Return-Path: X-Original-To: apmail-incubator-cloudstack-commits-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1D660E73A for ; Wed, 13 Mar 2013 17:14:01 +0000 (UTC) Received: (qmail 32106 invoked by uid 500); 13 Mar 2013 17:13:57 -0000 Delivered-To: apmail-incubator-cloudstack-commits-archive@incubator.apache.org Received: (qmail 32011 invoked by uid 500); 13 Mar 2013 17:13:57 -0000 Mailing-List: contact cloudstack-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-commits@incubator.apache.org Received: (qmail 31340 invoked by uid 99); 13 Mar 2013 17:13:57 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Mar 2013 17:13:57 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 0863ADE1B; Wed, 13 Mar 2013 17:13:57 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: bfederle@apache.org To: cloudstack-commits@incubator.apache.org X-Mailer: ASF-Git Admin Mailer Subject: [8/35] git commit: refs/heads/ui-multiple-nics - CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API. If any API contains '&' i.e. no key value pair or '&' i.e. a parameter without a value, then we get an NPE as owasp. Message-Id: <20130313171357.0863ADE1B@tyr.zones.apache.org> Date: Wed, 13 Mar 2013 17:13:57 +0000 (UTC) CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API. If any API contains '&' i.e. no key value pair or '&' i.e. a parameter without a value, then we get an NPE as owasp.esapi.StringUtilities.stripControls deosn't handle NPE. Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/da89946c Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/da89946c Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/da89946c Branch: refs/heads/ui-multiple-nics Commit: da89946ca93a872d0a4bf907d4545c392b2055f1 Parents: c235d02 Author: Likitha Shetty Authored: Tue Mar 12 11:56:21 2013 +0530 Committer: Likitha Shetty Committed: Tue Mar 12 12:00:46 2013 +0530 ---------------------------------------------------------------------- server/src/com/cloud/api/ApiServer.java | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/da89946c/server/src/com/cloud/api/ApiServer.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index deb5e12..0439c6e 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -327,10 +327,12 @@ public class ApiServer implements HttpRequestHandler, ApiServerService { } String[] value = (String[]) params.get(key); // fail if parameter value contains ASCII control (non-printable) characters - String newValue = StringUtils.stripControlCharacters(value[0]); - if ( !newValue.equals(value[0]) ) { - throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter " - + key + " is invalid, contains illegal ASCII non-printable characters"); + if (value[0] != null) { + String newValue = StringUtils.stripControlCharacters(value[0]); + if ( !newValue.equals(value[0]) ) { + throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter " + + key + " is invalid, contains illegal ASCII non-printable characters"); + } } paramMap.put(key, value[0]); }