Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/guacamole-client/pull/242#discussion_r165832875
--- Diff:
extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
---
@@ -155,9 +157,10 @@ public AuthenticatedUser authenticateUser(Credentials
credentials)
// This is a response to a previous challenge, authenticate with
that.
else {
try {
+ byte[] stateBytes =
javax.xml.bind.DatatypeConverter.parseHexBinary(request.getParameter(RadiusStateField.PARAMETER_NAME));
--- End diff --
I'd like to also mention that this will likely throw a
`NullPointerException` if the state field is not present in the request. At
best, the behavior of
[`parseHexBinary()`](https://docs.oracle.com/javase/7/docs/api/javax/xml/bind/DatatypeConverter.html#parseHexBinary(java.lang.String))
is not defined for the case where its sole parameter is `null`. The potential
lack of the parameter in the request should probably be dealt with.
---
