apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-1625. NPE with updateResourceCount when && is passed thru API.

Browse Source 
If any API contains '&' i.e. no key value pair or '&<paramter-name>' i.e. a parameter without a value, then we get an NPE as owasp.esapi.StringUtilities.stripControls deosn't handle NPE.
This commit is contained in:
Likitha Shetty 2013-03-12 11:56:21 +05:30
parent c235d029ce
commit da89946ca9
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/src/com/cloud/api/ApiServer.java
View File

@ -327,10 +327,12 @@ public class ApiServer implements HttpRequestHandler, ApiServerService {
}
String[] value = (String[]) params.get(key);
// fail if parameter value contains ASCII control (non-printable) characters
String newValue = StringUtils.stripControlCharacters(value[0]);
if ( !newValue.equals(value[0]) ) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter "
+ key + " is invalid, contains illegal ASCII non-printable characters");
if (value[0] != null) {
String newValue = StringUtils.stripControlCharacters(value[0]);
if ( !newValue.equals(value[0]) ) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter "
+ key + " is invalid, contains illegal ASCII non-printable characters");
}
}
paramMap.put(key, value[0]);
}