[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
Github user pravsingh commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/496#discussion_r205904126 --- Diff: src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java --- @@ -66,8 +67,8 @@ public SaslQuorumAuthLearner(boolean quorumRequireSasl, + "section '" + loginContext + "' could not be found."); } -this.learnerLogin = new Login(loginContext, -new SaslClientCallbackHandler(null, "QuorumLearner"), new ZKConfig()); +this.learnerLogin = loginFactory.createLogin(loginContext, +new SaslClientCallbackHandler(null, "QuorumLearner"), new ZKConfig()); --- End diff -- this can be put on above line. makes it more readable. ---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
Github user lujiefsi commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/496#discussion_r184676603
--- Diff:
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
---
@@ -94,7 +94,10 @@ public void authenticate(Socket sock, String hostName)
throws IOException {
principalConfig,
QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME,
QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG,
"QuorumLearner");
-
+if (sc == null) {
--- End diff --
I will try unit test written by @brettKK ~~
---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
Github user lujiefsi commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/496#discussion_r184675859
--- Diff:
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
---
@@ -94,7 +94,10 @@ public void authenticate(Socket sock, String hostName)
throws IOException {
principalConfig,
QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME,
QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG,
"QuorumLearner");
-
+if (sc == null) {
--- End diff --
Hum, it is hard for me to write a unit test for this bug, any suggestion?
@brettKK @anmolnar @phunt @nkalmar @others
---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
Github user lujiefsi commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/496#discussion_r184251756
--- Diff:
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
---
@@ -94,7 +94,10 @@ public void authenticate(Socket sock, String hostName)
throws IOException {
principalConfig,
QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME,
QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG,
"QuorumLearner");
-
+if (sc == null) {
--- End diff --
For #1:
Follower#77,Observer#69,QuorumCnxManager#333 all have same patern:
`try { //root caller } catch (IOException e) {//handler code}`
#2 and #3, @brettKK .
---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
Github user phunt commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/496#discussion_r184218439
--- Diff:
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
---
@@ -94,7 +94,10 @@ public void authenticate(Socket sock, String hostName)
throws IOException {
principalConfig,
QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME,
QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG,
"QuorumLearner");
-
+if (sc == null) {
--- End diff --
Same feedback as #495
1) check the callers and see if it's handled properly. Likely it will be
logged there as well. Verify/report.
2) No need to say exception in an exception. The text of LOG.error line
seems like it would have been a good error string for the exception itself.
3) as previously noted, add a test.
---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
GitHub user brettKK reopened a pull request:
https://github.com/apache/zookeeper/pull/496
ZOOKEEPER-3008: Potential NPE in SaslQuorumAuthLearner#authenticate and
SaslQuorumAuthServer#authenticate
@LJ1043041006 found a potential NPE in ZK
callee :SecurityUtils#createSaslClient will return null while encounter
exception
```
// code placeholder
catch (Exception e) {
LOG.error("Exception while trying to create SASL client", e);
return null;
}
```
but its caller has no null check just like:
-
and caller SaslQuorumAuthLearner#authenticate call it without null check
```
// code placeholder
sc = SecurityUtils.createSaslClient();
if (sc.hasInitialResponse()) {
responseToken = createSaslToken(new byte[0], sc, learnerLogin);
}
```
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/brettKK/zookeeper ZOOKEEPER-3008
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/496.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #496
commit 7d8d5230c5a87faef94d038a258b159a322f3f5e
Author: gongleigl.gong
Date: 2018-03-26T13:16:06Z
d
commit 700dfb7f48f774dd215e5bf19340a4b61eda3397
Author: gongleigl.gong
Date: 2018-03-27T16:38:28Z
fix NPE bug
commit 1ad4da8fc0269378fb2f43975954b5553b0c00e5
Author: gongleigl.gong
Date: 2018-03-28T08:58:24Z
NPE inZOOKEEPER-3008
commit 4458bb32d5813272e0bf0d34364b082e51cad3ed
Author: gongleigl.gong
Date: 2018-03-28T09:01:10Z
del unuse
commit 7fad1997be2a0401582ab315d60943475ebe1ef1
Author: gongleigl.gong
Date: 2018-03-28T09:02:32Z
keep up with master
commit 765180fd82a554a2da1c7324843bfe99b8d0a4ed
Author: gongleigl.gong
Date: 2018-03-28T09:04:50Z
add NPE place
commit cf611d1783525df308930bb4e3cb2a1cc397ca55
Author: gongleigl.gong
Date: 2018-03-28T09:12:31Z
fix code
commit 5eec8762b985f31eeb5e607dfd078d197b5a9980
Author: gongleigl.gong
Date: 2018-03-28T09:46:56Z
fix jenkins error
commit 925bfd2f279852c1898d0f493ccce4ea669d8f9c
Author: gongleigl.gong
Date: 2018-03-28T11:25:19Z
del catch
