[tomcat] branch 7.0.x updated: Guard new escape routines for null values

Tue, 18 May 2021 11:01:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

fschumacher pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new 7d709b5  Guard new escape routines for null values
7d709b5 is described below

commit 7d709b57592103e28a6a66e9a4017b8af4d515bd
Author: Felix Schumacher <fschumac...@apache.org>
AuthorDate: Sat May 15 14:06:21 2021 +0200

    Guard new escape routines for null values
    
    NPE in JNDIRealm, when userRoleAttribute is not set.
    Plus add path to UnboundID SDK to the Eclipse and Intellij
    classpath settings.
    
    Bugzilla Id: 63508
---
 java/org/apache/catalina/realm/JNDIRealm.java | 6 ++++++
 webapps/docs/changelog.xml                    | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java 
b/java/org/apache/catalina/realm/JNDIRealm.java
index 6425194..887d6d1 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2769,6 +2769,9 @@ public class JNDIRealm extends RealmBase {
      * @return String the escaped/encoded result
      */
     protected String doFilterEscaping(String inString) {
+        if (inString == null) {
+            return null;
+        }
         StringBuilder buf = new StringBuilder(inString.length());
         for (int i = 0; i < inString.length(); i++) {
             char c = inString.charAt(i);
@@ -2861,6 +2864,9 @@ public class JNDIRealm extends RealmBase {
      * @return      The string representation of the attribute value
      */
     protected String doAttributeValueEscaping(String input) {
+        if (input == null) {
+            return null;
+        }
         int len = input.length();
         StringBuilder result = new StringBuilder();
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ef125b2..1994d8c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -119,6 +119,14 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 7.0.110 (violetagg)" rtext="in development">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        <bug>63508</bug>: NPE in JNDIRealm when no 
<code>userRoleAttribute</code>
+        is given. (fschumacher)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <fix>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to