[STORM-3074] Inconsistent null checking in SaslMessageToken - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: In Progress
Priority: Minor
Resolution: Unresolved
Affects Version/s: 2.0.0
Fix Version/s: None
Component/s: storm-client
Labels:
None

Description

The SaslMessageToken class will throw an NPE if buffer() is called and the payload is null. While the buffer method checks whether the token is null in a few places before dereferencing, the encodedLength method is called right off the bat, and it doesn't check for null.

The payload is always generated by either https://docs.oracle.com/javase/7/docs/api/javax/security/sasl/SaslServer.html#evaluateResponse(byte[]) or https://docs.oracle.com/javase/7/docs/api/javax/security/sasl/SaslClient.html#evaluateChallenge(byte[]). The javadoc indicates that if these return null, authentication has succeeded and it is unnecessary to send any more messages to the other party.

I think if null SaslMessageToken payloads are never sent over the wire, we should remove all the null checking in SaslMessageToken and MessageDecoder, and ensure that the SASL handlers check for null before deciding to write tokens.

Attachments

Activity

People

Assignee:: Stig Rohde Døssing

Reporter:: Stig Rohde Døssing

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 15/May/18 17:15

Updated:: 15/May/18 17:25