request/CheckRequest.java |  2 +-
 4 files changed, 30 insertions(+), 6 deletions(-)

(limited to 'base')

diff --git a/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
index c3a268d14..73b6e8456 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
@@ -316,13 +316,23 @@ public class DisplayCRL extends CMSServlet {
                 String pageSize = req.getParameter("pageSize");
 
                 if (pageStart != null && pageSize != null) {
-                    long lPageStart = new Long(pageStart).longValue();
-                    long lPageSize = new Long(pageSize).longValue();
+                    long lPageStart = 0L;
+                    long lPageSize = 0L;
+                    try {
+                        lPageStart = new Long(pageStart).longValue();
+                    } catch (NumberFormatException e) {
+                    }
+                    try {
+                        lPageSize = new Long(pageSize).longValue();
+                    } catch (NumberFormatException e) {
+                    }
 
                     if (lPageStart < 1)
                         lPageStart = 1;
                     // if (lPageStart + lPageSize - lCRLSize > 1)
                     //     lPageStart = lCRLSize - lPageSize + 1;
+                    if (lPageSize < 1)
+                        lPageSize = 10;
 
                     header.addStringValue(
                             "crlPrettyPrint", crlDetails.toString(locale,
diff --git a/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
index 9bfbc86f9..346dd2d34 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
@@ -312,11 +312,21 @@ public class GetCRL extends CMSServlet {
                     String pageSize = args.getValueAsString("pageSize", null);
 
                     if (pageStart != null && pageSize != null) {
-                        long lPageStart = new Long(pageStart).longValue();
-                        long lPageSize = new Long(pageSize).longValue();
+                        long lPageStart = 0L;
+                        long lPageSize = 0L;
+                        try {
+                            lPageStart = new Long(pageStart).longValue();
+                        } catch (NumberFormatException e) {
+                        }
+                        try {
+                            lPageSize = new Long(pageSize).longValue();
+                        } catch (NumberFormatException e) {
+                        }
 
                         if (lPageStart < 1)
                             lPageStart = 1;
+                        if (lPageSize < 1)
+                            lPageSize = 10;
 
                         header.addStringValue("crlPrettyPrint",
                                  crlDetails.toString(locale[0],
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
index 74a3183d6..508cd72c1 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
@@ -103,7 +103,11 @@ public class RequestProcessor extends CertProcessor {
                 String requestNonce = data.getNonce();
                 boolean nonceVerified = false;
                 if (requestNonce != null) {
-                    long nonce = Long.parseLong(requestNonce.trim());
+                    long nonce = 0L;
+                    try {
+                        nonce = Long.parseLong(requestNonce.trim());
+                    } catch (NumberFormatException e) {
+                    }
                     X509Certificate cert1 = nonces.getCertificate(nonce);
                     X509Certificate cert2 = getSSLClientCertificate(request);
                     if (cert1 == null) {
diff --git a/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
index fd305add2..386e7911c 100644
--- a/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
+++ b/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
@@ -315,7 +315,7 @@ public class CheckRequest extends CMSServlet {
         String note = r.getExtDataInString("requestNotes");
 
         header.addStringValue("authority", mAuthorityId);
-        header.addLongValue(REQ_ID, Long.parseLong(r.getRequestId().toString()));
+        header.addStringValue(REQ_ID, r.getRequestId().toString());
         header.addStringValue(STATUS, status.toString());
         header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000);
         header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000);
-- 
cgit