cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values with length less than 4, patch from emswbandara applied, This closes #295
Date Thu, 20 Jul 2017 07:46:34 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 47f0d90a3 -> b5d13929e


Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values with
length less than 4, patch from emswbandara applied, This closes #295


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b5d13929
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b5d13929
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b5d13929

Branch: refs/heads/3.1.x-fixes
Commit: b5d13929e3a068cb009f10cb15ac3d05c3b72f67
Parents: 47f0d90
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Jul 20 10:37:32 2017 +0300
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Jul 20 10:46:16 2017 +0300

----------------------------------------------------------------------
 .../org/apache/cxf/transport/http/AbstractHTTPDestination.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b5d13929/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
index 58494cb..8a0152c 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
@@ -173,8 +173,12 @@ public abstract class AbstractHTTPDestination
             String authEncoded = creds.get(1);
             try {
                 byte[] authBytes = Base64Utility.decode(authEncoded);
+
+                if (authBytes == null) {
+                    throw new Base64Exception(new Throwable("Invalid Base64 data."));
+                }
                 
-                String authDecoded = decodeBasicAuthWithIso8859 
+                String authDecoded = decodeBasicAuthWithIso8859
                     ? new String(authBytes, StandardCharsets.ISO_8859_1) : new String(authBytes);
                 
                 int idx = authDecoded.indexOf(':');


Mime
View raw message