[jira] [Commented] (DIRSERVER-2411) potential null dereference in ChangeLogInterceptor

Sun, 13 Oct 2024 14:22:46 -0700 


    [ 
https://issues.apache.org/jira/browse/DIRSERVER-2411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17889042#comment-17889042
 ] 

Emmanuel Lécharny commented on DIRSERVER-2411:
----------------------------------------------

Hi,

 

the {{rename}} method is clearly at risk of leaving {{servEntry}} with a null 
value, leading to some potential NPE alter on.

I think the best correction would be to use this code instead:

 
{code:java}
    public void rename( RenameOperationContext renameContext ) throws 
LdapException
    {
        Entry serverEntry = null;

        if ( changeLog.isEnabled() )
        {
            serverEntry = renameContext.getOriginalEntry();
        }

        next( renameContext );

        if ( !changeLog.isEnabled() )
        {
            return;
        }
...
{code}

the {{renameContext.getOriginalEntry()}} call will *always* return a value.

> potential null dereference in ChangeLogInterceptor
> --------------------------------------------------
>
>                 Key: DIRSERVER-2411
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2411
>             Project: Directory ApacheDS
>          Issue Type: Bug
>            Reporter: Ekaterina Zilotina
>            Priority: Major
>
> In results of static analyze with Svace I found potential null dereference 
> [potential null 
> dereference|https://github.com/apache/directory-server/blob/7e913cf507092f6fd7aedd3daff204fbf019772a/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java#L373]
>  of *serverEntry* value in 
> [rename()|https://github.com/apache/directory-server/blob/7e913cf507092f6fd7aedd3daff204fbf019772a/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java#L347]
>  function.
> *serverEntry* gets *null* while creating at the start of *rename()* function 
> and can be dereferenced in *LdifRevertor.reverseRename()* function call at 
> line 372 
> how about to add check for this case when serverEntry will keep null after 
> instruction 353 line?
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to