commit c7879123134b7145ab102a862c11891cacca8298
Author: gongleigl.gong
Date: 2018-03-28T14:11:28Z
fix code
---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
Github user brettKK closed the pull request at: https://github.com/apache/zookeeper/pull/496 ---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
GitHub user brettKK reopened a pull request:
https://github.com/apache/zookeeper/pull/496
ZOOKEEPER-3008: Potential NPE in SaslQuorumAuthLearner#authenticate and
SaslQuorumAuthServer#authenticate
@LJ1043041006 found a potential NPE in ZK
callee :SecurityUtils#createSaslClient will return null while encounter
exception
```
// code placeholder
catch (Exception e) {
LOG.error("Exception while trying to create SASL client", e);
return null;
}
```
but its caller has no null check just like:
-
and caller SaslQuorumAuthLearner#authenticate call it without null check
```
// code placeholder
sc = SecurityUtils.createSaslClient();
if (sc.hasInitialResponse()) {
responseToken = createSaslToken(new byte[0], sc, learnerLogin);
}
```
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/brettKK/zookeeper ZOOKEEPER-3008
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/496.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #496
commit 7d8d5230c5a87faef94d038a258b159a322f3f5e
Author: gongleigl.gong
Date: 2018-03-26T13:16:06Z
d
commit 700dfb7f48f774dd215e5bf19340a4b61eda3397
Author: gongleigl.gong
Date: 2018-03-27T16:38:28Z
fix NPE bug
commit 1ad4da8fc0269378fb2f43975954b5553b0c00e5
Author: gongleigl.gong
Date: 2018-03-28T08:58:24Z
NPE inZOOKEEPER-3008
commit 4458bb32d5813272e0bf0d34364b082e51cad3ed
Author: gongleigl.gong
Date: 2018-03-28T09:01:10Z
del unuse
commit 7fad1997be2a0401582ab315d60943475ebe1ef1
Author: gongleigl.gong
Date: 2018-03-28T09:02:32Z
keep up with master
commit 765180fd82a554a2da1c7324843bfe99b8d0a4ed
Author: gongleigl.gong
Date: 2018-03-28T09:04:50Z
add NPE place
commit cf611d1783525df308930bb4e3cb2a1cc397ca55
Author: gongleigl.gong
Date: 2018-03-28T09:12:31Z
fix code
commit 5eec8762b985f31eeb5e607dfd078d197b5a9980
Author: gongleigl.gong
Date: 2018-03-28T09:46:56Z
fix jenkins error
commit 925bfd2f279852c1898d0f493ccce4ea669d8f9c
Author: gongleigl.gong
Date: 2018-03-28T11:25:19Z
del catch
commit c7879123134b7145ab102a862c11891cacca8298
Author: gongleigl.gong
Date: 2018-03-28T14:11:28Z
fix code
---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
Github user brettKK closed the pull request at: https://github.com/apache/zookeeper/pull/496 ---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
Github user anmolnar commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/496#discussion_r177697912
--- Diff:
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
---
@@ -134,6 +138,8 @@ public void authenticate(Socket sock, String hostName)
throws IOException {
// Validate status code at the end of authentication exchange.
checkAuthStatus(sock, qpStatus);
+} catch (RuntimeException e) {
--- End diff --
@brettKK What's the point of swallowing it here?
---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
Github user LJ1043041006 commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/496#discussion_r177685103
--- Diff:
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
---
@@ -94,7 +94,7 @@ public void authenticate(Socket sock, String hostName)
throws IOException {
principalConfig,
QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME,
QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG,
"QuorumLearner");
-
+// may happen NPE at here
if (sc.hasInitialResponse()) {
responseToken = createSaslToken(new byte[0], sc,
learnerLogin);
--- End diff --
just add sc!=null is ok?
---
[GitHub] zookeeper pull request #496: ZOOKEEPER-3008: Potential NPE in SaslQuorumAuth...
GitHub user brettKK opened a pull request:
https://github.com/apache/zookeeper/pull/496
ZOOKEEPER-3008: Potential NPE in SaslQuorumAuthLearner#authenticate and
SaslQuorumAuthServer#authenticate
@LJ1043041006 found a potential NPE in ZK
callee :SecurityUtils#createSaslClient will return null while encounter
exception
```
// code placeholder
catch (Exception e) {
LOG.error("Exception while trying to create SASL client", e);
return null;
}
```
but its caller has no null check just like:
-
and caller ReferenceCountedACLCache#deserialize call it without null check
```
// code placeholder
sc = SecurityUtils.createSaslClient();
if (sc.hasInitialResponse()) {
responseToken = createSaslToken(new byte[0], sc, learnerLogin);
}
```
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/brettKK/zookeeper ZOOKEEPER-3008
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/496.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #496
commit 7d8d5230c5a87faef94d038a258b159a322f3f5e
Author: gongleigl.gong
Date: 2018-03-26T13:16:06Z
d
commit 700dfb7f48f774dd215e5bf19340a4b61eda3397
Author: gongleigl.gong
Date: 2018-03-27T16:38:28Z
fix NPE bug
commit 1ad4da8fc0269378fb2f43975954b5553b0c00e5
Author: gongleigl.gong
Date: 2018-03-28T08:58:24Z
NPE inZOOKEEPER-3008
commit 4458bb32d5813272e0bf0d34364b082e51cad3ed
Author: gongleigl.gong
Date: 2018-03-28T09:01:10Z
del unuse
commit 7fad1997be2a0401582ab315d60943475ebe1ef1
Author: gongleigl.gong
Date: 2018-03-28T09:02:32Z
keep up with master
commit 765180fd82a554a2da1c7324843bfe99b8d0a4ed
Author: gongleigl.gong
Date: 2018-03-28T09:04:50Z
add NPE place
---
