tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 54438] New: Bug fix 52953 introduces NullPointerException in RealBase.java line 409 when user not found in JDBC
Date Wed, 16 Jan 2013 21:14:31 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=54438

            Bug ID: 54438
           Summary: Bug fix 52953 introduces NullPointerException in
                    RealBase.java line 409 when user not found in JDBC
           Product: Tomcat 7
           Version: 7.0.27
          Hardware: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: bruce@iris.washington.edu
    Classification: Unclassified

The fix to bug 52953 introduces a NullPointerException at line 409
in RealBase.java

For example compare:
http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_26/java/org/apache/catalina/realm/RealmBase.java

and 
http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_27/java/org/apache/catalina/realm/RealmBase.java


String md5a1 = getDigest(username, realm);
was changed to
String md5a1 = getDigest(username, realm).toLowerCase(Locale.ENGLISH);

If getDigest(username,realm) returns null if the user is not found
and as a result you get a NPE when toLowerCase() is invoked on the null.

I looked in the trunk, and the code hasn't changed.

Seems like there should already be a bug posted on this as it makes digest
authentication useless, but I can't find one!

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message