-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 7
-
Component/s: security-libs
-
b100
-
windows_7
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8034582 | 7u65 | Weijun Wang | P3 | Resolved | Fixed | b01 |
| JDK-8020490 | 7u60 | Weijun Wang | P3 | Closed | Fixed | b01 |
FULL PRODUCT VERSION :
Java 7 (and tested on Java 6, same error)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 x64
A DESCRIPTION OF THE PROBLEM :
NPE when tracing Kerberos authentication with LDAP and logger.Level >= FINER
because the value being passed to the trace is null and " output.length " is
evaluated unchecked, making detailed SASL analysis impossible.
Proposed solution: Add check to parameter => (output==null?0:output.length)
Error in:
Class: com.sun.security.sasl.util.AbstractSaslImpl
Method: traceOutput(String srcClass, String srcMethod, String traceTag, byte[]
output)
line # 259
> Null untested when passing output.length
Called from:
Class: com.sun.security.sasl.gsskerb.GssKrb5Client
Method: evaluateChallenge(byte[] challengeData)
lines # 198 - 199
> gssOutToken is null after initial initSecContext @ line 196
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try tracing LDAP SASL with Kerberos with default " .level.FINER "
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
LDAP Result
ACTUAL -
NullPointerException from attempted trace output
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Don't trace the package at FINER and above.
Java 7 (and tested on Java 6, same error)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 x64
A DESCRIPTION OF THE PROBLEM :
NPE when tracing Kerberos authentication with LDAP and logger.Level >= FINER
because the value being passed to the trace is null and " output.length " is
evaluated unchecked, making detailed SASL analysis impossible.
Proposed solution: Add check to parameter => (output==null?0:output.length)
Error in:
Class: com.sun.security.sasl.util.AbstractSaslImpl
Method: traceOutput(String srcClass, String srcMethod, String traceTag, byte[]
output)
line # 259
> Null untested when passing output.length
Called from:
Class: com.sun.security.sasl.gsskerb.GssKrb5Client
Method: evaluateChallenge(byte[] challengeData)
lines # 198 - 199
> gssOutToken is null after initial initSecContext @ line 196
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try tracing LDAP SASL with Kerberos with default " .level.FINER "
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
LDAP Result
ACTUAL -
NullPointerException from attempted trace output
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Don't trace the package at FINER and above.
- backported by
-
JDK-8034582 NPE in AbstractSaslImpl when trace level >= FINER in KRB5
-
- Resolved
-
-
-
- Closed
-
- duplicates
-
-
- Closed
-
- relates to
-
JDK-7110803 SASL service for multiple hostnames
-
- Closed
-