https://issues.apache.org/bugzilla/show_bug.cgi?id=54438
Bug ID: 54438
Summary: Bug fix 52953 introduces NullPointerException in
RealBase.java line 409 when user not found in JDBC
Product: Tomcat 7
Version: 7.0.27
Hardware: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: br...@iris.washington.edu
Classification: Unclassified
The fix to bug 52953 introduces a NullPointerException at line 409
in RealBase.java
For example compare:
http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_26/java/org/apache/catalina/realm/RealmBase.java
and
http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_27/java/org/apache/catalina/realm/RealmBase.java
String md5a1 = getDigest(username, realm);
was changed to
String md5a1 = getDigest(username, realm).toLowerCase(Locale.ENGLISH);
If getDigest(username,realm) returns null if the user is not found
and as a result you get a NPE when toLowerCase() is invoked on the null.
I looked in the trunk, and the code hasn't changed.
Seems like there should already be a bug posted on this as it makes digest
authentication useless, but I can't find one!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
