MNT-22316 - Added pathInfo length validation before attempting substring (#487)

2025-07-24 17:32:48 +00:00 · 2021-05-24 13:11:17 +01:00
parent 97ff755d58
commit e4cdae71e1
1 changed files with 1 additions and 1 deletions
--- a/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
+++ b/remote-api/src/main/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
@@ -716,7 +716,7 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
        }
        else
        {
-            if(!pathInfo.substring(0, 6).toLowerCase().equals("/cmis/") && !pathInfo.equals("/discovery"))
+            if((pathInfo.length() > 5 && !pathInfo.substring(0, 6).toLowerCase().equals("/cmis/")) && !pathInfo.equals("/discovery"))
            {
                // remove tenant
                int idx = pathInfo.indexOf('/', 1);