8019267: NPE in AbstractSaslImpl when trace level >= FINER in KRB5
Reviewed-by: mullan
--- a/jdk/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java Tue Jul 09 22:01:57 2013 -0400
+++ b/jdk/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java Wed Jul 10 15:11:32 2013 +0800
@@ -252,13 +252,12 @@
/**
- * Outputs a byte array and converts
+ * Outputs a byte array. Can be null.
*/
protected static final void traceOutput(String srcClass, String srcMethod,
String traceTag, byte[] output) {
- if (output != null) {
- traceOutput(srcClass, srcMethod, traceTag, output, 0, output.length);
- }
+ traceOutput(srcClass, srcMethod, traceTag, output, 0,
+ output == null ? 0 : output.length);
}
protected static final void traceOutput(String srcClass, String srcMethod,
@@ -274,13 +273,20 @@
lev = Level.FINEST;
}
- ByteArrayOutputStream out = new ByteArrayOutputStream(len);
- new HexDumpEncoder().encodeBuffer(
- new ByteArrayInputStream(output, offset, len), out);
+ String content;
+
+ if (output != null) {
+ ByteArrayOutputStream out = new ByteArrayOutputStream(len);
+ new HexDumpEncoder().encodeBuffer(
+ new ByteArrayInputStream(output, offset, len), out);
+ content = out.toString();
+ } else {
+ content = "NULL";
+ }
// Message id supplied by caller as part of traceTag
logger.logp(lev, srcClass, srcMethod, "{0} ( {1} ): {2}",
- new Object[] {traceTag, new Integer(origlen), out.toString()});
+ new Object[] {traceTag, new Integer(origlen), content});
} catch (Exception e) {
logger.logp(Level.WARNING, srcClass, srcMethod,
"SASLIMPL09:Error generating trace output: {0}", e);
--- a/jdk/test/sun/security/krb5/auto/SaslGSS.java Tue Jul 09 22:01:57 2013 -0400
+++ b/jdk/test/sun/security/krb5/auto/SaslGSS.java Wed Jul 10 15:11:32 2013 +0800
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 8012082
+ * @bug 8012082 8019267
* @summary SASL: auth-conf negotiated, but unencrypted data is accepted,
* reset to unencrypt
* @compile -XDignore.symbol.file SaslGSS.java
@@ -37,9 +37,16 @@
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslServer;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.PrintStream;
import java.util.HashMap;
import java.util.Locale;
+import java.util.logging.ConsoleHandler;
+import java.util.logging.Handler;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
import org.ietf.jgss.*;
import sun.security.jgss.GSSUtil;
@@ -79,14 +86,28 @@
}
});
- // Handshake
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ PrintStream oldErr = System.err;
+ System.setErr(new PrintStream(bout));
+
+ Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
+ Handler h = new ConsoleHandler();
+ h.setLevel(Level.ALL);
+ Logger.getLogger("javax.security.sasl").addHandler(h);
+
byte[] token = new byte[0];
- token = sc.initSecContext(token, 0, token.length);
- token = ss.evaluateResponse(token);
- token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
- token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
- token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
- ss.evaluateResponse(token);
+
+ try {
+ // Handshake
+ token = sc.initSecContext(token, 0, token.length);
+ token = ss.evaluateResponse(token);
+ token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
+ token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
+ token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
+ ss.evaluateResponse(token);
+ } finally {
+ System.setErr(oldErr);
+ }
// Talk
// 1. Client sends a auth-int message
@@ -102,5 +123,15 @@
if (!qop.getPrivacy()) {
throw new Exception();
}
+
+ for (String s: bout.toString().split("\\n")) {
+ if (s.contains("KRB5SRV04") && s.contains("NULL")) {
+ return;
+ }
+ }
+ System.out.println("=======================");
+ System.out.println(bout.toString());
+ System.out.println("=======================");
+ throw new Exception("Haven't seen KRB5SRV04 with NULL");
}
}