Details
-
Bug
-
Resolution: Fixed
-
P3
-
7
-
b100
-
windows_7
-
Verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8034582 | 7u65 | Weijun Wang | P3 | Resolved | Fixed | b01 |
JDK-8020490 | 7u60 | Weijun Wang | P3 | Closed | Fixed | b01 |
Description
FULL PRODUCT VERSION :
Java 7 (and tested on Java 6, same error)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 x64
A DESCRIPTION OF THE PROBLEM :
NPE when tracing Kerberos authentication with LDAP and logger.Level >= FINER
because the value being passed to the trace is null and " output.length " is
evaluated unchecked, making detailed SASL analysis impossible.
Proposed solution: Add check to parameter => (output==null?0:output.length)
Error in:
Class: com.sun.security.sasl.util.AbstractSaslImpl
Method: traceOutput(String srcClass, String srcMethod, String traceTag, byte[]
output)
line # 259
> Null untested when passing output.length
Called from:
Class: com.sun.security.sasl.gsskerb.GssKrb5Client
Method: evaluateChallenge(byte[] challengeData)
lines # 198 - 199
> gssOutToken is null after initial initSecContext @ line 196
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try tracing LDAP SASL with Kerberos with default " .level.FINER "
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
LDAP Result
ACTUAL -
NullPointerException from attempted trace output
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Don't trace the package at FINER and above.
Java 7 (and tested on Java 6, same error)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 x64
A DESCRIPTION OF THE PROBLEM :
NPE when tracing Kerberos authentication with LDAP and logger.Level >= FINER
because the value being passed to the trace is null and " output.length " is
evaluated unchecked, making detailed SASL analysis impossible.
Proposed solution: Add check to parameter => (output==null?0:output.length)
Error in:
Class: com.sun.security.sasl.util.AbstractSaslImpl
Method: traceOutput(String srcClass, String srcMethod, String traceTag, byte[]
output)
line # 259
> Null untested when passing output.length
Called from:
Class: com.sun.security.sasl.gsskerb.GssKrb5Client
Method: evaluateChallenge(byte[] challengeData)
lines # 198 - 199
> gssOutToken is null after initial initSecContext @ line 196
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try tracing LDAP SASL with Kerberos with default " .level.FINER "
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
LDAP Result
ACTUAL -
NullPointerException from attempted trace output
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Don't trace the package at FINER and above.
Attachments
Issue Links
- backported by
-
JDK-8034582 NPE in AbstractSaslImpl when trace level >= FINER in KRB5
- Resolved
-
JDK-8020490 NPE in AbstractSaslImpl when trace level >= FINER in KRB5
- Closed
- duplicates
-
JDK-8046694 AbstractSaslImpl.traceOutput() throws an NPE when the 'output' parameter is NULL
- Closed
- relates to
-
JDK-7110803 SASL service for multiple hostnames
- Closed