From 1e7ce76bbab08a153b285739de51c3de924e3580 Mon Sep 17 00:00:00 2001 From: Owen O'Malley Date: Thu, 17 Jul 2014 18:09:41 +0000 Subject: [PATCH] HADOOP-10733. Fix potential null dereference in CredShell. (Ted Yu via omalley) git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1611419 13f79535-47bb-0310-9956-ffa450edef68 --- .../hadoop-common/CHANGES.txt | 3 +++ .../security/alias/CredentialShell.java | 4 ++-- .../hadoop/security/alias/TestCredShell.java | 20 +++++++++++++++++-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index daadcbad62..d070558722 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -420,6 +420,9 @@ Release 2.6.0 - UNRELEASED HADOOP-10732. Fix locking in credential update. (Ted Yu via omalley) + HADOOP-10733. Fix potential null dereference in CredShell. (Ted Yu via + omalley) + OPTIMIZATIONS BUG FIXES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/CredentialShell.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/CredentialShell.java index a89c3c792a..bb35ce51d4 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/CredentialShell.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/CredentialShell.java @@ -373,12 +373,12 @@ protected char[] promptForCredential() throws IOException { char[] newPassword2 = c.readPassword("Enter password again: "); noMatch = !Arrays.equals(newPassword1, newPassword2); if (noMatch) { - Arrays.fill(newPassword1, ' '); + if (newPassword1 != null) Arrays.fill(newPassword1, ' '); c.format("Passwords don't match. Try again.%n"); } else { cred = newPassword1; } - Arrays.fill(newPassword2, ' '); + if (newPassword2 != null) Arrays.fill(newPassword2, ' '); } while (noMatch); return cred; } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredShell.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredShell.java index 34758be95e..c48b69f214 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredShell.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredShell.java @@ -127,6 +127,22 @@ public void testTransientProviderOnlyConfig() throws Exception { "CredentialProviders configured.")); } + @Test + public void testPromptForCredentialWithEmptyPasswd() throws Exception { + String[] args1 = {"create", "credential1", "--provider", + "jceks://file" + tmpDir + "/credstore.jceks"}; + ArrayList passwords = new ArrayList(); + passwords.add(null); + passwords.add("p@ssw0rd"); + int rc = 0; + CredentialShell shell = new CredentialShell(); + shell.setConf(new Configuration()); + shell.setPasswordReader(new MockPasswordReader(passwords)); + rc = shell.run(args1); + assertEquals(outContent.toString(), -1, rc); + assertTrue(outContent.toString().contains("Passwords don't match")); + } + @Test public void testPromptForCredential() throws Exception { String[] args1 = {"create", "credential1", "--provider", @@ -142,7 +158,7 @@ public void testPromptForCredential() throws Exception { assertEquals(0, rc); assertTrue(outContent.toString().contains("credential1 has been successfully " + "created.")); - + String[] args2 = {"delete", "credential1", "--provider", "jceks://file" + tmpDir + "/credstore.jceks"}; rc = shell.run(args2); @@ -162,7 +178,7 @@ public MockPasswordReader(List passwds) { public char[] readPassword(String prompt) { if (passwords.size() == 0) return null; String pass = passwords.remove(0); - return pass.toCharArray(); + return pass == null ? null : pass.toCharArray(); } @Override