You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "lujie (JIRA)" <ji...@apache.org> on 2018/03/26 07:43:00 UTC
[jira] [Created] (ZOOKEEPER-3008) Potential NPE in
SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate
lujie created ZOOKEEPER-3008:
--------------------------------
Summary: Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate
Key: ZOOKEEPER-3008
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3008
Project: ZooKeeper
Issue Type: Bug
Affects Versions: 3.6.0
Reporter: lujie
After ZK-3006 , I develop a very simple static analysis tool to find other Potential NPE like ZK-3006, this bug is found by this tool and carefully studied by myself, hopefully to be confirmed.
h2. Bug description:
callee :SecurityUtils#createSaslClient will return null while encounter exception
{code:java}
// code placeholder
catch (Exception e) {
LOG.error("Exception while trying to create SASL client", e);
return null;
}
{code}
but its caller has no null check just like:
{code:java}
// code placeholder
sc = SecurityUtils.createSaslClient();
if (sc.hasInitialResponse()) {
responseToken = createSaslToken(new byte[0], sc, learnerLogin);
}
{code}
I think we should add null check while callee return null
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)