Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8C11CFDDF for ; Fri, 22 Mar 2013 15:13:53 +0000 (UTC) Received: (qmail 44067 invoked by uid 500); 22 Mar 2013 15:13:51 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 44040 invoked by uid 500); 22 Mar 2013 15:13:51 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 44029 invoked by uid 99); 22 Mar 2013 15:13:51 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Mar 2013 15:13:51 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 277498323A2; Fri, 22 Mar 2013 15:13:51 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: chipchilders@apache.org To: commits@cloudstack.apache.org Date: Fri, 22 Mar 2013 15:13:51 -0000 Message-Id: <62c6c272fa5b44c58a004333f2e59181@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/2] git commit: refs/heads/4.1 - CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API. If any API contains '&' i.e. no key value pair or '&' i.e. a parameter without a value, then we get an NPE as owasp.esapi.StringUt Updated Branches: refs/heads/4.1 8a18b7f23 -> 6a7c41c70 CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API. If any API contains '&' i.e. no key value pair or '&' i.e. a parameter without a value, then we get an NPE as owasp.esapi.StringUtilities.stripControls deosn't handle NPE. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7cf6aee0 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7cf6aee0 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7cf6aee0 Branch: refs/heads/4.1 Commit: 7cf6aee069388b51e952214fd84cd76fdf60c9ca Parents: 78f1ab1 Author: Likitha Shetty Authored: Tue Mar 12 11:56:21 2013 +0530 Committer: Chip Childers Committed: Fri Mar 22 15:08:52 2013 +0000 ---------------------------------------------------------------------- server/src/com/cloud/api/ApiServer.java | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7cf6aee0/server/src/com/cloud/api/ApiServer.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index deb5e12..0439c6e 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -327,10 +327,12 @@ public class ApiServer implements HttpRequestHandler, ApiServerService { } String[] value = (String[]) params.get(key); // fail if parameter value contains ASCII control (non-printable) characters - String newValue = StringUtils.stripControlCharacters(value[0]); - if ( !newValue.equals(value[0]) ) { - throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter " - + key + " is invalid, contains illegal ASCII non-printable characters"); + if (value[0] != null) { + String newValue = StringUtils.stripControlCharacters(value[0]); + if ( !newValue.equals(value[0]) ) { + throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter " + + key + " is invalid, contains illegal ASCII non-printable characters"); + } } paramMap.put(key, value[0]); }