[tomcat] branch 8.5.x updated: Guard new escape routines for null values

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[tomcat] branch 8.5.x updated: Guard new escape routines for null values

fschumacher
This is an automated email from the ASF dual-hosted git repository.

fschumacher pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new edd46e4  Guard new escape routines for null values
edd46e4 is described below

commit edd46e498d9039bf9d47aa5169da279362dd3f66
Author: Felix Schumacher <[hidden email]>
AuthorDate: Sat May 15 14:06:21 2021 +0200

    Guard new escape routines for null values
   
    NPE in JNDIRealm, when userRoleAttribute is not set.
    Plus add path to UnboundID SDK to the Eclipse and Intellij
    classpath settings.
   
    Bugzilla Id: 63508
---
 java/org/apache/catalina/realm/JNDIRealm.java      |  6 ++++
 res/ide-support/eclipse/eclipse.classpath          |  1 +
 res/ide-support/idea/tomcat.iml                    |  9 +++++
 .../catalina/realm/TestJNDIRealmIntegration.java   | 42 ++++++++++++++++------
 webapps/docs/changelog.xml                         |  8 +++++
 5 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index f1354d1..cbef335 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2804,6 +2804,9 @@ public class JNDIRealm extends RealmBase {
      * @return String the escaped/encoded result
      */
     protected String doFilterEscaping(String inString) {
+        if (inString == null) {
+            return null;
+        }
         StringBuilder buf = new StringBuilder(inString.length());
         for (int i = 0; i < inString.length(); i++) {
             char c = inString.charAt(i);
@@ -2896,6 +2899,9 @@ public class JNDIRealm extends RealmBase {
      * @return      The string representation of the attribute value
      */
     protected String doAttributeValueEscaping(String input) {
+        if (input == null) {
+            return null;
+        }
         int len = input.length();
         StringBuilder result = new StringBuilder();
 
diff --git a/res/ide-support/eclipse/eclipse.classpath b/res/ide-support/eclipse/eclipse.classpath
index 0c67505..da8f013 100644
--- a/res/ide-support/eclipse/eclipse.classpath
+++ b/res/ide-support/eclipse/eclipse.classpath
@@ -29,5 +29,6 @@
     <classpathentry kind="var" path="TOMCAT_LIBS_BASE/hamcrest-2.2/hamcrest-2.2.jar"/>
     <classpathentry kind="var" path="TOMCAT_LIBS_BASE/cglib-3.3.0/cglib-nodep-3.3.0.jar"/>
     <classpathentry kind="var" path="TOMCAT_LIBS_BASE/objenesis-2.6/objenesis-2.6.jar"/>
+    <classpathentry kind="var" path="TOMCAT_LIBS_BASE/unboundid-5.1.4/unboundid-ldapsdk-5.1.4.jar"/>
     <classpathentry kind="output" path=".settings/output"/>
 </classpath>
diff --git a/res/ide-support/idea/tomcat.iml b/res/ide-support/idea/tomcat.iml
index c7a9c03..f180cfb 100644
--- a/res/ide-support/idea/tomcat.iml
+++ b/res/ide-support/idea/tomcat.iml
@@ -110,6 +110,15 @@
         <SOURCES />
       </library>
     </orderEntry>
+    <orderEntry type="module-library">
+      <library>
+        <CLASSES>
+          <root url="jar://$TOMCAT_BUILD_LIBS$/unboundid-5.1.4/unboundid-ldapsdk-5.1.4.jar!/" />
+        </CLASSES>
+        <JAVADOC />
+        <SOURCES />
+      </library>
+    </orderEntry>
 
   </component>
 </module>
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index e52d7c2..99d537d 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -58,26 +58,33 @@ public class TestJNDIRealmIntegration {
     @Parameterized.Parameters(name = "{index}: user[{5}], pwd[{6}]")
     public static Collection<Object[]> parameters() {
         List<Object[]> parameterSets = new ArrayList<>();
-        for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
-            addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, parameterSets);
-            addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, parameterSets);
+        for (String userRoleAttribute : new String[] { "cn", null }) {
+            for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
+                if (userRoleAttribute != null) {
+                    addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets);
+                    addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets);
+                }
+            }
+            parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
+                    "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] { "TestGroup4" },
+                    userRoleAttribute });
         }
-        parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
-                "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] {"TestGroup4"} });
         return parameterSets;
     }
 
 
     private static void addUsers(String userPattern, String userSearch, String userBase, String roleSearch,
-            String roleBase, List<Object[]> parameterSets) {
+            String roleBase, String userRoleAttribute, List<Object[]> parameterSets) {
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
-                "test", "test", new String[] {"TestGroup"} });
+                "test", "test", new String[] {"TestGroup"}, userRoleAttribute });
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
-                "t;", "test", new String[] {"TestGroup"} });
+                "t;", "test", new String[] {"TestGroup"}, userRoleAttribute });
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
-                "t*", "test", new String[] {"TestGroup"} });
+                "t*", "test", new String[] {"TestGroup"}, userRoleAttribute });
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
-                "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"} });
+                "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"}, userRoleAttribute });
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
+                "norole", "test", new String[0], userRoleAttribute });
     }
 
 
@@ -97,6 +104,8 @@ public class TestJNDIRealmIntegration {
     public String credentials;
     @Parameter(7)
     public String[] groups;
+    @Parameter(8)
+    public String realmConfigUserRoleAttribute;
 
     @Test
     public void testAuthenication() throws Exception {
@@ -107,7 +116,7 @@ public class TestJNDIRealmIntegration {
         realm.setUserPattern(realmConfigUserPattern);
         realm.setUserSearch(realmConfigUserSearch);
         realm.setUserBase(realmConfigUserBase);
-        realm.setUserRoleAttribute("cn");
+        realm.setUserRoleAttribute(realmConfigUserRoleAttribute);
         realm.setRoleName("cn");
         realm.setRoleBase(realmConfigRoleBase);
         realm.setRoleSearch(realmConfigRoleSearch);
@@ -203,6 +212,17 @@ public class TestJNDIRealmIntegration {
             result = conn.processOperation(addUserTestEquals);
             Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
 
+            AddRequest addUserNoRole = new AddRequest(
+                    "dn: cn=norole,ou=people,dc=example,dc=com",
+                    "objectClass: top",
+                    "objectClass: person",
+                    "objectClass: organizationalPerson",
+                    "cn: norole",
+                    "sn: No Role",
+                    "userPassword: test");
+            result = conn.processOperation(addUserNoRole);
+            Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
             AddRequest addGroupTest = new AddRequest(
                     "dn: cn=TestGroup,ou=people,dc=example,dc=com",
                     "objectClass: top",
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f39aa5f..bd59929 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 8.5.67 (markt)" rtext="in development">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        <bug>63508</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code>
+        is given. (fschumacher)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Coyote">
     <changelog>
       <fix>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]