cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values with length less than 4, patch from emswbandara applied, This closes #295
Date Thu, 20 Jul 2017 08:43:36 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes c3db1ec14 -> 70db2a8b0


Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values with
length less than 4, patch from emswbandara applied, This closes #295


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/70db2a8b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/70db2a8b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/70db2a8b

Branch: refs/heads/3.0.x-fixes
Commit: 70db2a8b04e46f888694c2b5af0ef1cc07b78d6b
Parents: c3db1ec
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Jul 20 10:37:32 2017 +0300
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Jul 20 11:02:21 2017 +0300

----------------------------------------------------------------------
 .../org/apache/cxf/transport/http/AbstractHTTPDestination.java   | 4 ++++
 1 file changed, 4 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/70db2a8b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
index 19c4374..f81983d 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
@@ -172,6 +172,10 @@ public abstract class AbstractHTTPDestination
             String authEncoded = creds.get(1);
             try {
                 byte[] authBytes = Base64Utility.decode(authEncoded);
+
+                if (authBytes == null) {
+                    throw new Base64Exception(new Throwable("Invalid Base64 data."));
+                }
                 
                 String authDecoded = null;
                 if (decodeBasicAuthWithIso8859) {


Mime
View raw message