United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8019267 : NPE in AbstractSaslImpl when trace level >= FINER in KRB5

Details
Type:
Bug
Submit Date:
2013-06-27
Status:
Closed
Updated Date:
2014-06-16
Project Name:
JDK
Resolved Date:
2013-07-10
Component:
security-libs
OS:
windows_7
Sub-Component:
org.ietf.jgss
CPU:
Priority:
P3
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:

Related Reports
Backport:
Backport:
Duplicate:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
Java 7 (and tested  on Java 6, same error)

ADDITIONAL OS VERSION INFORMATION :
Windows 7 x64

A DESCRIPTION OF THE PROBLEM :
NPE when tracing Kerberos authentication with LDAP and logger.Level >= FINER
because the value being passed to the trace is null and  " output.length "  is
evaluated unchecked, making detailed SASL analysis impossible.

Proposed solution: Add check to parameter => (output==null?0:output.length)


Error in:

Class: com.sun.security.sasl.util.AbstractSaslImpl
Method: traceOutput(String srcClass, String srcMethod, String traceTag, byte[]
output)
line # 259

> Null untested when passing output.length

Called from:
Class: com.sun.security.sasl.gsskerb.GssKrb5Client
Method: evaluateChallenge(byte[] challengeData)
lines # 198 - 199

> gssOutToken is null after initial initSecContext @ line 196

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try tracing LDAP SASL with Kerberos with default  " .level.FINER " 

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
LDAP Result
ACTUAL -
NullPointerException from attempted trace output

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Don't trace the package at FINER and above.
                                    

Comments
URL:   http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/780a64979c8d
User:  lana
Date:  2013-07-23 18:11:27 +0000

                                     
2013-07-23
URL:   http://hg.openjdk.java.net/jdk8/tl/jdk/rev/780a64979c8d
User:  weijun
Date:  2013-07-10 07:13:27 +0000

                                     
2013-07-10



Hardware and Software, Engineered to Work Together