cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chipchild...@apache.org
Subject [1/2] git commit: refs/heads/4.1 - CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API. If any API contains '&' i.e. no key value pair or '&<paramter-name>' i.e. a parameter without a value, then we get an NPE as owasp.esapi.StringUt
Date Fri, 22 Mar 2013 15:13:51 GMT
Updated Branches:
  refs/heads/4.1 8a18b7f23 -> 6a7c41c70


CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API.
If any API contains '&' i.e. no key value pair or '&<paramter-name>' i.e. a
parameter without a value, then we get an NPE as owasp.esapi.StringUtilities.stripControls
deosn't handle NPE.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7cf6aee0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7cf6aee0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7cf6aee0

Branch: refs/heads/4.1
Commit: 7cf6aee069388b51e952214fd84cd76fdf60c9ca
Parents: 78f1ab1
Author: Likitha Shetty <likitha.shetty@citrix.com>
Authored: Tue Mar 12 11:56:21 2013 +0530
Committer: Chip Childers <chip.childers@gmail.com>
Committed: Fri Mar 22 15:08:52 2013 +0000

----------------------------------------------------------------------
 server/src/com/cloud/api/ApiServer.java |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7cf6aee0/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index deb5e12..0439c6e 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -327,10 +327,12 @@ public class ApiServer implements HttpRequestHandler, ApiServerService
{
                     }
                     String[] value = (String[]) params.get(key);
                     // fail if parameter value contains ASCII control (non-printable) characters
-                    String newValue = StringUtils.stripControlCharacters(value[0]);
-                    if ( !newValue.equals(value[0]) ) {
-                        throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received
value " + value[0] + " for parameter "
-                                + key + " is invalid, contains illegal ASCII non-printable
characters");
+                    if (value[0] != null) {
+                        String newValue = StringUtils.stripControlCharacters(value[0]);
+                        if ( !newValue.equals(value[0]) ) {
+                            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received
value " + value[0] + " for parameter "
+                                    + key + " is invalid, contains illegal ASCII non-printable
characters");
+                        }
                     }
                     paramMap.put(key, value[0]);
                 }


Mime
View raw message