Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-9179

Fix Potential NPE in ACPImpl

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5
    • Fix Version/s: 5.5.0-HF07, 5.6-RC1, 5.6
    • Component/s: Core

      Description

      The default ACE constructor sets permission and username fields to null while the ACPImpl code calls the .equals() method on them repeatedly potentially leading to NPE such as follows:

      Caused by: java.lang.NullPointerException
	at org.nuxeo.ecm.core.api.security.impl.ACPImpl.permissionsMatch(ACPImpl.java:239)
	at org.nuxeo.ecm.core.api.security.impl.ACPImpl.getAccess(ACPImpl.java:189)
	at org.nuxeo.ecm.core.storage.sql.coremodel.SQLSecurityManager.getMergedACP(SQLSecurityManager.java:90)
	at org.nuxeo.ecm.core.security.SecurityService.checkPermission(SecurityService.java:157)
	at org.nuxeo.ecm.core.api.AbstractSession.hasPermission(AbstractSession.java:436)
	at org.nuxeo.ecm.core.api.AbstractSession.checkPermission(AbstractSession.java:247)
	at org.nuxeo.ecm.core.api.AbstractSession.getDataModel(AbstractSession.java:2434)
	at org.nuxeo.ecm.core.api.impl.DocumentModelImpl$2.run(DocumentModelImpl.java:475)
	at org.nuxeo.ecm.core.api.impl.DocumentModelImpl$2.run(DocumentModelImpl.java:472)
	at org.nuxeo.ecm.core.api.impl.DocumentModelImpl$RunWithCoreSession.execute(DocumentModelImpl.java:393)
	at org.nuxeo.ecm.core.api.impl.DocumentModelImpl.loadDataModel(DocumentModelImpl.java:472)
	at org.nuxeo.ecm.core.api.impl.DocumentModelImpl.getDataModel(DocumentModelImpl.java:486)
	at org.nuxeo.ecm.core.api.impl.DocumentModelImpl.getPart(DocumentModelImpl.java:1335)
	at org.nuxeo.ecm.core.api.impl.DocumentModelImpl.getProperty(DocumentModelImpl.java:1372)
	at org.nuxeo.ecm.platform.el.DocumentModelResolver.getDocumentProperty(DocumentModelResolver.java:171)
	at org.nuxeo.ecm.platform.el.DocumentModelResolver.getValue(DocumentModelResolver.java:135)
	at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:54)
	at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72)
	at org.jboss.el.parser.AstPropertySuffix.getValue(AstPropertySuffix.java:53)
	at org.jboss.el.parser.AstValue.getValue(AstValue.java:67)
	at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186)
	at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
	at org.jboss.el.parser.AstIdentifier.getValue(AstIdentifier.java:40)
	at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186)
	at com.sun.facelets.el.ELText$ELTextVariable.toString(ELText.java:174)
	at com.sun.facelets.compiler.AttributeInstruction.write(AttributeInstruction.java:49)
	... 160 more

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ogrisel Olivier Grisel
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: