[Bug 65308] New: NPE in JNDIRealm when no userRoleAttribute is given

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 65308] New: NPE in JNDIRealm when no userRoleAttribute is given

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308

            Bug ID: 65308
           Summary: NPE in JNDIRealm when no userRoleAttribute is given
           Product: Tomcat 10
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ------

Created attachment 37863
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37863&action=edit
Check for null values before escaping values

This is a regression in JNDIRealm caused by Bug 65224.

If no "userRoleAttribute" is specified on the JNDIRealm, its default value of
null will be used. That will cause a NPE in JNDIRealm#doFilterEscaping and/or
JNDIRealm#doAttributeValueEscaping.

Mai 15, 2021 2:10:59 PM org.apache.catalina.realm.JNDIRealm authenticate
INFORMATION: Exception performing authentication. Retrying...
java.lang.NullPointerException
        at
org.apache.catalina.realm.JNDIRealm.doAttributeValueEscaping(JNDIRealm.java:2889)
        at org.apache.catalina.realm.JNDIRealm.getRoles(JNDIRealm.java:1892)
        at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1320)
        at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1232)

Simplest solution is to return null in both escape methods, when null is passed
in.

The attached patch also adds the unbound-ldapsdk to the eclipse class path.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 65308] NPE in JNDIRealm when no userRoleAttribute is given

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308

--- Comment #1 from Remy Maucherat <[hidden email]> ---
+1 for your patch, obviously. You can add the tests of course, but you could do
without them as well it's just adding a null check, so it cannot possibly break
anything and we know it will work.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 65308] NPE in JNDIRealm when no userRoleAttribute is given

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308

Felix Schumacher <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Felix Schumacher <[hidden email]> ---
I kept the changes to the test cases, as they would catch the NPE in case
we re-introduce this bug.

Fixed in:
- 10.0.x for 10.0.7 onwards
- 9.0.x for 9.0.47 onwards
- 8.5.x for 8.5.67 onwards

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 65308] NPE in JNDIRealm when no userRoleAttribute is given

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308

--- Comment #3 from Mark Thomas <[hidden email]> ---
Thanks for catching this,

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 65308] NPE in JNDIRealm when no userRoleAttribute is given

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308

Mark Thomas <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #4 from Mark Thomas <[hidden email]> ---
*** Bug 65330 has been marked as a duplicate of this bug. ***

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]