Bug 478120 - MIGRATED_FROM_JIRA: Null pointer exception when binding with empty user name
MIGRATED_FROM_JIRA: Null pointer exception when binding with empty user name
Status: MODIFIED
Product: penrose
Classification: Retired
Component: Unknown (Show other bugs)
2.0
All Linux
low Severity low
: ---
: ---
Assigned To: Endi Sukma Dewata
Ben Levenson
:
Depends On:
Blocks: 471500
  Show dependency treegraph
 
Reported: 2008-12-27 03:01 EST by Chandrasekar Kannan
Modified: 2015-01-04 19:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chandrasekar Kannan 2008-12-27 03:01:13 EST
When a client tries to bind, passing empty string as username, the following exception occurs. This knocks out 1 thread of the pool. With little effort, an attacker can exhaust the pool so it cannot handle any requests.

java.lang.NullPointerException
        at org.safehaus.penrose.handler.BindHandler.performBind(BindHandler.java:63)
        at org.safehaus.penrose.handler.BindHandler.bind(BindHandler.java:49)
        at org.safehaus.penrose.handler.SessionHandler.bind(SessionHandler.java:145)
        at org.safehaus.penrose.session.PenroseSession.bind(PenroseSession.java:75)
        at org.safehaus.penrose.ldap.PenroseAuthenticator.authenticate(PenroseAuthenticator.java:98)
        at org.apache.ldap.server.authn.AuthenticationService.authenticate(AuthenticationService.java:368)
        at org.apache.ldap.server.authn.AuthenticationService.hasEntry(AuthenticationService.java:216)
        at org.apache.ldap.server.interceptor.InterceptorChain$2.hasEntry(InterceptorChain.java:1232)
        at org.apache.ldap.server.normalization.NormalizationService.hasEntry(NormalizationService.java:182)
        at org.apache.ldap.server.interceptor.InterceptorChain$2.hasEntry(InterceptorChain.java:1232)
        at org.safehaus.penrose.ldap.PenroseInterceptor.hasEntry(PenroseInterceptor.java:317)
        at org.apache.ldap.server.interceptor.InterceptorChain.hasEntry(InterceptorChain.java:809)
        at org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.hasEntry(DirectoryPartitionNexusProxy.java:449)
        at org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.hasEntry(DirectoryPartitionNexusProxy.java:438)
        at org.apache.ldap.server.jndi.ServerContext.<init>(ServerContext.java:139)
        at org.apache.ldap.server.jndi.ServerDirContext.<init>(ServerDirContext.java:78)
        at org.apache.ldap.server.jndi.ServerLdapContext.<init>(ServerLdapContext.java:58)
        at org.apache.ldap.server.DefaultDirectoryService.getJndiContext(DefaultDirectoryService.java:172)
        at org.apache.ldap.server.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:121)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
        at org.apache.ldap.server.protocol.support.BindHandler.messageReceived(BindHandler.java:119)
        at org.apache.mina.protocol.handler.DemuxingProtocolHandler.messageReceived(DemuxingProtocolHandler.java:94)
        at org.apache.mina.protocol.AbstractProtocolFilterChain$2.messageReceived(AbstractProtocolFilterChain.java:149)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50)
        at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524)
        at org.apache.mina.protocol.AbstractProtocolFilterChain$1.messageReceived(AbstractProtocolFilterChain.java:99)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.messageReceived(AbstractProtocolFilterChain.java:356)
        at org.apache.mina.protocol.ProtocolSessionManagerFilterChain$1.messageReceived(ProtocolSessionManagerFilterChain.java:76)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50)
        at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524)
        at org.apache.mina.protocol.filter.ProtocolThreadPoolFilter.processEvent(ProtocolThreadPoolFilter.java:108)
        at org.apache.mina.util.BaseThreadPool$Worker.processEvents(BaseThreadPool.java:410)
        at org.apache.mina.util.BaseThreadPool$Worker.run(BaseThreadPool.java:355)


Additional Comments From cisco77 dated Sat Jan 13 13:42:55 CST 2007 
http://pnope.com/vsm
http://pnope.com/vsn
http://pnope.com/vso
http://pnope.com/vsp
http://pnope.com/vsr
http://pnope.com/vss
http://pnope.com/vst
http://pnope.com/vsu
http://pnope.com/vsv
http://pnope.com/vsw
http://pnope.com/vsx
http://pnope.com/vsy
http://pnope.com/vsz
http://pnope.com/vta
http://pnope.com/vtb
http://pnope.com/vtc
http://pnope.com/vtd
http://pnope.com/vte
http://pnope.com/vtf
http://pnope.com/vtg
http://pnope.com/vth
http://pnope.com/vti
http://pnope.com/vtj
http://pnope.com/vtk
http://pnope.com/vtl
http://pnope.com/vtm
http://pnope.com/vtn
http://pnope.com/vto
http://pnope.com/vtp
http://pnope.com/vtq
http://pnope.com/vtr
http://pnope.com/vts
http://pnope.com/vtt
http://pnope.com/vtu
http://pnope.com/vtv
http://pnope.com/vtw
http://pnope.com/vtx
http://pnope.com/vty
http://pnope.com/vtz
http://pnope.com/vua
http://pnope.com/vub
http://pnope.com/vuc
http://pnope.com/vud
http://pnope.com/vue
http://pnope.com/vuf
http://pnope.com/vug
http://pnope.com/vuh
http://pnope.com/vui
http://pnope.com/vuj
http://pnope.com/vuk
http://pnope.com/vul
http://pnope.com/vum
http://pnope.com/vun
http://pnope.com/vuo
http://pnope.com/vup
http://pnope.com/vuq
http://pnope.com/vur
http://pnope.com/vus
http://pnope.com/vut
http://pnope.com/vuu
http://pnope.com/vuv
http://pnope.com/vuw
http://pnope.com/vux
http://pnope.com/vuy
http://pnope.com/vuz
http://pnope.com/vva
http://pnope.com/vvb
http://pnope.com/vvc
http://pnope.com/vvd
http://pnope.com/vve
http://pnope.com/vvf
http://pnope.com/vvg
http://pnope.com/vvh
http://pnope.com/vvi
http://pnope.com/vvj
http://pnope.com/vvk
http://pnope.com/vvl
http://pnope.com/vvm
http://pnope.com/vvn
http://pnope.com/vvo
http://pnope.com/vvp
http://pnope.com/vvq
http://pnope.com/vvr
http://pnope.com/vvs
http://pnope.com/vvt
http://pnope.com/vvu
http://pnope.com/vvv
http://pnope.com/vvw
http://pnope.com/vvx
http://pnope.com/vvy
http://pnope.com/vvz
http://pnope.com/vwa
http://pnope.com/vwb
http://pnope.com/vwc
http://pnope.com/vwd
http://pnope.com/vwe
http://pnope.com/vwf
http://pnope.com/vwg
http://pnope.com/vwh


=========================================================
Issue dump from jira
$VAR1 = {
          'priority' => '1',
          'customFieldValues' => [],
          'project' => 'PENROSE',
          'status' => '5',
          'components' => [
                            {}
                          ],
          'reporter' => 'ddimitro',
          'key' => 'PENROSE-134',
          'assignee' => 'endisd',
          'summary' => 'Null pointer exception when binding with empty user name',
          'id' => '10368',
          'updated' => '2007-01-13 13:42:55.0',
          'votes' => '0',
          'fixVersions' => [
                           {
                             'releaseDate' => '2006-06-12 00:00:00.0',
                             'sequence' => '12',
                             'name' => 'Penrose-1.0',
                             'released' => 'true',
                             'id' => '10072',
                             'archived' => 'false'
                           }
                         ],
          'affectsVersions' => [
                               {
                                 'releaseDate' => '2006-01-24 00:00:00.0',
                                 'sequence' => '9',
                                 'name' => 'Penrose-0.9.9',
                                 'released' => 'true',
                                 'id' => '10040',
                                 'archived' => 'false'
                               }
                             ],
          'description' => 'When a client tries to bind, passing empty string as username, the following exception occurs. This knocks out 1 thread of the pool. With little effort, an attacker can exhaust the pool so it cannot handle any requests.

