You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "lujie (JIRA)" <ji...@apache.org> on 2018/03/26 07:43:00 UTC

[jira] [Created] (ZOOKEEPER-3008) Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate

lujie created ZOOKEEPER-3008:
--------------------------------

             Summary: Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate
                 Key: ZOOKEEPER-3008
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3008
             Project: ZooKeeper
          Issue Type: Bug
    Affects Versions: 3.6.0
            Reporter: lujie


After ZK-3006 , I develop a very simple static analysis tool to find other Potential NPE like ZK-3006, this bug is found by this tool and  carefully studied by myself, hopefully to be confirmed.

 
h2. Bug description:

callee :SecurityUtils#createSaslClient will return null while encounter exception
{code:java}
// code placeholder
catch (Exception e) {
  LOG.error("Exception while trying to create SASL client", e);
  return null;
}
{code}
but its caller has no null check just like:
{code:java}
// code placeholder
sc = SecurityUtils.createSaslClient();
if (sc.hasInitialResponse()) {
   responseToken = createSaslToken(new byte[0], sc, learnerLogin);
}
{code}
I think we should add null check while callee return null



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)