Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8901

NPE printed in logs if a SunQueryParamsString is not base64 encoded

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 12.0.2, 13.0.0, 13.5.0
    • Fix Version/s: 12.0.4, 13.5.0
    • Component/s: authentication
    • Labels:
    • Sprint:
      AM Sustaining Sprint 22, AM Sustaining Sprint 23

      Description

      Steps to reproduce:

      Call curl using a with a SunQueryParamsString that is not base64 encoded

      http://openam-local.example.com:8080/openam/UI/Login?SunQueryParamsString=http://www.bbc.co.uk/news

      This creates the following stacktrace in the logs:

      amAuthExceptionViewBean:05/03/2016 03:40:34:595 PM BST: Thread[http-bio-8080-exec-7,5,main]
      ERROR: AuthenticationServletBase.onUncaughtException:
      java.lang.NullPointerException
              at java.util.StringTokenizer.<init>(StringTokenizer.java:199)
              at java.util.StringTokenizer.<init>(StringTokenizer.java:221)
              at com.sun.identity.authentication.client.AuthClientUtils.decodeHash(AuthClientUtils.java:394)
              at com.sun.identity.authentication.client.AuthClientUtils.parseRequestParameters(AuthClientUtils.java:356)
              at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:279)
              at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
              at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
              at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:131)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:98)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
              at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
              at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
              at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
              at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:745)
      

      After fix OPENAM-7429 there is still one usecase where NPE can still occur
      for enencoded query string parameter checking.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jonthomas Jonathan Thomas
                Reporter:
                jonthomas Jonathan Thomas
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2h
                  2h
                  Remaining:
                  Remaining Estimate - 1h
                  1h
                  Logged:
                  Time Spent - Not Specified Time Not Required
                  Not Specified