Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7095856

OutputStreamHook doesn't handle null values

XMLWordPrintable

    • b22
    • generic
    • generic
    • Verified

        FULL PRODUCT VERSION :
        java version "1.4.2_05"
        Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_05-b04)
        Java HotSpot(TM) Client VM (build 1.4.2_05-b04, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows XP [Version 5.1.2600]

        A DESCRIPTION OF THE PROBLEM :
        BEA WebLogic has a protocol called thin client which makes use of SUN's IIOP implementation in JDK. If a component tries to send a java.security.Permissions object with the a null "allPermission" member field through SUN's IIOP implementation, it throws the NullPointerException:

        java.lang.NullPointerException
                at java.util.Hashtable.put(Hashtable.java:393)
                at com.sun.corba.se.internal.io.OutputStreamHook$HookPutFields.put(Outpu
        tStreamHook.java:97)
                at java.security.Permissions.writeObject(Permissions.java:359)
                at com.sun.corba.se.internal.io.IIOPOutputStream.writeObject(Native Meth
        od)
                at com.sun.corba.se.internal.io.IIOPOutputStream.invokeObjectWriter(IIOP
        OutputStream.java:560)
                at com.sun.corba.se.internal.io.IIOPOutputStream.outputObject(IIOPOutput
        Stream.java:523)
                at com.sun.corba.se.internal.io.IIOPOutputStream.simpleWriteObject(IIOPO
        utputStream.java:123)
                at com.sun.corba.se.internal.io.ValueHandlerImpl.writeValueInternal(Valu
        eHandlerImpl.java:136)
                at com.sun.corba.se.internal.io.ValueHandlerImpl.writeValue(ValueHandler
        Impl.java:116)
                at weblogic.iiop.IIOPOutputStream.write_value(IIOPOutputStream.java:1636
        )
                at weblogic.iiop.IIOPOutputStream.write_value(IIOPOutputStream.java:1667
        )
                at weblogic.iiop.RMIMsgOutput.writeObject(RMIMsgOutput.java:105)
                at examples.ejb20.basic.statelessSession.statelessSession_mt9oui_EOImpl_
        WLSkel.invoke(Unknown Source)
                at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
                at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
        ef.java:108)
                at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
        dSubject.java:363)
                at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
        144)
                at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
        a:415)
                at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
        .java:30)
                at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
                at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

        You only need to analyse the source code of these two classes to understand the problem:
        java.security.Permissions
        com.sun.corba.se.internal.io.OutputStreamHook

        When Permissions.writeObject(ObjectOutputStreaM) is called, it tries to write the members by
                ObjectOutputStream.PutField pfields = out.putFields();
        pfields.put("allPermission", allPermission);
                pfields.put("perms", perms);
                out.writeFields();

        The variable "pfields" is an instance of com.sun.corba.se.internal.io.OutputStreamHook$HookPutFields. pfields.put(String, Object) calls java.util.Hashtable.put(String, Object) with a null "allPermission" memeber but Hashtable.put(String, Object) throws NullPointerException according to JDK javadoc http://java.sun.com/j2se/1.4.2/docs/api/java/util/Hashtable.html#put(java.lang.Object,%20java.lang.Object)



        REPRODUCIBILITY :
        This bug can be reproduced always.

        CUSTOMER SUBMITTED WORKAROUND :
        1) make sure the java.security.Permissions to send has a java.security.AllPermission member so the private member "allPermission" is not null. E.g. put a dummy AllPermission object
        2) fall back to jdk 1.4.1_0x but 1.4.1 is already EOL.
        (Incident Review ID: 311240)
        ======================================================================

              coffeys Sean Coffey
              coffeys Sean Coffey
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: