cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bfede...@apache.org
Subject [8/34] git commit: refs/heads/ui-ntier2 - CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API. If any API contains '&' i.e. no key value pair or '&<paramter-name>' i.e. a parameter without a value, then we get an NPE as owasp.esapi.S
Date Wed, 13 Mar 2013 20:21:34 GMT
CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API.
If any API contains '&' i.e. no key value pair or '&<paramter-name>' i.e. a
parameter without a value, then we get an NPE as owasp.esapi.StringUtilities.stripControls
deosn't handle NPE.


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/da89946c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/da89946c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/da89946c

Branch: refs/heads/ui-ntier2
Commit: da89946ca93a872d0a4bf907d4545c392b2055f1
Parents: c235d02
Author: Likitha Shetty <likitha.shetty@citrix.com>
Authored: Tue Mar 12 11:56:21 2013 +0530
Committer: Likitha Shetty <likitha.shetty@citrix.com>
Committed: Tue Mar 12 12:00:46 2013 +0530

----------------------------------------------------------------------
 server/src/com/cloud/api/ApiServer.java |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/da89946c/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index deb5e12..0439c6e 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -327,10 +327,12 @@ public class ApiServer implements HttpRequestHandler, ApiServerService
{
                     }
                     String[] value = (String[]) params.get(key);
                     // fail if parameter value contains ASCII control (non-printable) characters
-                    String newValue = StringUtils.stripControlCharacters(value[0]);
-                    if ( !newValue.equals(value[0]) ) {
-                        throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received
value " + value[0] + " for parameter "
-                                + key + " is invalid, contains illegal ASCII non-printable
characters");
+                    if (value[0] != null) {
+                        String newValue = StringUtils.stripControlCharacters(value[0]);
+                        if ( !newValue.equals(value[0]) ) {
+                            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received
value " + value[0] + " for parameter "
+                                    + key + " is invalid, contains illegal ASCII non-printable
characters");
+                        }
                     }
                     paramMap.put(key, value[0]);
                 }


Mime
View raw message