FULL PRODUCT VERSION : java version "1.7.0_25" Java(TM) SE Runtime Environment (build 1.7.0_25-b15) Java HotSpot(TM) Server VM (build 23.25-b01, mixed mode) ADDITIONAL OS VERSION INFORMATION : Linux hostname 2.6.18-164.el5PAE #1 SMP Tue Aug 18 15:59:11 EDT 2009 i686 i686 i386 GNU/Linux A DESCRIPTION OF THE PROBLEM : When a SNPEGO negotiation token that doesn't contain a mechContext is passed to the standard GSSContext.acceptSecContext implementation, internally it fails to check for the field being non-null and dereferences it, causing a NPE that is propagated to the caller. I believe that the null check was lost and the bug introduced in this refactoring: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d08d77ad2d7b REGRESSION. Last worked in version 6u45 STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Execute the provided test case and observe the thrown exception. EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - An instance of GSSException (the declared checked exception) should be thrown with an appropriate major error code. Under Java 1.6.0_51, the same test case results in a GSSException with the message: "Defective token detected (Mechanism level: Invalid SPNEGO NegTokenInit token : SPNEGO NegoTokenInit : did not have the right context tag for mechToken)" ACTUAL - A NullPointerException is thrown. ERROR MESSAGES/STACK TRACES THAT OCCUR : Exception in thread "main" java.lang.NullPointerException at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:871) at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:544) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) at Test.main(Test.java:17) REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- import javax.xml.bind.DatatypeConverter; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSManager; public class Test { public static void main(String[] args) throws Exception { GSSCredential cred = null; GSSContext ctx = GSSManager.getInstance().createContext(cred); String token64 = "YGwGBisGAQUFAqBiMGCgDjAMBgorBgEEAYI3AgIKo04wT" + "KA7OzkEASUkNAQBBSSBLiSBKySBJCSBISSBHiSBGySBGCSBFSSBE" + "iSBDySBDCSBCSSBBiSBAwSBAAQCUUehDQQLUXVhbHlzR3VhcmQ="; byte[] token = DatatypeConverter.parseBase64Binary(token64); ctx.acceptSecContext(token, 0, token.length); } } ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : Callers need to catch NullPointerException and re-wrap it as a GSSException, which could mask other problems.
|