Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-5104197

NullPointerException when sending java.security.Permissions through SUN IIOP

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Duplicate
    • Affects Version/s: 1.4.2, 6
    • Fix Version/s: None
    • Component/s: other-libs
    • Labels:
    • Subcomponent:
    • CPU:
      x86
    • OS:
      windows_2000, windows_xp

      Description

      Name: js151677 Date: 09/20/2004


      FULL PRODUCT VERSION :
      java version "1.4.2_05"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_05-b04)
      Java HotSpot(TM) Client VM (build 1.4.2_05-b04, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows XP [Version 5.1.2600]

      A DESCRIPTION OF THE PROBLEM :
      BEA WebLogic has a protocol called thin client which makes use of SUN's IIOP implementation in JDK. If a component tries to send a java.security.Permissions object with the a null "allPermission" member field through SUN's IIOP implementation, it throws the NullPointerException:

      java.lang.NullPointerException
              at java.util.Hashtable.put(Hashtable.java:393)
              at com.sun.corba.se.internal.io.OutputStreamHook$HookPutFields.put(Outpu
      tStreamHook.java:97)
              at java.security.Permissions.writeObject(Permissions.java:359)
              at com.sun.corba.se.internal.io.IIOPOutputStream.writeObject(Native Meth
      od)
              at com.sun.corba.se.internal.io.IIOPOutputStream.invokeObjectWriter(IIOP
      OutputStream.java:560)
              at com.sun.corba.se.internal.io.IIOPOutputStream.outputObject(IIOPOutput
      Stream.java:523)
              at com.sun.corba.se.internal.io.IIOPOutputStream.simpleWriteObject(IIOPO
      utputStream.java:123)
              at com.sun.corba.se.internal.io.ValueHandlerImpl.writeValueInternal(Valu
      eHandlerImpl.java:136)
              at com.sun.corba.se.internal.io.ValueHandlerImpl.writeValue(ValueHandler
      Impl.java:116)
              at weblogic.iiop.IIOPOutputStream.write_value(IIOPOutputStream.java:1636
      )
              at weblogic.iiop.IIOPOutputStream.write_value(IIOPOutputStream.java:1667
      )
              at weblogic.iiop.RMIMsgOutput.writeObject(RMIMsgOutput.java:105)
              at examples.ejb20.basic.statelessSession.statelessSession_mt9oui_EOImpl_
      WLSkel.invoke(Unknown Source)
              at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
              at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
      ef.java:108)
              at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
              at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
      dSubject.java:363)
              at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
      144)
              at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
      a:415)
              at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
      .java:30)
              at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
              at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

      You only need to analyse the source code of these two classes to understand the problem:
      java.security.Permissions
      com.sun.corba.se.internal.io.OutputStreamHook

      When Permissions.writeObject(ObjectOutputStreaM) is called, it tries to write the members by
              ObjectOutputStream.PutField pfields = out.putFields();
      pfields.put("allPermission", allPermission);
              pfields.put("perms", perms);
              out.writeFields();

      The variable "pfields" is an instance of com.sun.corba.se.internal.io.OutputStreamHook$HookPutFields. pfields.put(String, Object) calls java.util.Hashtable.put(String, Object) with a null "allPermission" memeber but Hashtable.put(String, Object) throws NullPointerException according to JDK javadoc http://java.sun.com/j2se/1.4.2/docs/api/java/util/Hashtable.html#put(java.lang.Object,%20java.lang.Object)



      REPRODUCIBILITY :
      This bug can be reproduced always.

      CUSTOMER SUBMITTED WORKAROUND :
      1) make sure the java.security.Permissions to send has a java.security.AllPermission member so the private member "allPermission" is not null. E.g. put a dummy AllPermission object
      2) fall back to jdk 1.4.1_0x but 1.4.1 is already EOL.
      (Incident Review ID: 311240)
      ======================================================================

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              jssunw Jitender S (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: