[jira] [Commented] (QPID-8208) [Broker-J] Improve unexpected exception handling for LDAP connections in SimpleLDAPAuthenticationProvider

Mon, 11 Jun 2018 09:27:26 -0700 


    [ 
https://issues.apache.org/jira/browse/QPID-8208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16508312#comment-16508312
 ] 

Keith Wall commented on QPID-8208:
----------------------------------

Alex

That looks to me to be a Java platform defect rather than a Broker-J issue.     
{{InitialDirContext}} is defined by its API as throwing a {{NamingException}} 
only.  It cannot legitimately throw a {{NullPointerException}}.

You haven't stated the version of the JVM that produced this defect,  but I 
notice looking at the sources for LdapClient 1.8.0_171, there is appears to be 
race condition in the implementation.  If an "Notice of Disconnection" 
(1.3.6.1.4.1.1466.20036) arrives from the LDAP peer this causes the 
{{com.sun.jndi.ldap.LdapClient#conn}} ref to be nulled (look at 
{{processUnsolicited()}} invokes {{forcedClosed()}} - which doesn't take the 
mutex).   If this occurs whilst a thread is executing 
{{LdapClient.authenticate}}, then the NPE will occur.

I think this defect should be closed as not a defect.







> [Broker-J] Improve unexpected exception handling for LDAP connections in 
> SimpleLDAPAuthenticationProvider
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-8208
>                 URL: https://issues.apache.org/jira/browse/QPID-8208
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-6.1.6, qpid-java-broker-7.0.3, 
> qpid-java-broker-7.0.2, 0.32, qpid-java-6.0, qpid-java-6.0.1, 
> qpid-java-6.0.2, qpid-java-6.0.3, qpid-java-6.0.4, qpid-java-6.0.5, 
> qpid-java-6.1, qpid-java-6.0.6, qpid-java-6.1.1, qpid-java-6.1.2, 
> qpid-java-6.0.7, qpid-java-6.1.3, qpid-java-6.0.8, qpid-java-6.1.4, 
> qpid-java-broker-7.0.0, qpid-java-6.1.5, qpid-java-broker-7.0.1, 
> qpid-java-broker-7.0.4
>            Reporter: Alex Rudyy
>            Priority: Critical
>             Fix For: qpid-java-broker-7.0.5
>
>         Attachments: 0001-QPID-8208-Broker-J-Improve-exception-handling.patch
>
>
> The establishment of connection with LDAP using  default 
> {{com.sun.jndi.ldap.LdapCtxFactory}} can end-up in unexpected exception 
> thrown from {{com.sun.jndi.ldap.LdapClient}}. Thought, it looks like a defect 
> in {{LdapClient}}, the unexpected exceptions should be handled appropriately. 
> The exception should be logged and the authentication failure error should be 
> returned back to the client.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to