[jboss-jira] [JBoss JIRA] (WFCORE-2545) Principal with null name causes hidden NPE for chained-principal-transformer

Darran Lofthouse (JIRA) issues at jboss.org
Fri Jul 7 06:37:01 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved WFCORE-2545.
--------------------------------------
    Fix Version/s: 3.0.0.Beta29
       Resolution: Done


> Principal with null name causes hidden NPE for chained-principal-transformer
> ----------------------------------------------------------------------------
>
>                 Key: WFCORE-2545
>                 URL: https://issues.jboss.org/browse/WFCORE-2545
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 3.0.0.Beta29
>
>
> In case when Principal with null name is used in {{chain}} of {{org.wildfly.extension.elytron.capabilities.PrincipalTransformer}} then this method throw NullPointerException which is hidden to user due to JBEAP-9625.
> This issue can be simply reproduced by using regex-validating-principal-transformer and user which does not match given pattern. Then Principal name is set to null which results to following NPE:
> {code}
> java.lang.NullPointerException:
>   java.util.regex.Matcher.getTextLength(Matcher.java:1283)
>   java.util.regex.Matcher.reset(Matcher.java:309)
>   java.util.regex.Matcher.<init>(Matcher.java:229)
>   java.util.regex.Pattern.matcher(Pattern.java:1093)
>   org.wildfly.security.auth.util.RegexNameRewriter.rewriteName(RegexNameRewriter.java:55)
>   org.wildfly.security.auth.server.NameRewriter.lambda$asPrincipalRewriter$1(NameRewriter.java:63)
>   org.wildfly.extension.elytron.capabilities.PrincipalTransformer.lambda$chain$1(PrincipalTransformer.java:64)
>   ...
> {code}
> Since there is no related documentation or javadoc it is also possible that issue is rather in regex-validating-principal-transformer which could set Principal to null instead of Principal name to null. It must be clarified by engineering.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list