Skip to content

NullPointerException during validation of ACI containing or expression without 2nd operand #719

Description

@myandrews

Validation of ACI is failed while trying to decode ACI without 2nd operand in or/and expression in bind rule.
Problem ACI is

(version 3.0; acl "ac"; allow (search)(()or) (userdn="ldap:///self"); )

Test to reproduce the problem

        String aci = "(version 3.0; acl \"ac\"; allow (search)(()or) (userdn=\\\"ldap:///self\\\"); )";
        Aci.decode(ByteString.valueOfUtf8(aci), DN.rootDN());

Stacktrace is

java.lang.NullPointerException: Cannot invoke "org.opends.server.authorization.dseecompat.BindRule.setNegate(boolean)" because "bindrule_2" is null
    at org.opends.server.authorization.dseecompat.BindRule.createBindRule(BindRule.java:314)
    at org.opends.server.authorization.dseecompat.BindRule.decode(BindRule.java:206)
    at org.opends.server.authorization.dseecompat.BindRule.decode(BindRule.java:186)
    at org.opends.server.authorization.dseecompat.BindRule.decode(BindRule.java:186)
    at org.opends.server.authorization.dseecompat.BindRule.decode(BindRule.java:186)
    at org.opends.server.authorization.dseecompat.BindRule.decode(BindRule.java:186)
    at org.opends.server.authorization.dseecompat.PermBindRulePair.<init>(PermBindRulePair.java:37)
    at org.opends.server.authorization.dseecompat.PermBindRulePair.decode(PermBindRulePair.java:50)
    at org.opends.server.authorization.dseecompat.AciBody.decode(AciBody.java:161)
    at org.opends.server.authorization.dseecompat.Aci.decode(Aci.java:276)
    at ru.rtk.it.sc.fuzz.ds.FuzzAciDecode.fuzzerTestOneInput(FuzzAciDecode.java:23)

Expecting to get AciException in this case.

Metadata

Metadata

Assignees

Labels

ACIAccess Control Instructions subsystembug

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions