[ https://issues.apache.org/jira/browse/HADOOP-18821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17764927#comment-17764927 ]
ASF GitHub Bot commented on HADOOP-18821: ----------------------------------------- teamconfx opened a new pull request, #6066: URL: https://github.com/apache/hadoop/pull/6066 <!-- Thanks for sending a pull request! 1. If this is your first time, please read our contributor guidelines: https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute 2. Make sure your PR title starts with JIRA issue id, e.g., 'HADOOP-17799. Your PR title ...'. --> ### Description of PR https://issues.apache.org/jira/browse/HADOOP-18821 This PR provides a fix by checking the groupResults is not Null before it is accessed, similar to what's done in `org.apache.hadoop.security.LdapGroupsMapping#lookupGroup` ### How was this patch tested? Unit test ### For code changes: - [x] Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')? - [ ] Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`, `NOTICE-binary` files? > LdapGroupsMapping crashes with NullPointerException while going up the group > hierarchy > --------------------------------------------------------------------------------------- > > Key: HADOOP-18821 > URL: https://issues.apache.org/jira/browse/HADOOP-18821 > Project: Hadoop Common > Issue Type: Bug > Affects Versions: 3.3.6 > Reporter: ConfX > Priority: Critical > Attachments: reproduce.sh > > > h2. What happened: > When set {{hadoop.security.group.mapping.ldap.search.group.hierarchy.levels}} > to a value larger than 0, {{goUpGroupHierarchy}} in > {{org/apache/hadoop/security/LdapGroupsMapping.java}} may return a null > {{{}groupResults{}}}and use it without checking null. > h2. Buggy code: > {noformat} > void goUpGroupHierarchy(Set<String> groupDNs, int goUpHierarchy, > Set<String> groups) throws NamingException { > if (goUpHierarchy <= 0 || groups.isEmpty()) { > return; > } > ... > NamingEnumeration<SearchResult> groupResults = > context.search(groupbaseDN, filter.toString(), SEARCH_CONTROLS); > while (groupResults.hasMoreElements()) { // <--- Here > groupResults may be null > ... > } > ... > }{noformat} > h2. How to reproduce: > (1) Set {{hadoop.security.group.mapping.ldap.search.group.hierarchy.levels}} > to 1 > (2) Run test > {{org.apache.hadoop.security.TestLdapGroupsMapping#testGetGroupsWithConnectionClosed}} > h2. Stack trace: > {noformat} > java.lang.NullPointerException > at > org.apache.hadoop.security.LdapGroupsMapping.goUpGroupHierarchy(LdapGroupsMapping.java:612) > at > org.apache.hadoop.security.LdapGroupsMapping.lookupGroup(LdapGroupsMapping.java:489) > at > org.apache.hadoop.security.LdapGroupsMapping.doGetGroups(LdapGroupsMapping.java:552) > at > org.apache.hadoop.security.LdapGroupsMapping.getGroups(LdapGroupsMapping.java:365){noformat} > For an easy reproduction, run the reproduce.sh in the attachment. > We also create a PR provides a fix by checking the groupResults is not Null > before it is accessed, similar to what's done in > `org.apache.hadoop.security.LdapGroupsMapping#lookupGroup` -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org