Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8046694

AbstractSaslImpl.traceOutput() throws an NPE when the 'output' parameter is NULL

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: P4 P4
    • None
    • 7u45
    • security-libs

      FULL PRODUCT VERSION :
      java version "1.7.0_45"
      Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
      Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Linux joey.ent.cloudera.com 2.6.32-431.11.2.el6.x86_64 #1 SMP Mon Mar 3 13:32:45 EST 2014 x86_64 x86_64 x86_64 GNU/Linux

      A DESCRIPTION OF THE PROBLEM :
      When javax.security.sasl.level is set to FINER or FINEST, then the SASL libraries use the com.sun.security.sasl.util.AbstractSaslImpl.traceOutput() function to log the buffers used in SASL negotiation.

      If a response to a challenge is NULL, then this will result in an NPE when the output parameter's length field is accessed without checking if output is null first.

      Example partial stack trace:

      Caused by: java.lang.NullPointerException
      at com.sun.security.sasl.util.AbstractSaslImpl.traceOutput(AbstractSaslImpl.java:259)
      at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:198)

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Set javax.security.sasl.level to FINER or FINEST in $JAVA_HOME/jre/lib/logging.properties and try and establish a SASL connection without a proper Kerberos session, then you'll get an NPE.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      No NPE.

      REPRODUCIBILITY :
      This bug can be reproduced always.

            Unassigned Unassigned
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: