You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/03/12 15:53:29 UTC

svn commit: r1576770 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/MemoryRealm.java test/org/apache/catalina/realm/TestMemoryRealm.java webapps/docs/changelog.xml

Author: markt
Date: Wed Mar 12 14:53:29 2014
New Revision: 1576770

URL: http://svn.apache.org/r1576770
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56246
Fix NullPointerException in MemoryRealm when authenticating an unknown user.

Added:
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java
      - copied unchanged from r1576768, tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java
Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1576768

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java?rev=1576770&r1=1576769&r2=1576770&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java Wed Mar 12 14:53:29 2014
@@ -140,7 +140,12 @@ public class MemoryRealm  extends RealmB
 
         GenericPrincipal principal = principals.get(username);
 
-        boolean validated = compareCredentials(credentials, principal.getPassword());
+        boolean validated;
+        if (principal == null) {
+            validated = false;
+        } else {
+            validated = compareCredentials(credentials, principal.getPassword());
+        }
 
         if (validated) {
             if (log.isDebugEnabled())

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1576770&r1=1576769&r2=1576770&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed Mar 12 14:53:29 2014
@@ -78,6 +78,10 @@
         is permitted) when a call to <code>AsyncContext.complete()</code> takes
         effect. (markt)
       </fix>
+      <fix>
+        <bug>56246</bug>: Fix NullPointerException in MemoryRealm when
+        authenticating an unknown user. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r1576770 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/MemoryRealm.java test/org/apache/catalina/realm/TestMemoryRealm.java webapps/docs/changelog.xml

Posted by Konstantin Kolinko <kn...@gmail.com>.

2014-03-12 18:53 GMT+04:00  <ma...@apache.org>:
> Author: markt
> Date: Wed Mar 12 14:53:29 2014
> New Revision: 1576770
>
> URL: http://svn.apache.org/r1576770
> Log:
> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56246
> Fix NullPointerException in MemoryRealm when authenticating an unknown user.
>
> Added:
>     tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java
>       - copied unchanged from r1576768, tomcat/trunk/test/org/apache/catalina/realm/TestMemoryRealm.java
> Modified:
>     tomcat/tc7.0.x/trunk/   (props changed)
>     tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java
>     tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
>
> Propchange: tomcat/tc7.0.x/trunk/
> ------------------------------------------------------------------------------
>   Merged /tomcat/trunk:r1576768
>
> Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java
> URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java?rev=1576770&r1=1576769&r2=1576770&view=diff
> ==============================================================================
> --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java (original)
> +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java Wed Mar 12 14:53:29 2014
> @@ -140,7 +140,12 @@ public class MemoryRealm  extends RealmB
>
>          GenericPrincipal principal = principals.get(username);
>

Tomcat 6 code here also protected against "credentials != null".

> -        boolean validated = compareCredentials(credentials, principal.getPassword());
> +        boolean validated;
> +        if (principal == null) {
> +            validated = false;
> +        } else {
> +            validated = compareCredentials(credentials, principal.getPassword());
> +        }
>
>          if (validated) {
>              if (log.isDebugEnabled())
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org