[jira] [Updated] (HADOOP-18821) LdapGroupsMapping crashes with NullPointerException while going up the group hierarchy

Wed, 13 Sep 2023 18:02:07 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-18821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated HADOOP-18821:
------------------------------------
    Labels: pull-request-available  (was: )

> LdapGroupsMapping crashes with NullPointerException while going up the group 
> hierarchy 
> ---------------------------------------------------------------------------------------
>
>                 Key: HADOOP-18821
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18821
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 3.3.6
>            Reporter: ConfX
>            Priority: Critical
>              Labels: pull-request-available
>         Attachments: reproduce.sh
>
>
> h2. What happened:
> When set {{hadoop.security.group.mapping.ldap.search.group.hierarchy.levels}} 
> to a value larger than 0, {{goUpGroupHierarchy}} in 
> {{org/apache/hadoop/security/LdapGroupsMapping.java}} may return a null 
> {{{}groupResults{}}}and use it without checking null.
> h2. Buggy code:
> {noformat}
>   void goUpGroupHierarchy(Set<String> groupDNs, int goUpHierarchy, 
> Set<String> groups) throws NamingException {
>     if (goUpHierarchy <= 0 || groups.isEmpty()) {
>       return;
>     }
>     ...
>     NamingEnumeration<SearchResult> groupResults = 
> context.search(groupbaseDN, filter.toString(), SEARCH_CONTROLS);
>     while (groupResults.hasMoreElements()) {          // <--- Here 
> groupResults may be null
>     ...
>     }
>     ...
>   }{noformat}
> h2. How to reproduce:
> (1) Set {{hadoop.security.group.mapping.ldap.search.group.hierarchy.levels}} 
> to 1
> (2) Run test 
> {{org.apache.hadoop.security.TestLdapGroupsMapping#testGetGroupsWithConnectionClosed}}
> h2. Stack trace:
> {noformat}
> java.lang.NullPointerException
>         at 
> org.apache.hadoop.security.LdapGroupsMapping.goUpGroupHierarchy(LdapGroupsMapping.java:612)
>         at 
> org.apache.hadoop.security.LdapGroupsMapping.lookupGroup(LdapGroupsMapping.java:489)
>         at 
> org.apache.hadoop.security.LdapGroupsMapping.doGetGroups(LdapGroupsMapping.java:552)
>         at 
> org.apache.hadoop.security.LdapGroupsMapping.getGroups(LdapGroupsMapping.java:365){noformat}
> For an easy reproduction, run the reproduce.sh in the attachment.
> We also create a PR provides a fix by checking the groupResults is not Null 
> before it is accessed, similar to what's done in 
> `org.apache.hadoop.security.LdapGroupsMapping#lookupGroup`



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to