Jetty

Possible null pointer in FormAuthenticator

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 6.1.22
  • Fix Version/s: 6.1.23
  • Component/s: Security and SSL
  • Labels:
    None
  • Number of attachments :
    0

Description

Originally reported as Bug 305799 by Slawek Rudnicki <slawek.rudnicki@gmail.com>:

In version 6.1.22 of the Jetty server, in
org.mortbay.jetty.security.FormAuthenticator, line 179 we have this snippet of
code:

if (response != null)
response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL
(URIUtil.addPaths(request.getContextPath(), formErrorPage)));

which seems to lack brackets around the instructions, leading to a possible
NullPointerException thrown when response happens to be null.

The indentation there made the bug difficult to spot by a programmer. In fact,
I have found the bug using FindBugs as part of a course on static analysis on
my university. There are some other problems indicated by FindBugs, which I –
being unfamiliar with Jetty code – cannot determine to be spurious or not.
Maybe you can use the tool to find and fix some similar issues.

Hope that helps

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Greg Wilkins added a comment -

We have in past used Findbugs and solved some issues.
We have also recently received some other findbug discovered issues and fixes for those are in the next release - as will this fix be.

Show
Greg Wilkins added a comment - We have in past used Findbugs and solved some issues. We have also recently received some other findbug discovered issues and fixes for those are in the next release - as will this fix be.
Hide
Permalink
Jesse McConnell added a comment -

closing resolved issues

Show
Jesse McConnell added a comment - closing resolved issues

People

  • Assignee:
    Michael Gorovoy
    Reporter:
    Michael Gorovoy
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: