PQ59150: USERS & GROUPS WHOSE NAME/STRING IS MORE THAN 127 BYTES LONG WILL GET "JAVA.LANG.NEGATIVEARRAYSIZEEXCEPTION" EXCEPTIONS

A fix is available
WebSphere Application Server Version 3.5 Fix Pack 7 (3.5.7)

APAR

APAR status
Closed as program error.

Error description
Users who belong to more than 127 groups or belong to a group
whose name is greater then 127 bytes long will fail
authorization.  A "NegativeArraySizeException" message will be
evident in traces and possibly be visable on a web client.
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users       *
*                 using security and adding users to groups    *
*                 with names greater than 127 bytes long or    *
*                 adding users to more than 127 groups.        *
*                 All WebSphere Application Server users       *
*                 using security and adding users to groups    *
*                 with names greater than 127 bytes long or    *
*                 adding users to more than 127 groups.        *
****************************************************************
* PROBLEM DESCRIPTION: Users encounter an authentication       *
*                      failure for Java clients or an Error    *
*                      500 for web clients.                    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Users encounter an authentication failure for Java clients or
an Error 500 for web clients.  The problem is a
NegativeArraySizeException occurs in SecurityAttributeList
due to the conversion of byte values into integers before
bitwsie operations were performed.  Negative byte values
were sign extended yeilding a negative value for the final
integer after bitwise operations completed.
* RECOMMENDATION: *****************************************************************Users encounter an authentication failure for Java clients oran Error 500 for web clients. The problem is aNegativeArraySizeException occurs in SecurityAttributeListdue to the conversion of byte values into integers beforebitwsie operations were performed. Negative byte valueswere sign extended yeilding a negative value for the finalinteger after bitwise operations completed.
Problem conclusion
Sign extended bits were masked off before the bitwise operation
was performed.
Temporary fix
PQ59150-3.5.5-3.5.6.jar
Comments
APAR information
APAR numberPQ59150
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2002-03-18
Closed date2002-03-26
Last modified date2002-04-03

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:

PQ59447

Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400
APAR is sysrouted TO one or more of the following:PQ59447Modules/Macros

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ59150
IBM Group: Software Group
Modified date: 2002-04-03