JDK-8019267 : NPE in AbstractSaslImpl when trace level >= FINER in KRB5
  • Type: Bug
  • Component: security-libs
  • Sub-Component: org.ietf.jgss
  • Affected Version: 7
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_7
  • Submitted: 2013-06-27
  • Updated: 2014-06-16
  • Resolved: 2013-07-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u60Fixed 8 b100Fixed
Related Reports
Duplicate :  
Relates :  
Description
FULL PRODUCT VERSION :
Java 7 (and tested  on Java 6, same error)

ADDITIONAL OS VERSION INFORMATION :
Windows 7 x64

A DESCRIPTION OF THE PROBLEM :
NPE when tracing Kerberos authentication with LDAP and logger.Level >= FINER
because the value being passed to the trace is null and  " output.length "  is
evaluated unchecked, making detailed SASL analysis impossible.

Proposed solution: Add check to parameter => (output==null?0:output.length)


Error in:

Class: com.sun.security.sasl.util.AbstractSaslImpl
Method: traceOutput(String srcClass, String srcMethod, String traceTag, byte[]
output)
line # 259

> Null untested when passing output.length

Called from:
Class: com.sun.security.sasl.gsskerb.GssKrb5Client
Method: evaluateChallenge(byte[] challengeData)
lines # 198 - 199

> gssOutToken is null after initial initSecContext @ line 196

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try tracing LDAP SASL with Kerberos with default  " .level.FINER " 

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
LDAP Result
ACTUAL -
NullPointerException from attempted trace output

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Don't trace the package at FINER and above.