#475 Error on connection with password blank (not null) on version 11.2

[Davide Villa]

With the new version 11.2 is not possible to connect passing a blank password.
The class com.ibm.as400.access.AS400JDBCDriver raise a ArrayIndexOutOfBoundsException in the initializeAS400 method.

I seems that the new code to test the password for "*CURRENT" does not check for the lenght of the fields before access the array.

        if(clearPassword!= null)                                                  //@pw1
        {                                                                         //@pw1
           /* check for *CURRENT */ 
            if (clearPassword[0] == '*' &&
                (clearPassword[1] == 'C' || clearPassword[1] == 'c') &&
                (clearPassword[2] == 'U' || clearPassword[2] == 'u') &&
                (clearPassword[3] == 'R' || clearPassword[3] == 'r') &&
                (clearPassword[4] == 'R' || clearPassword[4] == 'r') &&
                (clearPassword[5] == 'E' || clearPassword[5] == 'e') &&
                (clearPassword[6] == 'N' || clearPassword[6] == 'n') &&
                (clearPassword[7] == 'T' || clearPassword[7] == 't') )                //@pw1
            {                                                                         //@pw1
                if(isSecureCurrentUser)//@pw3
                {  //@pw3
                    if (JDTrace.isTraceOn()) //jdbc category trace                        //@pw1
                        JDTrace.logInformation (AS400JDBCDriver.class, "Userid/password cannot be \"\" or *CURRENT due to security constraints.  Use null instead");  //@pw1
                    //JDError.throwSQLException(JDError.EXC_CONNECTION_REJECTED);           //@pw1
                    forcePrompt = true;  //@prompt
                }  //@pw3
            }                                                                         //@pw1
        }                                 

to fix the error I think the correct test would be:

        if(clearPassword != null && clearPassword.length >0)                                                  //@pw1
        {                                                                         //@pw1
           /* check for *CURRENT */ 
            if (clearPassword[0] == '*' &&
                (clearPassword[1] == 'C' || clearPassword[1] == 'c') &&
                (clearPassword[2] == 'U' || clearPassword[2] == 'u') &&
                (clearPassword[3] == 'R' || clearPassword[3] == 'r') &&
                (clearPassword[4] == 'R' || clearPassword[4] == 'r') &&
                (clearPassword[5] == 'E' || clearPassword[5] == 'e') &&
                (clearPassword[6] == 'N' || clearPassword[6] == 'n') &&
                (clearPassword[7] == 'T' || clearPassword[7] == 't') )                //@pw1
            {                                                                         //@pw1
                if(isSecureCurrentUser)//@pw3
                {  //@pw3
                    if (JDTrace.isTraceOn()) //jdbc category trace                        //@pw1
                        JDTrace.logInformation (AS400JDBCDriver.class, "Userid/password cannot be \"\" or *CURRENT due to security constraints.  Use null instead");  //@pw1
                    //JDError.throwSQLException(JDError.EXC_CONNECTION_REJECTED);           //@pw1
                    forcePrompt = true;  //@prompt
                }  //@pw3
            }                                                                         //@pw1
        }                                 

[Jesse Gorzinski]

we are in the process of migrating to GitHub. This should be fixed here : https://github.com/IBM/JTOpen/pull/18

The fix should be included in v20.0.0-alpha-1 which you can download from the release page. If your problem persists, please open an issue on GitHub