From c0ba50d6f231fec40377a4d1e20b4d01eae97ee6 Mon Sep 17 00:00:00 2001
From: evasques <eva.vasques@gmail.com>
Date: Tue, 25 May 2021 09:44:53 +0100
Subject: [PATCH] MNT-22316 - Added pathInfo length validation before
 attempting substring (#487) (#490)

(cherry picked from commit e4cdae71e1b6c6eaf9a73b945522aa5ca1914bab)
---
 .../alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java b/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
index a99a30e68b..2d03482a01 100644
--- a/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
+++ b/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
@@ -716,7 +716,7 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
         }
         else
         {
-            if(!pathInfo.substring(0, 6).toLowerCase().equals("/cmis/") && !pathInfo.equals("/discovery"))
+            if((pathInfo.length() > 5 && !pathInfo.substring(0, 6).toLowerCase().equals("/cmis/")) && !pathInfo.equals("/discovery"))
             {
                 // remove tenant
                 int idx = pathInfo.indexOf('/', 1);