ConfX created HADOOP-18821:
------------------------------
Summary: Walking up the ldap hierarchy may trigger null pointer
exception
Key: HADOOP-18821
URL: https://issues.apache.org/jira/browse/HADOOP-18821
Project: Hadoop Common
Issue Type: Bug
Reporter: ConfX
Attachments: reproduce.sh
h2. What happened:
When set {{hadoop.security.group.mapping.ldap.search.group.hierarchy.levels}}
to a value larger than 0, {{goUpGroupHierarchy}} in
{{org/apache/hadoop/security/LdapGroupsMapping.java}} may return a null
{{{}groupResults{}}}and use it without checking null.
h2. Buggy code:
{noformat}
void goUpGroupHierarchy(Set<String> groupDNs, int goUpHierarchy, Set<String>
groups) throws NamingException {
if (goUpHierarchy <= 0 || groups.isEmpty()) {
return;
}
...
NamingEnumeration<SearchResult> groupResults = context.search(groupbaseDN,
filter.toString(), SEARCH_CONTROLS);
while (groupResults.hasMoreElements()) { // <--- Here groupResults
may be null
...
}
...
}{noformat}
h2. How to reproduce:
(1) Set {{hadoop.security.group.mapping.ldap.search.group.hierarchy.levels}} to
1
(2) Run test
{{org.apache.hadoop.security.TestLdapGroupsMapping#testGetGroupsWithConnectionClosed}}
h2. Stack trace:
{noformat}
java.lang.NullPointerException
at
org.apache.hadoop.security.LdapGroupsMapping.goUpGroupHierarchy(LdapGroupsMapping.java:612)
at
org.apache.hadoop.security.LdapGroupsMapping.lookupGroup(LdapGroupsMapping.java:489)
at
org.apache.hadoop.security.LdapGroupsMapping.doGetGroups(LdapGroupsMapping.java:552)
at
org.apache.hadoop.security.LdapGroupsMapping.getGroups(LdapGroupsMapping.java:365){noformat}
For an easy reproduction, run the reproduce.sh in the attachment.
We are happy to provide a patch if this issue is confirmed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
