[ZOOKEEPER-3008] Potential NPE in SaslQuorumAuthLearner#authenticate and SaslQuorumAuthServer#authenticate - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.6.0
Fix Version/s: None
Component/s: None
Labels:
- pull-request-available

Description

Inspired by ZK-3006 , I develop a simple static analysis tool to find other Potential NPE like ZK-3006. This bug is found by this tool ,and I have carefully studied it. But i am a newbie at here so i may be wrong, hope someone could confirm it and help me improve this tool.

Bug description:

callee :SecurityUtils#createSaslClient will return null while encounter exception

// code placeholder
catch (Exception e) {
  LOG.error("Exception while trying to create SASL client", e);
  return null;
}

but its caller has no null check just like:

// code placeholder
sc = SecurityUtils.createSaslClient();
if (sc.hasInitialResponse()) {
   responseToken = createSaslToken(new byte[0], sc, learnerLogin);
}

I think we should add null check in caller while callee return null

Attachments

Issue Links

links to

GitHub Pull Request #496

Activity

People

Assignee:: Unassigned

Reporter:: lujie

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 26/Mar/18 07:42

Updated:: 12/Aug/18 03:40

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: