[
https://issues.apache.org/jira/browse/HADOOP-18821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17764927#comment-17764927
]
ASF GitHub Bot commented on HADOOP-18821:
-----------------------------------------
teamconfx opened a new pull request, #6066:
URL: https://github.com/apache/hadoop/pull/6066
<!--
Thanks for sending a pull request!
1. If this is your first time, please read our contributor guidelines:
https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute
2. Make sure your PR title starts with JIRA issue id, e.g.,
'HADOOP-17799. Your PR title ...'.
-->
### Description of PR
https://issues.apache.org/jira/browse/HADOOP-18821
This PR provides a fix by checking the groupResults is not Null before it is
accessed, similar to what's done in
`org.apache.hadoop.security.LdapGroupsMapping#lookupGroup`
### How was this patch tested?
Unit test
### For code changes:
- [x] Does the title or this PR starts with the corresponding JIRA issue id
(e.g. 'HADOOP-17799. Your PR title ...')?
- [ ] Object storage: have the integration tests been executed and the
endpoint declared according to the connector-specific documentation?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`,
`NOTICE-binary` files?
> LdapGroupsMapping crashes with NullPointerException while going up the group
> hierarchy
> ---------------------------------------------------------------------------------------
>
> Key: HADOOP-18821
> URL: https://issues.apache.org/jira/browse/HADOOP-18821
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 3.3.6
> Reporter: ConfX
> Priority: Critical
> Attachments: reproduce.sh
>
>
> h2. What happened:
> When set {{hadoop.security.group.mapping.ldap.search.group.hierarchy.levels}}
> to a value larger than 0, {{goUpGroupHierarchy}} in
> {{org/apache/hadoop/security/LdapGroupsMapping.java}} may return a null
> {{{}groupResults{}}}and use it without checking null.
> h2. Buggy code:
> {noformat}
> void goUpGroupHierarchy(Set<String> groupDNs, int goUpHierarchy,
> Set<String> groups) throws NamingException {
> if (goUpHierarchy <= 0 || groups.isEmpty()) {
> return;
> }
> ...
> NamingEnumeration<SearchResult> groupResults =
> context.search(groupbaseDN, filter.toString(), SEARCH_CONTROLS);
> while (groupResults.hasMoreElements()) { // <--- Here
> groupResults may be null
> ...
> }
> ...
> }{noformat}
> h2. How to reproduce:
> (1) Set {{hadoop.security.group.mapping.ldap.search.group.hierarchy.levels}}
> to 1
> (2) Run test
> {{org.apache.hadoop.security.TestLdapGroupsMapping#testGetGroupsWithConnectionClosed}}
> h2. Stack trace:
> {noformat}
> java.lang.NullPointerException
> at
> org.apache.hadoop.security.LdapGroupsMapping.goUpGroupHierarchy(LdapGroupsMapping.java:612)
> at
> org.apache.hadoop.security.LdapGroupsMapping.lookupGroup(LdapGroupsMapping.java:489)
> at
> org.apache.hadoop.security.LdapGroupsMapping.doGetGroups(LdapGroupsMapping.java:552)
> at
> org.apache.hadoop.security.LdapGroupsMapping.getGroups(LdapGroupsMapping.java:365){noformat}
> For an easy reproduction, run the reproduce.sh in the attachment.
> We also create a PR provides a fix by checking the groupResults is not Null
> before it is accessed, similar to what's done in
> `org.apache.hadoop.security.LdapGroupsMapping#lookupGroup`
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