java.lang.NullPointerException
        at org.safehaus.penrose.handler.BindHandler.performBind(BindHandler.java:63)
        at org.safehaus.penrose.handler.BindHandler.bind(BindHandler.java:49)
        at org.safehaus.penrose.handler.SessionHandler.bind(SessionHandler.java:145)
        at org.safehaus.penrose.session.PenroseSession.bind(PenroseSession.java:75)
        at org.safehaus.penrose.ldap.PenroseAuthenticator.authenticate(PenroseAuthenticator.java:98)
        at org.apache.ldap.server.authn.AuthenticationService.authenticate(AuthenticationService.java:368)
        at org.apache.ldap.server.authn.AuthenticationService.hasEntry(AuthenticationService.java:216)
        at org.apache.ldap.server.interceptor.InterceptorChain$2.hasEntry(InterceptorChain.java:1232)
        at org.apache.ldap.server.normalization.NormalizationService.hasEntry(NormalizationService.java:182)
        at org.apache.ldap.server.interceptor.InterceptorChain$2.hasEntry(InterceptorChain.java:1232)
        at org.safehaus.penrose.ldap.PenroseInterceptor.hasEntry(PenroseInterceptor.java:317)
        at org.apache.ldap.server.interceptor.InterceptorChain.hasEntry(InterceptorChain.java:809)
        at org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.hasEntry(DirectoryPartitionNexusProxy.java:449)
        at org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.hasEntry(DirectoryPartitionNexusProxy.java:438)
        at org.apache.ldap.server.jndi.ServerContext.<init>(ServerContext.java:139)
        at org.apache.ldap.server.jndi.ServerDirContext.<init>(ServerDirContext.java:78)
        at org.apache.ldap.server.jndi.ServerLdapContext.<init>(ServerLdapContext.java:58)
        at org.apache.ldap.server.DefaultDirectoryService.getJndiContext(DefaultDirectoryService.java:172)
        at org.apache.ldap.server.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:121)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
        at org.apache.ldap.server.protocol.support.BindHandler.messageReceived(BindHandler.java:119)
        at org.apache.mina.protocol.handler.DemuxingProtocolHandler.messageReceived(DemuxingProtocolHandler.java:94)
        at org.apache.mina.protocol.AbstractProtocolFilterChain$2.messageReceived(AbstractProtocolFilterChain.java:149)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50)
        at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524)
        at org.apache.mina.protocol.AbstractProtocolFilterChain$1.messageReceived(AbstractProtocolFilterChain.java:99)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.messageReceived(AbstractProtocolFilterChain.java:356)
        at org.apache.mina.protocol.ProtocolSessionManagerFilterChain$1.messageReceived(ProtocolSessionManagerFilterChain.java:76)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365)
        at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50)
        at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524)
        at org.apache.mina.protocol.filter.ProtocolThreadPoolFilter.processEvent(ProtocolThreadPoolFilter.java:108)
        at org.apache.mina.util.BaseThreadPool$Worker.processEvents(BaseThreadPool.java:410)
        at org.apache.mina.util.BaseThreadPool$Worker.run(BaseThreadPool.java:355)

',
          'created' => '2006-02-07 05:11:54.0',
          'resolution' => '1',
          'type' => '1'
        };


=========================================================
Comment 1 Chandrasekar Kannan 2008-12-27 03:01:15 EST
Marking bug as MODIFIED as it was already resolved in Jira - PENROSE-134

Note You need to log in before you can comment on or make changes to this bug.