Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-7429

NPE when base64 decoding a value which isn't base64 encoded.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.2, 13.0.0
    • Fix Version/s: 12.0.3, 13.0.0
    • Component/s: None
    • Sprint:
      AM Sustaining Sprint 14
    • Support Ticket IDs:

      Description

      This NPE should be prevented by checking if the function `org.forgerock.util.encode.Base64.decode(encoded.toCharArray())`

      returns a null value in the class `openam-shared/src/main/java/com/sun/identity/shared/encode/Base64.java`.

        /**
           * Decodes a BASE64 encoded char array. All illegal characters will be
           * ignored and can handle both arrays with and without line separators.
           *
           * @param sArr
           *            The source array. <code>null</code> or length 0 will return an
           *            empty array.
           * @return The decoded array of bytes. May be of length 0. Will be
           *         <code>null</code> if the legal characters (including '=') isn't
           *         divideable by 4. (I.e. definitely corrupted).
           */
          public static byte[] decode(final char[] sArr) {
      

      The NPE:

      ERROR: AuthenticationServletBase.onUncaughtException: 
      java.lang.NullPointerException 
      at java.lang.String.<init>(String.java:505) 
      at com.sun.identity.shared.encode.Base64.decodeAsUTF8String(Base64.java:86) 
      at com.sun.identity.authentication.client.AuthClientUtils.decodeHash(AuthClientUtils.java:381) 
      at com.sun.identity.authentication.client.AuthClientUtils.parseRequestParameters(AuthClientUtils.java:354) 
      at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:279) 
      at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981) 
      at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615) 
      at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473) 
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) 
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
      at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
      at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:112) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
      at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
      at de.o2.servlet.filter.setup.LoopProtectServletFilter.doFilter(LoopProtectServletFilter.java:77) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) 
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) 
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) 
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) 
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) 
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:931) 
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) 
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) 
      at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200) 
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) 
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) 
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
      at java.lang.Thread.run(Thread.java:745)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jonthomas Jonathan Thomas
                Reporter:
                quentin.castel Quentin CASTEL [X] (Inactive)
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: