You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/03/28 09:08:00 UTC
[jira] [Commented] (ZOOKEEPER-3008) Potential NPE in
SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16417068#comment-16417068 ]
ASF GitHub Bot commented on ZOOKEEPER-3008:
-------------------------------------------
GitHub user brettKK opened a pull request:
https://github.com/apache/zookeeper/pull/496
ZOOKEEPER-3008: Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate
@LJ1043041006 found a potential NPE in ZK
----
callee :SecurityUtils#createSaslClient will return null while encounter exception
```
// code placeholder
catch (Exception e) {
LOG.error("Exception while trying to create SASL client", e);
return null;
}
```
but its caller has no null check just like:
-----
and caller ReferenceCountedACLCache#deserialize call it without null check
```
// code placeholder
sc = SecurityUtils.createSaslClient();
if (sc.hasInitialResponse()) {
responseToken = createSaslToken(new byte[0], sc, learnerLogin);
}
```
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/brettKK/zookeeper ZOOKEEPER-3008
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/496.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #496
----
commit 7d8d5230c5a87faef94d038a258b159a322f3f5e
Author: gongleigl.gong <go...@...>
Date: 2018-03-26T13:16:06Z
d
commit 700dfb7f48f774dd215e5bf19340a4b61eda3397
Author: gongleigl.gong <go...@...>
Date: 2018-03-27T16:38:28Z
fix NPE bug
commit 1ad4da8fc0269378fb2f43975954b5553b0c00e5
Author: gongleigl.gong <go...@...>
Date: 2018-03-28T08:58:24Z
NPE inZOOKEEPER-3008
commit 4458bb32d5813272e0bf0d34364b082e51cad3ed
Author: gongleigl.gong <go...@...>
Date: 2018-03-28T09:01:10Z
del unuse
commit 7fad1997be2a0401582ab315d60943475ebe1ef1
Author: gongleigl.gong <go...@...>
Date: 2018-03-28T09:02:32Z
keep up with master
commit 765180fd82a554a2da1c7324843bfe99b8d0a4ed
Author: gongleigl.gong <go...@...>
Date: 2018-03-28T09:04:50Z
add NPE place
----
> Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate
> -----------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-3008
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3008
> Project: ZooKeeper
> Issue Type: Bug
> Affects Versions: 3.6.0
> Reporter: lujie
> Priority: Major
>
> Inspired by ZK-3006 , I develop a simple static analysis tool to find other Potential NPE like ZK-3006. This bug is found by this tool ,and I have carefully studied it. But i am a newbie at here so i may be wrong, hope someone could confirm it and help me improve this tool.
> h2. Bug description:
> callee :SecurityUtils#createSaslClient will return null while encounter exception
> {code:java}
> // code placeholder
> catch (Exception e) {
> LOG.error("Exception while trying to create SASL client", e);
> return null;
> }
> {code}
> but its caller has no null check just like:
> {code:java}
> // code placeholder
> sc = SecurityUtils.createSaslClient();
> if (sc.hasInitialResponse()) {
> responseToken = createSaslToken(new byte[0], sc, learnerLogin);
> }
> {code}
> I think we should add null check in caller while callee return null
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)