[tomcat] branch master updated: Guard new escape routines for null values

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[tomcat] branch master updated: Guard new escape routines for null values

fschumacher
This is an automated email from the ASF dual-hosted git repository.

fschumacher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new 939efed  Guard new escape routines for null values
939efed is described below

commit 939efedccff7fafc45eedb11dcce67cd92975364
Author: Felix Schumacher <[hidden email]>
AuthorDate: Sat May 15 14:06:21 2021 +0200

    Guard new escape routines for null values
   
    NPE in JNDIRealm, when userRoleAttribute is not set.
    Plus add path to UnboundID SDK to the Eclipse and Intellij
    classpath settings.
   
    Bugzilla Id: 63508
---
 java/org/apache/catalina/realm/JNDIRealm.java      |  6 ++++
 res/ide-support/eclipse/eclipse.classpath          |  1 +
 res/ide-support/idea/tomcat.iml                    |  9 +++++
 .../catalina/realm/TestJNDIRealmIntegration.java   | 42 ++++++++++++++++------
 webapps/docs/changelog.xml                         |  8 +++++
 5 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index 04768e8..b6318b4 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2788,6 +2788,9 @@ public class JNDIRealm extends RealmBase {
      * @return String the escaped/encoded result
      */
     protected String doFilterEscaping(String inString) {
+        if (inString == null) {
+            return null;
+        }
         StringBuilder buf = new StringBuilder(inString.length());
         for (int i = 0; i < inString.length(); i++) {
             char c = inString.charAt(i);
@@ -2880,6 +2883,9 @@ public class JNDIRealm extends RealmBase {
      * @return      The string representation of the attribute value
      */
     protected String doAttributeValueEscaping(String input) {
+        if (input == null) {
+            return null;
+        }
         int len = input.length();
         StringBuilder result = new StringBuilder();
 
diff --git a/res/ide-support/eclipse/eclipse.classpath b/res/ide-support/eclipse/eclipse.classpath
index 857b557..2b99428 100644
--- a/res/ide-support/eclipse/eclipse.classpath
+++ b/res/ide-support/eclipse/eclipse.classpath
@@ -31,5 +31,6 @@
     <classpathentry kind="var" path="TOMCAT_LIBS_BASE/objenesis-3.1/objenesis-3.1.jar"/>
     <classpathentry kind="var" path="TOMCAT_LIBS_BASE/bnd-5.3.0/biz.aQute.bnd-5.3.0.jar"/>
     <classpathentry kind="var" path="TOMCAT_LIBS_BASE/migration-1.0.0/jakartaee-migration-1.0.0-shaded.jar"/>
+    <classpathentry kind="var" path="TOMCAT_LIBS_BASE/unboundid-5.1.4/unboundid-ldapsdk-5.1.4.jar"/>
     <classpathentry kind="output" path=".settings/output"/>
 </classpath>
diff --git a/res/ide-support/idea/tomcat.iml b/res/ide-support/idea/tomcat.iml
index 2c10049..11d1909 100644
--- a/res/ide-support/idea/tomcat.iml
+++ b/res/ide-support/idea/tomcat.iml
@@ -128,6 +128,15 @@
         <SOURCES />
       </library>
     </orderEntry>
+    <orderEntry type="module-library">
+      <library>
+        <CLASSES>
+          <root url="jar://$TOMCAT_BUILD_LIBS$/unboundid-5.1.4/unboundid-ldapsdk-5.1.4.jar!/" />
+        </CLASSES>
+        <JAVADOC />
+        <SOURCES />
+      </library>
+    </orderEntry>
 
   </component>
 </module>
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index e52d7c2..99d537d 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -58,26 +58,33 @@ public class TestJNDIRealmIntegration {
     @Parameterized.Parameters(name = "{index}: user[{5}], pwd[{6}]")
     public static Collection<Object[]> parameters() {
         List<Object[]> parameterSets = new ArrayList<>();
-        for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
-            addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, parameterSets);
-            addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, parameterSets);
+        for (String userRoleAttribute : new String[] { "cn", null }) {
+            for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
+                if (userRoleAttribute != null) {
+                    addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets);
+                    addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets);
+                }
+            }
+            parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
+                    "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] { "TestGroup4" },
+                    userRoleAttribute });
         }
-        parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
-                "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] {"TestGroup4"} });
         return parameterSets;
     }
 
 
     private static void addUsers(String userPattern, String userSearch, String userBase, String roleSearch,
-            String roleBase, List<Object[]> parameterSets) {
+            String roleBase, String userRoleAttribute, List<Object[]> parameterSets) {
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
-                "test", "test", new String[] {"TestGroup"} });
+                "test", "test", new String[] {"TestGroup"}, userRoleAttribute });
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
-                "t;", "test", new String[] {"TestGroup"} });
+                "t;", "test", new String[] {"TestGroup"}, userRoleAttribute });
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
-                "t*", "test", new String[] {"TestGroup"} });
+                "t*", "test", new String[] {"TestGroup"}, userRoleAttribute });
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
-                "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"} });
+                "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"}, userRoleAttribute });
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
+                "norole", "test", new String[0], userRoleAttribute });
     }
 
 
@@ -97,6 +104,8 @@ public class TestJNDIRealmIntegration {
     public String credentials;
     @Parameter(7)
     public String[] groups;
+    @Parameter(8)
+    public String realmConfigUserRoleAttribute;
 
     @Test
     public void testAuthenication() throws Exception {
@@ -107,7 +116,7 @@ public class TestJNDIRealmIntegration {
         realm.setUserPattern(realmConfigUserPattern);
         realm.setUserSearch(realmConfigUserSearch);
         realm.setUserBase(realmConfigUserBase);
-        realm.setUserRoleAttribute("cn");
+        realm.setUserRoleAttribute(realmConfigUserRoleAttribute);
         realm.setRoleName("cn");
         realm.setRoleBase(realmConfigRoleBase);
         realm.setRoleSearch(realmConfigRoleSearch);
@@ -203,6 +212,17 @@ public class TestJNDIRealmIntegration {
             result = conn.processOperation(addUserTestEquals);
             Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
 
+            AddRequest addUserNoRole = new AddRequest(
+                    "dn: cn=norole,ou=people,dc=example,dc=com",
+                    "objectClass: top",
+                    "objectClass: person",
+                    "objectClass: organizationalPerson",
+                    "cn: norole",
+                    "sn: No Role",
+                    "userPassword: test");
+            result = conn.processOperation(addUserNoRole);
+            Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
             AddRequest addGroupTest = new AddRequest(
                     "dn: cn=TestGroup,ou=people,dc=example,dc=com",
                     "objectClass: top",
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0efc03d..630110e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 10.0.7 (markt)" rtext="in development">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        <bug>63508</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code>
+        is given. (fschumacher)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Coyote">
     <changelog>
       <fix>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]