8019267: NPE in AbstractSaslImpl when trace level >= FINER in KRB5

Reviewed-by: mullan

8019267: NPE in AbstractSaslImpl when trace level >= FINER in KRB5
Reviewed-by: mullan
d778db9d · weijun · 8c2cfb7d · d778db9d · d778db9d
2 changed file
--- a/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java
+++ b/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java
@@ -252,13 +252,12 @@ public abstract class AbstractSaslImpl {


    /**
-     * Outputs a byte array and converts
+     * Outputs a byte array. Can be null.
     */
    protected static final void traceOutput(String srcClass, String srcMethod,
        String traceTag, byte[] output) {
-        if (output != null) {
-            traceOutput(srcClass, srcMethod, traceTag, output, 0, output.length);
-        }
+        traceOutput(srcClass, srcMethod, traceTag, output, 0,
+                output == null ? 0 : output.length);
    }

    protected static final void traceOutput(String srcClass, String srcMethod,
@@ -274,13 +273,20 @@ public abstract class AbstractSaslImpl {
                lev = Level.FINEST;
            }

-            ByteArrayOutputStream out = new ByteArrayOutputStream(len);
-            new HexDumpEncoder().encodeBuffer(
-                new ByteArrayInputStream(output, offset, len), out);
+            String content;
+
+            if (output != null) {
+                ByteArrayOutputStream out = new ByteArrayOutputStream(len);
+                new HexDumpEncoder().encodeBuffer(
+                    new ByteArrayInputStream(output, offset, len), out);
+                content = out.toString();
+            } else {
+                content = "NULL";
+            }

            // Message id supplied by caller as part of traceTag
            logger.logp(lev, srcClass, srcMethod, "{0} ( {1} ): {2}",
-                new Object[] {traceTag, new Integer(origlen), out.toString()});
+                new Object[] {traceTag, new Integer(origlen), content});
        } catch (Exception e) {
            logger.logp(Level.WARNING, srcClass, srcMethod,
                "SASLIMPL09:Error generating trace output: {0}", e);

--- a/test/sun/security/krb5/auto/SaslGSS.java
+++ b/test/sun/security/krb5/auto/SaslGSS.java
@@ -23,7 +23,7 @@

 /*
 * @test
- * @bug 8012082
+ * @bug 8012082 8019267
 * @summary SASL: auth-conf negotiated, but unencrypted data is accepted,
  *         reset to unencrypt
 * @compile -XDignore.symbol.file SaslGSS.java
@@ -37,9 +37,16 @@ import javax.security.sasl.AuthorizeCallback;
 import javax.security.sasl.RealmCallback;
 import javax.security.sasl.Sasl;
 import javax.security.sasl.SaslServer;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.PrintStream;
 import java.util.HashMap;
 import java.util.Locale;
+import java.util.logging.ConsoleHandler;
+import java.util.logging.Handler;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
 import org.ietf.jgss.*;
 import sun.security.jgss.GSSUtil;

@@ -79,14 +86,28 @@ public class SaslGSS {
                    }
                });

-        // Handshake
+        ByteArrayOutputStream bout = new ByteArrayOutputStream();
+        PrintStream oldErr = System.err;
+        System.setErr(new PrintStream(bout));
+
+        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
+        Handler h = new ConsoleHandler();
+        h.setLevel(Level.ALL);
+        Logger.getLogger("javax.security.sasl").addHandler(h);
+
        byte[] token = new byte[0];
-        token = sc.initSecContext(token, 0, token.length);
-        token = ss.evaluateResponse(token);
-        token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
-        token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
-        token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
-        ss.evaluateResponse(token);
+
+        try {
+            // Handshake
+            token = sc.initSecContext(token, 0, token.length);
+            token = ss.evaluateResponse(token);
+            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
+            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
+            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
+            ss.evaluateResponse(token);
+        } finally {
+            System.setErr(oldErr);
+        }

        // Talk
        // 1. Client sends a auth-int message
@@ -102,5 +123,15 @@ public class SaslGSS {
        if (!qop.getPrivacy()) {
            throw new Exception();
        }
+
+        for (String s: bout.toString().split("\\n")) {
+            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
+                return;
+            }
+        }
+        System.out.println("=======================");
+        System.out.println(bout.toString());
+        System.out.println("=======================");
+        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 }