Details
-
Bug
-
Resolution: Fixed
-
P3
-
7u25
-
b112
-
linux_redhat_5.0
-
Verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8034642 | 7u65 | Weijun Wang | P3 | Resolved | Fixed | b01 |
JDK-8025615 | 7u60 | Weijun Wang | P3 | Closed | Fixed | b01 |
Description
FULL PRODUCT VERSION :
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) Server VM (build 23.25-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux hostname 2.6.18-164.el5PAE #1 SMP Tue Aug 18 15:59:11 EDT 2009 i686 i686 i386 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
When a SNPEGO negotiation token that doesn't contain a mechContext is passed to the standard GSSContext.acceptSecContext implementation, internally it fails to check for the field being non-null and dereferences it, causing a NPE that is propagated to the caller.
I believe that the null check was lost and the bug introduced in this refactoring:
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d08d77ad2d7b
REGRESSION. Last worked in version 6u45
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Execute the provided test case and observe the thrown exception.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
An instance of GSSException (the declared checked exception) should be thrown with an appropriate major error code. Under Java 1.6.0_51, the same test case results in a GSSException with the message: "Defective token detected (Mechanism level: Invalid SPNEGO NegTokenInit token : SPNEGO NegoTokenInit : did not have the right context tag for mechToken)"
ACTUAL -
A NullPointerException is thrown.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.NullPointerException
at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:871)
at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:544)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at Test.main(Test.java:17)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import javax.xml.bind.DatatypeConverter;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
public class Test {
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String token64 = "YGwGBisGAQUFAqBiMGCgDjAMBgorBgEEAYI3AgIKo04wT"
+ "KA7OzkEASUkNAQBBSSBLiSBKySBJCSBISSBHiSBGySBGCSBFSSBE"
+ "iSBDySBDCSBCSSBBiSBAwSBAAQCUUehDQQLUXVhbHlzR3VhcmQ=";
byte[] token = DatatypeConverter.parseBase64Binary(token64);
ctx.acceptSecContext(token, 0, token.length);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Callers need to catch NullPointerException and re-wrap it as a GSSException, which could mask other problems.
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) Server VM (build 23.25-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux hostname 2.6.18-164.el5PAE #1 SMP Tue Aug 18 15:59:11 EDT 2009 i686 i686 i386 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
When a SNPEGO negotiation token that doesn't contain a mechContext is passed to the standard GSSContext.acceptSecContext implementation, internally it fails to check for the field being non-null and dereferences it, causing a NPE that is propagated to the caller.
I believe that the null check was lost and the bug introduced in this refactoring:
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d08d77ad2d7b
REGRESSION. Last worked in version 6u45
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Execute the provided test case and observe the thrown exception.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
An instance of GSSException (the declared checked exception) should be thrown with an appropriate major error code. Under Java 1.6.0_51, the same test case results in a GSSException with the message: "Defective token detected (Mechanism level: Invalid SPNEGO NegTokenInit token : SPNEGO NegoTokenInit : did not have the right context tag for mechToken)"
ACTUAL -
A NullPointerException is thrown.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.NullPointerException
at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:871)
at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:544)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at Test.main(Test.java:17)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import javax.xml.bind.DatatypeConverter;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
public class Test {
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String token64 = "YGwGBisGAQUFAqBiMGCgDjAMBgorBgEEAYI3AgIKo04wT"
+ "KA7OzkEASUkNAQBBSSBLiSBKySBJCSBISSBHiSBGySBGCSBFSSBE"
+ "iSBDySBDCSBCSSBBiSBAwSBAAQCUUehDQQLUXVhbHlzR3VhcmQ=";
byte[] token = DatatypeConverter.parseBase64Binary(token64);
ctx.acceptSecContext(token, 0, token.length);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Callers need to catch NullPointerException and re-wrap it as a GSSException, which could mask other problems.
Attachments
Issue Links
- backported by
-
JDK-8034642 Incomplete token triggers GSS-API NullPointerException
- Resolved
-
JDK-8025615 Incomplete token triggers GSS-API NullPointerException
- Closed