(tomcat) branch 8.5.x updated: Avoid NPE

remm Mon, 15 Jan 2024 06:01:54 -0800

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/8.5.x by this push:
     new d2559510c9 Avoid NPE
d2559510c9 is described below

commit d2559510c93885a5a50d22ddb2ce89fe3cfac728
Author: remm <r...@apache.org>
AuthorDate: Mon Jan 15 14:38:09 2024 +0100

    Avoid NPE
    
    Reported by coverity.
---
 java/org/apache/tomcat/util/net/jsse/LocalStrings.properties | 1 +
 java/org/apache/tomcat/util/net/jsse/PEMFile.java            | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties 
b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
index 9a21160bd7..6a3d1fd3e7 100644
--- a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
@@ -20,6 +20,7 @@ jsseUtil.excludeProtocol=The SSL protocol [{0}] which is 
supported in this JRE w
 jsseUtil.noDefaultProtocols=Unable to determine a default for 
sslEnabledProtocols. Set an explicit value to ensure the connector can start.
 
 pemFile.noMultiPrimes=The PKCS#1 certificate is in multi-prime format and Java 
does not provide an API for constructing an RSA private key object from that 
format
+pemFile.noPassword=A password is required to decrypt the private key
 pemFile.notPbkdf2=The OID [{0}] is not the correct OID for PKBDF2 which is the 
only permitted KDF for PBES2
 pemFile.notValidRFC5915=The provided key file does not conform to RFC 5915
 pemFile.parseError=Unable to parse the key from [{0}]
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java 
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index a05ae6fdc6..b9a921b021 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -503,6 +503,9 @@ public class PEMFile {
 
 
         private byte[] deriveKeyPBKDF1(int keyLength, String password, byte[] 
salt) throws NoSuchAlgorithmException {
+            if (password == null) {
+                throw new 
IllegalArgumentException(sm.getString("pemFile.noPassword"));
+            }
             // PBKDF1-MD5 as specified by PKCS#5
             byte[] key = new byte[keyLength];
 
@@ -527,6 +530,9 @@ public class PEMFile {
 
         private byte[] deriveKeyPBKDF2(String algorithm, String password, 
byte[] salt, int iterations, int keyLength)
                 throws GeneralSecurityException {
+            if (password == null) {
+                throw new 
IllegalArgumentException(sm.getString("pemFile.noPassword"));
+            }
             SecretKeyFactory secretKeyFactory = 
SecretKeyFactory.getInstance(algorithm);
             KeySpec keySpec;
             keySpec = new PBEKeySpec(password.toCharArray(), salt, iterations, 
keyLength);


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 8.5.x updated: Avoid NPE

Reply via email to