Mikhail Titov created DIRSERVER-2424:
----------------------------------------
Summary: Possible Null pointer dereference in LdifPartition
Key: DIRSERVER-2424
URL: https://issues.apache.org/jira/browse/DIRSERVER-2424
Project: Directory ApacheDS
Issue Type: Bug
Components: ldif
Affects Versions: 2.0.0.AM27
Reporter: Mikhail Titov
Method
[ldifFile.getParentFile()|https://github.com/apache/directory-server/blob/5f01dc406ff24892164849c73a34b1781b0f6a26/ldif-partition/src/main/java/org/apache/directory/server/core/partition/ldif/LdifPartition.java#L341]
can return Null if this pathname does not name a parent, so an [attempt to
access
null|https://github.com/apache/directory-server/blob/5f01dc406ff24892164849c73a34b1781b0f6a26/ldif-partition/src/main/java/org/apache/directory/server/core/partition/ldif/LdifPartition.java#L343]
can lead to NPE and UB.
(Oracle Docs):
[getParentFile()|https://docs.oracle.com/javase/8/docs/api/java/io/File.html#getParentFile--].
In the [tests for the deletion
method|https://github.com/apache/directory-server/blob/5f01dc406ff24892164849c73a34b1781b0f6a26/ldif-partition/src/test/java/org/apache/directory/server/core/partition/ldif/LdifPartitionTest.java#L290-L467],
no checks were found for root directories or incorrect paths.
Perhaps I made a mistake and such ways should not be considered, I would love
to discuss this point.
I would suggest adding a check in case the parentFile is not found.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
