cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values with length less than 4, patch from emswbandara applied, This closes #295
Date Thu, 20 Jul 2017 07:39:21 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 84d71635c -> 539cbd70f


Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values with
length less than 4, patch from emswbandara applied, This closes #295


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/539cbd70
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/539cbd70
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/539cbd70

Branch: refs/heads/master
Commit: 539cbd70fb39676d64d0987e570fe69ff3d485d3
Parents: 84d7163
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Jul 20 10:37:32 2017 +0300
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Jul 20 10:39:04 2017 +0300

----------------------------------------------------------------------
 .../org/apache/cxf/transport/http/AbstractHTTPDestination.java   | 4 ++++
 1 file changed, 4 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/539cbd70/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
index 26e4c0a..0f69d33 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
@@ -174,6 +174,10 @@ public abstract class AbstractHTTPDestination
             try {
                 byte[] authBytes = Base64Utility.decode(authEncoded);
 
+                if (authBytes == null) {
+                    throw new Base64Exception(new Throwable("Invalid Base64 data."));
+                }
+                
                 String authDecoded = decodeBasicAuthWithIso8859
                     ? new String(authBytes, StandardCharsets.ISO_8859_1) : new String(authBytes);
 


Mime
View raw message