From e4cdae71e1b6c6eaf9a73b945522aa5ca1914bab Mon Sep 17 00:00:00 2001
From: evasques <eva.vasques@gmail.com>
Date: Mon, 24 May 2021 13:11:17 +0100
Subject: [PATCH] MNT-22316 - Added pathInfo length validation before
 attempting substring (#487)

---
 .../alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java b/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
index a99a30e68b..2d03482a01 100644
--- a/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
+++ b/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
@@ -716,7 +716,7 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
         }
         else
         {
-            if(!pathInfo.substring(0, 6).toLowerCase().equals("/cmis/") && !pathInfo.equals("/discovery"))
+            if((pathInfo.length() > 5 && !pathInfo.substring(0, 6).toLowerCase().equals("/cmis/")) && !pathInfo.equals("/discovery"))
             {
                 // remove tenant
                 int idx = pathInfo.indexOf('/', 1);