[
https://issues.apache.org/jira/browse/CLOUDSTACK-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13599771#comment-13599771
]
ASF subversion and git services commented on CLOUDSTACK-1625:
-------------------------------------------------------------
Commit da89946ca93a872d0a4bf907d4545c392b2055f1 in branch refs/heads/master
from [~likithas]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;h=da89946 ]
CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API.
If any API contains '&' i.e. no key value pair or '&<paramter-name>' i.e. a
parameter without a value, then we get an NPE as
owasp.esapi.StringUtilities.stripControls deosn't handle NPE.
> NPE with updateResourceCount when && is passed thru API
> --------------------------------------------------------
>
> Key: CLOUDSTACK-1625
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1625
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API
> Affects Versions: 4.2.0
> Reporter: Sailaja Mada
> Assignee: Likitha Shetty
> Priority: Minor
> Fix For: 4.2.0
>
>
> Steps:
> 1. Create child domain and admin account under this domain
> 2. Set Memory limit as 512 MB for this account
> 3. Deploy VM with 512 MB
> 4. Tried to view the resource details by passing && as prefix to domainid
> while exeucuting thru curl command.
> Observation : It failed with 531 resulting NPE
> 2013-03-11 19:42:44,499 ERROR [cloud.api.ApiServer] (ApiServer-10:null)
> unhandled exception executing api command: updateResourceCount
> java.lang.NullPointerException
> at
> org.owasp.esapi.StringUtilities.stripControls(StringUtilities.java:43)
> at
> com.cloud.utils.StringUtils.stripControlCharacters(StringUtils.java:156)
> at com.cloud.api.ApiServer.handleRequest(ApiServer.java:330)
> at com.cloud.api.ApiServer.handle(ApiServer.java:283)
> at
> org.apache.http.protocol.HttpService.doService(HttpService.java:375)
> at
> org.apache.http.protocol.HttpService.handleRequest(HttpService.java:290)
> at com.cloud.api.ApiServer$WorkerTask.run(ApiServer.java:956)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-03-11 19:42:44,976 DEBUG [agent.manager.AgentManagerImpl]
> (AgentManager-Handler-2:null) Ping from 4
> API Call: [root@rhel63 ~]# curl
> "http://10.102.192.208:8096/client/api?command=updateResourceCount&&domainid=2";
> <?xml version="1.0" encoding="UTF-8"?><updateresourcecountresponse
> cloud-stack-version="4.2.0-SNAPSHOT"><errorcode>530</errorcode><cserrorcode>9999</cserrorcode></updateresourcecountresponse>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
