When a client tries to bind, passing empty string as username, the following exception occurs. This knocks out 1 thread of the pool. With little effort, an attacker can exhaust the pool so it cannot handle any requests. java.lang.NullPointerException at org.safehaus.penrose.handler.BindHandler.performBind(BindHandler.java:63) at org.safehaus.penrose.handler.BindHandler.bind(BindHandler.java:49) at org.safehaus.penrose.handler.SessionHandler.bind(SessionHandler.java:145) at org.safehaus.penrose.session.PenroseSession.bind(PenroseSession.java:75) at org.safehaus.penrose.ldap.PenroseAuthenticator.authenticate(PenroseAuthenticator.java:98) at org.apache.ldap.server.authn.AuthenticationService.authenticate(AuthenticationService.java:368) at org.apache.ldap.server.authn.AuthenticationService.hasEntry(AuthenticationService.java:216) at org.apache.ldap.server.interceptor.InterceptorChain$2.hasEntry(InterceptorChain.java:1232) at org.apache.ldap.server.normalization.NormalizationService.hasEntry(NormalizationService.java:182) at org.apache.ldap.server.interceptor.InterceptorChain$2.hasEntry(InterceptorChain.java:1232) at org.safehaus.penrose.ldap.PenroseInterceptor.hasEntry(PenroseInterceptor.java:317) at org.apache.ldap.server.interceptor.InterceptorChain.hasEntry(InterceptorChain.java:809) at org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.hasEntry(DirectoryPartitionNexusProxy.java:449) at org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.hasEntry(DirectoryPartitionNexusProxy.java:438) at org.apache.ldap.server.jndi.ServerContext.<init>(ServerContext.java:139) at org.apache.ldap.server.jndi.ServerDirContext.<init>(ServerDirContext.java:78) at org.apache.ldap.server.jndi.ServerLdapContext.<init>(ServerLdapContext.java:58) at org.apache.ldap.server.DefaultDirectoryService.getJndiContext(DefaultDirectoryService.java:172) at org.apache.ldap.server.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:121) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at org.apache.ldap.server.protocol.support.BindHandler.messageReceived(BindHandler.java:119) at org.apache.mina.protocol.handler.DemuxingProtocolHandler.messageReceived(DemuxingProtocolHandler.java:94) at org.apache.mina.protocol.AbstractProtocolFilterChain$2.messageReceived(AbstractProtocolFilterChain.java:149) at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365) at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50) at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524) at org.apache.mina.protocol.AbstractProtocolFilterChain$1.messageReceived(AbstractProtocolFilterChain.java:99) at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365) at org.apache.mina.protocol.AbstractProtocolFilterChain.messageReceived(AbstractProtocolFilterChain.java:356) at org.apache.mina.protocol.ProtocolSessionManagerFilterChain$1.messageReceived(ProtocolSessionManagerFilterChain.java:76) at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365) at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50) at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524) at org.apache.mina.protocol.filter.ProtocolThreadPoolFilter.processEvent(ProtocolThreadPoolFilter.java:108) at org.apache.mina.util.BaseThreadPool$Worker.processEvents(BaseThreadPool.java:410) at org.apache.mina.util.BaseThreadPool$Worker.run(BaseThreadPool.java:355) Additional Comments From cisco77 dated Sat Jan 13 13:42:55 CST 2007 http://pnope.com/vsm http://pnope.com/vsn http://pnope.com/vso http://pnope.com/vsp http://pnope.com/vsr http://pnope.com/vss http://pnope.com/vst http://pnope.com/vsu http://pnope.com/vsv http://pnope.com/vsw http://pnope.com/vsx http://pnope.com/vsy http://pnope.com/vsz http://pnope.com/vta http://pnope.com/vtb http://pnope.com/vtc http://pnope.com/vtd http://pnope.com/vte http://pnope.com/vtf http://pnope.com/vtg http://pnope.com/vth http://pnope.com/vti http://pnope.com/vtj http://pnope.com/vtk http://pnope.com/vtl http://pnope.com/vtm http://pnope.com/vtn http://pnope.com/vto http://pnope.com/vtp http://pnope.com/vtq http://pnope.com/vtr http://pnope.com/vts http://pnope.com/vtt http://pnope.com/vtu http://pnope.com/vtv http://pnope.com/vtw http://pnope.com/vtx http://pnope.com/vty http://pnope.com/vtz http://pnope.com/vua http://pnope.com/vub http://pnope.com/vuc http://pnope.com/vud http://pnope.com/vue http://pnope.com/vuf http://pnope.com/vug http://pnope.com/vuh http://pnope.com/vui http://pnope.com/vuj http://pnope.com/vuk http://pnope.com/vul http://pnope.com/vum http://pnope.com/vun http://pnope.com/vuo http://pnope.com/vup http://pnope.com/vuq http://pnope.com/vur http://pnope.com/vus http://pnope.com/vut http://pnope.com/vuu http://pnope.com/vuv http://pnope.com/vuw http://pnope.com/vux http://pnope.com/vuy http://pnope.com/vuz http://pnope.com/vva http://pnope.com/vvb http://pnope.com/vvc http://pnope.com/vvd http://pnope.com/vve http://pnope.com/vvf http://pnope.com/vvg http://pnope.com/vvh http://pnope.com/vvi http://pnope.com/vvj http://pnope.com/vvk http://pnope.com/vvl http://pnope.com/vvm http://pnope.com/vvn http://pnope.com/vvo http://pnope.com/vvp http://pnope.com/vvq http://pnope.com/vvr http://pnope.com/vvs http://pnope.com/vvt http://pnope.com/vvu http://pnope.com/vvv http://pnope.com/vvw http://pnope.com/vvx http://pnope.com/vvy http://pnope.com/vvz http://pnope.com/vwa http://pnope.com/vwb http://pnope.com/vwc http://pnope.com/vwd http://pnope.com/vwe http://pnope.com/vwf http://pnope.com/vwg http://pnope.com/vwh ========================================================= Issue dump from jira $VAR1 = { 'priority' => '1', 'customFieldValues' => [], 'project' => 'PENROSE', 'status' => '5', 'components' => [ {} ], 'reporter' => 'ddimitro', 'key' => 'PENROSE-134', 'assignee' => 'endisd', 'summary' => 'Null pointer exception when binding with empty user name', 'id' => '10368', 'updated' => '2007-01-13 13:42:55.0', 'votes' => '0', 'fixVersions' => [ { 'releaseDate' => '2006-06-12 00:00:00.0', 'sequence' => '12', 'name' => 'Penrose-1.0', 'released' => 'true', 'id' => '10072', 'archived' => 'false' } ], 'affectsVersions' => [ { 'releaseDate' => '2006-01-24 00:00:00.0', 'sequence' => '9', 'name' => 'Penrose-0.9.9', 'released' => 'true', 'id' => '10040', 'archived' => 'false' } ], 'description' => 'When a client tries to bind, passing empty string as username, the following exception occurs. This knocks out 1 thread of the pool. With little effort, an attacker can exhaust the pool so it cannot handle any requests. java.lang.NullPointerException at org.safehaus.penrose.handler.BindHandler.performBind(BindHandler.java:63) at org.safehaus.penrose.handler.BindHandler.bind(BindHandler.java:49) at org.safehaus.penrose.handler.SessionHandler.bind(SessionHandler.java:145) at org.safehaus.penrose.session.PenroseSession.bind(PenroseSession.java:75) at org.safehaus.penrose.ldap.PenroseAuthenticator.authenticate(PenroseAuthenticator.java:98) at org.apache.ldap.server.authn.AuthenticationService.authenticate(AuthenticationService.java:368) at org.apache.ldap.server.authn.AuthenticationService.hasEntry(AuthenticationService.java:216) at org.apache.ldap.server.interceptor.InterceptorChain$2.hasEntry(InterceptorChain.java:1232) at org.apache.ldap.server.normalization.NormalizationService.hasEntry(NormalizationService.java:182) at org.apache.ldap.server.interceptor.InterceptorChain$2.hasEntry(InterceptorChain.java:1232) at org.safehaus.penrose.ldap.PenroseInterceptor.hasEntry(PenroseInterceptor.java:317) at org.apache.ldap.server.interceptor.InterceptorChain.hasEntry(InterceptorChain.java:809) at org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.hasEntry(DirectoryPartitionNexusProxy.java:449) at org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.hasEntry(DirectoryPartitionNexusProxy.java:438) at org.apache.ldap.server.jndi.ServerContext.<init>(ServerContext.java:139) at org.apache.ldap.server.jndi.ServerDirContext.<init>(ServerDirContext.java:78) at org.apache.ldap.server.jndi.ServerLdapContext.<init>(ServerLdapContext.java:58) at org.apache.ldap.server.DefaultDirectoryService.getJndiContext(DefaultDirectoryService.java:172) at org.apache.ldap.server.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:121) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at org.apache.ldap.server.protocol.support.BindHandler.messageReceived(BindHandler.java:119) at org.apache.mina.protocol.handler.DemuxingProtocolHandler.messageReceived(DemuxingProtocolHandler.java:94) at org.apache.mina.protocol.AbstractProtocolFilterChain$2.messageReceived(AbstractProtocolFilterChain.java:149) at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365) at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50) at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524) at org.apache.mina.protocol.AbstractProtocolFilterChain$1.messageReceived(AbstractProtocolFilterChain.java:99) at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365) at org.apache.mina.protocol.AbstractProtocolFilterChain.messageReceived(AbstractProtocolFilterChain.java:356) at org.apache.mina.protocol.ProtocolSessionManagerFilterChain$1.messageReceived(ProtocolSessionManagerFilterChain.java:76) at org.apache.mina.protocol.AbstractProtocolFilterChain.callNextMessageReceived(AbstractProtocolFilterChain.java:365) at org.apache.mina.protocol.AbstractProtocolFilterChain.access$1000(AbstractProtocolFilterChain.java:50) at org.apache.mina.protocol.AbstractProtocolFilterChain$Entry$1.messageReceived(AbstractProtocolFilterChain.java:524) at org.apache.mina.protocol.filter.ProtocolThreadPoolFilter.processEvent(ProtocolThreadPoolFilter.java:108) at org.apache.mina.util.BaseThreadPool$Worker.processEvents(BaseThreadPool.java:410) at org.apache.mina.util.BaseThreadPool$Worker.run(BaseThreadPool.java:355) ', 'created' => '2006-02-07 05:11:54.0', 'resolution' => '1', 'type' => '1' }; =========================================================
Marking bug as MODIFIED as it was already resolved in Jira - PENROSE-134