Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8024861

Incomplete token triggers GSS-API NullPointerException

    XMLWordPrintable

Details

    • b112
    • linux_redhat_5.0
    • Verified

    Backports

      Description

        FULL PRODUCT VERSION :
        java version "1.7.0_25"
        Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
        Java HotSpot(TM) Server VM (build 23.25-b01, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Linux hostname 2.6.18-164.el5PAE #1 SMP Tue Aug 18 15:59:11 EDT 2009 i686 i686 i386 GNU/Linux

        A DESCRIPTION OF THE PROBLEM :
        When a SNPEGO negotiation token that doesn't contain a mechContext is passed to the standard GSSContext.acceptSecContext implementation, internally it fails to check for the field being non-null and dereferences it, causing a NPE that is propagated to the caller.

        I believe that the null check was lost and the bug introduced in this refactoring:
        http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d08d77ad2d7b

        REGRESSION. Last worked in version 6u45

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        Execute the provided test case and observe the thrown exception.

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        An instance of GSSException (the declared checked exception) should be thrown with an appropriate major error code. Under Java 1.6.0_51, the same test case results in a GSSException with the message: "Defective token detected (Mechanism level: Invalid SPNEGO NegTokenInit token : SPNEGO NegoTokenInit : did not have the right context tag for mechToken)"
        ACTUAL -
        A NullPointerException is thrown.

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        Exception in thread "main" java.lang.NullPointerException
                at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:871)
                at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:544)
                at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
                at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
                at Test.main(Test.java:17)


        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        import javax.xml.bind.DatatypeConverter;

        import org.ietf.jgss.GSSContext;
        import org.ietf.jgss.GSSCredential;
        import org.ietf.jgss.GSSManager;

        public class Test {
            public static void main(String[] args) throws Exception {
                GSSCredential cred = null;
                GSSContext ctx = GSSManager.getInstance().createContext(cred);

                String token64 = "YGwGBisGAQUFAqBiMGCgDjAMBgorBgEEAYI3AgIKo04wT"
                        + "KA7OzkEASUkNAQBBSSBLiSBKySBJCSBISSBHiSBGySBGCSBFSSBE"
                        + "iSBDySBDCSBCSSBBiSBAwSBAAQCUUehDQQLUXVhbHlzR3VhcmQ=";

                byte[] token = DatatypeConverter.parseBase64Binary(token64);
                ctx.acceptSecContext(token, 0, token.length);
            }
        }

        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        Callers need to catch NullPointerException and re-wrap it as a GSSException, which could mask other problems.

        Attachments

          Issue Links

            Activity

              People

                weijun Weijun Wang
                rcalnan Roger Calnan
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: