Name: js151677 Date: 09/20/2004
FULL PRODUCT VERSION :
java version "1.4.2_05"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_05-b04)
Java HotSpot(TM) Client VM (build 1.4.2_05-b04, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
BEA WebLogic has a protocol called thin client which makes use of SUN's IIOP implementation in JDK. If a component tries to send a java.security.Permissions object with the a null "allPermission" member field through SUN's IIOP implementation, it throws the NullPointerException:
java.lang.NullPointerException
at java.util.Hashtable.put(Hashtable.java:393)
at com.sun.corba.se.internal.io.OutputStreamHook$HookPutFields.put(Outpu
tStreamHook.java:97)
at java.security.Permissions.writeObject(Permissions.java:359)
at com.sun.corba.se.internal.io.IIOPOutputStream.writeObject(Native Meth
od)
at com.sun.corba.se.internal.io.IIOPOutputStream.invokeObjectWriter(IIOP
OutputStream.java:560)
at com.sun.corba.se.internal.io.IIOPOutputStream.outputObject(IIOPOutput
Stream.java:523)
at com.sun.corba.se.internal.io.IIOPOutputStream.simpleWriteObject(IIOPO
utputStream.java:123)
at com.sun.corba.se.internal.io.ValueHandlerImpl.writeValueInternal(Valu
eHandlerImpl.java:136)
at com.sun.corba.se.internal.io.ValueHandlerImpl.writeValue(ValueHandler
Impl.java:116)
at weblogic.iiop.IIOPOutputStream.write_value(IIOPOutputStream.java:1636
)
at weblogic.iiop.IIOPOutputStream.write_value(IIOPOutputStream.java:1667
)
at weblogic.iiop.RMIMsgOutput.writeObject(RMIMsgOutput.java:105)
at examples.ejb20.basic.statelessSession.statelessSession_mt9oui_EOImpl_
WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:108)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
144)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:415)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
You only need to analyse the source code of these two classes to understand the problem:
java.security.Permissions
com.sun.corba.se.internal.io.OutputStreamHook
When Permissions.writeObject(ObjectOutputStreaM) is called, it tries to write the members by
ObjectOutputStream.PutField pfields = out.putFields();
pfields.put("allPermission", allPermission);
pfields.put("perms", perms);
out.writeFields();
The variable "pfields" is an instance of com.sun.corba.se.internal.io.OutputStreamHook$HookPutFields. pfields.put(String, Object) calls java.util.Hashtable.put(String, Object) with a null "allPermission" memeber but Hashtable.put(String, Object) throws NullPointerException according to JDK javadoc http://java.sun.com/j2se/1.4.2/docs/api/java/util/Hashtable.html#put(java.lang.Object,%20java.lang.Object)
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
1) make sure the java.security.Permissions to send has a java.security.AllPermission member so the private member "allPermission" is not null. E.g. put a dummy AllPermission object
2) fall back to jdk 1.4.1_0x but 1.4.1 is already EOL.
(Incident Review ID: 311240)
======================================================================
|
Java