[
https://issues.apache.org/jira/browse/STORM-3074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stig Rohde Døssing updated STORM-3074:
--------------------------------------
Affects Version/s: (was: 1.2.1)
(was: 1.0.6)
(was: 1.1.2)
> Inconsistent null checking in SaslMessageToken
> ----------------------------------------------
>
> Key: STORM-3074
> URL: https://issues.apache.org/jira/browse/STORM-3074
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-client
> Affects Versions: 2.0.0
> Reporter: Stig Rohde Døssing
> Assignee: Stig Rohde Døssing
> Priority: Minor
>
> The SaslMessageToken class will throw an NPE if buffer() is called and the
> payload is null. While the buffer method checks whether the token is null in
> a few places before dereferencing, the encodedLength method is called right
> off the bat, and it doesn't check for null.
> The payload is always generated by either
> https://docs.oracle.com/javase/7/docs/api/javax/security/sasl/SaslServer.html#evaluateResponse(byte[])
> or
> https://docs.oracle.com/javase/7/docs/api/javax/security/sasl/SaslClient.html#evaluateChallenge(byte[]).
> The javadoc indicates that if these return null, authentication has
> succeeded and it is unnecessary to send any more messages to the other party.
> I think if null SaslMessageToken payloads are never sent over the wire, we
> should remove all the null checking in SaslMessageToken and MessageDecoder,
> and ensure that the SASL handlers check for null before deciding to write
> tokens.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
