Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-883

Missing null check in SecurityContextImpl

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • 2.0.0.Beta1, 1.4.5.Final
    • 1.4.3.Final
    • None
    • None

    Description

      There is missing null check in io.undertow.security.impl.SecurityContextImpl.ChallengeSender.transition() method. Method mechanism.sendChallenge can return null (interface AuthenticationMechanism can have various implementations) which leads to NPE for calling some method on its result without null check. See [1].

      There should be null checker in SecurityContextImpl.ChallengeSender.transition() method or documentation of io.undertow.security.api.AuthenticationMechanism.sendChallenge should explicitly say that this method must not return null.

      [1] https://github.com/undertow-io/undertow/blob/43ff6d15b2054ac659d469165d508b7ddb954ff3/core/src/main/java/io/undertow/security/impl/SecurityContextImpl.java#L298

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6727 Missing null check in SecurityContextImpl

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Verified

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: