zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-3008) Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate
Date Wed, 28 Mar 2018 14:53:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-3008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16417462#comment-16417462
] 

ASF GitHub Bot commented on ZOOKEEPER-3008:
-------------------------------------------

GitHub user brettKK reopened a pull request:

    https://github.com/apache/zookeeper/pull/496

    ZOOKEEPER-3008: Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate

    @LJ1043041006 found a potential NPE in ZK
    ----
    callee :SecurityUtils#createSaslClient will return null while encounter exception
    ```
    // code placeholder
    catch (Exception e) {
      LOG.error("Exception while trying to create SASL client", e);
      return null;
    }
    ```
    but its caller has no null check just like:
    -----
    and caller SaslQuorumAuthLearner#authenticate  call it without null check
    ```
    // code placeholder
    sc = SecurityUtils.createSaslClient();
    if (sc.hasInitialResponse()) {
       responseToken = createSaslToken(new byte[0], sc, learnerLogin);
    }
    ```

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/brettKK/zookeeper ZOOKEEPER-3008

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zookeeper/pull/496.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #496
    
----
commit 7d8d5230c5a87faef94d038a258b159a322f3f5e
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-26T13:16:06Z

    d

commit 700dfb7f48f774dd215e5bf19340a4b61eda3397
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-27T16:38:28Z

    fix NPE bug

commit 1ad4da8fc0269378fb2f43975954b5553b0c00e5
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-28T08:58:24Z

    NPE inZOOKEEPER-3008

commit 4458bb32d5813272e0bf0d34364b082e51cad3ed
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-28T09:01:10Z

    del unuse

commit 7fad1997be2a0401582ab315d60943475ebe1ef1
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-28T09:02:32Z

    keep up with master

commit 765180fd82a554a2da1c7324843bfe99b8d0a4ed
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-28T09:04:50Z

    add NPE place

commit cf611d1783525df308930bb4e3cb2a1cc397ca55
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-28T09:12:31Z

    fix code

commit 5eec8762b985f31eeb5e607dfd078d197b5a9980
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-28T09:46:56Z

    fix jenkins error

commit 925bfd2f279852c1898d0f493ccce4ea669d8f9c
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-28T11:25:19Z

    del catch

commit c7879123134b7145ab102a862c11891cacca8298
Author: gongleigl.gong <gongleigl.gong@...>
Date:   2018-03-28T14:11:28Z

    fix code

----


> Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate
> -----------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-3008
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3008
>             Project: ZooKeeper
>          Issue Type: Bug
>    Affects Versions: 3.6.0
>            Reporter: lujie
>            Priority: Major
>
> Inspired by ZK-3006 , I develop a simple static analysis tool to find other Potential
NPE like ZK-3006. This bug is found by this tool ,and I have carefully studied it.  But i
am a newbie at here so i may be wrong, hope someone could confirm it and help me improve
this tool.
> h2. Bug description:
> callee :SecurityUtils#createSaslClient will return null while encounter exception
> {code:java}
> // code placeholder
> catch (Exception e) {
>   LOG.error("Exception while trying to create SASL client", e);
>   return null;
> }
> {code}
> but its caller has no null check just like:
> {code:java}
> // code placeholder
> sc = SecurityUtils.createSaslClient();
> if (sc.hasInitialResponse()) {
>    responseToken = createSaslToken(new byte[0], sc, learnerLogin);
> }
> {code}
> I think we should add null check in caller while callee return null



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message