United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8024861 : Incomplete token triggers GSS-API NullPointerException

Details
Type:
Bug
Submit Date:
2013-09-12
Status:
Resolved
Updated Date:
2013-10-11
Project Name:
JDK
Resolved Date:
2013-09-27
Component:
security-libs
OS:
linux_redhat_5.0
Sub-Component:
javax.security
CPU:
Priority:
P3
Resolution:
Fixed
Affected Versions:
7u25
Fixed Versions:

Related Reports
Backport:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) Server VM (build 23.25-b01, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Linux hostname 2.6.18-164.el5PAE #1 SMP Tue Aug 18 15:59:11 EDT 2009 i686 i686 i386 GNU/Linux

A DESCRIPTION OF THE PROBLEM :
When a SNPEGO negotiation token that doesn't contain a mechContext is passed to the standard GSSContext.acceptSecContext implementation, internally it fails to check for the field being non-null and dereferences it, causing a NPE that is propagated to the caller.

I believe that the null check was lost and the bug introduced in this refactoring:
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d08d77ad2d7b

REGRESSION.  Last worked in version 6u45

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Execute the provided test case and observe the thrown exception.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
An instance of GSSException (the declared checked exception) should be thrown with an appropriate major error code.  Under Java 1.6.0_51, the same test case results in a GSSException with the message: "Defective token detected (Mechanism level: Invalid SPNEGO NegTokenInit token : SPNEGO NegoTokenInit : did not have the right context tag for mechToken)"
ACTUAL -
A NullPointerException is thrown.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.NullPointerException
        at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:871)
        at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:544)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
        at Test.main(Test.java:17)


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import javax.xml.bind.DatatypeConverter;

import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;

public class Test {
    public static void main(String[] args) throws Exception {
        GSSCredential cred = null;
        GSSContext ctx = GSSManager.getInstance().createContext(cred);

        String token64 = "YGwGBisGAQUFAqBiMGCgDjAMBgorBgEEAYI3AgIKo04wT"
                + "KA7OzkEASUkNAQBBSSBLiSBKySBJCSBISSBHiSBGySBGCSBFSSBE"
                + "iSBDySBDCSBCSSBBiSBAwSBAAQCUUehDQQLUXVhbHlzR3VhcmQ=";

        byte[] token = DatatypeConverter.parseBase64Binary(token64);
        ctx.acceptSecContext(token, 0, token.length);
    }
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Callers need to catch NullPointerException and re-wrap it as a GSSException, which could mask other problems.
                                    

Comments
URL:   http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/eb2c81533876
User:  lana
Date:  2013-10-11 18:24:46 +0000

                                     
2013-10-11
URL:   http://hg.openjdk.java.net/jdk8/tl/jdk/rev/eb2c81533876
User:  weijun
Date:  2013-09-27 07:26:38 +0000

                                     
2013-09-27



Hardware and Software, Engineered to Work Together