Details
-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
7u45
-
x86_64
-
linux
Description
FULL PRODUCT VERSION :
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux joey.ent.cloudera.com 2.6.32-431.11.2.el6.x86_64 #1 SMP Mon Mar 3 13:32:45 EST 2014 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
When javax.security.sasl.level is set to FINER or FINEST, then the SASL libraries use the com.sun.security.sasl.util.AbstractSaslImpl.traceOutput() function to log the buffers used in SASL negotiation.
If a response to a challenge is NULL, then this will result in an NPE when the output parameter's length field is accessed without checking if output is null first.
Example partial stack trace:
Caused by: java.lang.NullPointerException
at com.sun.security.sasl.util.AbstractSaslImpl.traceOutput(AbstractSaslImpl.java:259)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:198)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Set javax.security.sasl.level to FINER or FINEST in $JAVA_HOME/jre/lib/logging.properties and try and establish a SASL connection without a proper Kerberos session, then you'll get an NPE.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No NPE.
REPRODUCIBILITY :
This bug can be reproduced always.
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux joey.ent.cloudera.com 2.6.32-431.11.2.el6.x86_64 #1 SMP Mon Mar 3 13:32:45 EST 2014 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
When javax.security.sasl.level is set to FINER or FINEST, then the SASL libraries use the com.sun.security.sasl.util.AbstractSaslImpl.traceOutput() function to log the buffers used in SASL negotiation.
If a response to a challenge is NULL, then this will result in an NPE when the output parameter's length field is accessed without checking if output is null first.
Example partial stack trace:
Caused by: java.lang.NullPointerException
at com.sun.security.sasl.util.AbstractSaslImpl.traceOutput(AbstractSaslImpl.java:259)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:198)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Set javax.security.sasl.level to FINER or FINEST in $JAVA_HOME/jre/lib/logging.properties and try and establish a SASL connection without a proper Kerberos session, then you'll get an NPE.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No NPE.
REPRODUCIBILITY :
This bug can be reproduced always.
Attachments
Issue Links
- duplicates
-
-
- Closed
-