Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null Pointer when receiving an invalid transport type during SockJS request [SPR-13545] #18121

spring-projects-issues opened this issue Oct 7, 2015 · 1 comment
status: backported type: bug


Copy link

@spring-projects-issues spring-projects-issues commented Oct 7, 2015

Ben Kiefer opened SPR-13545 and commented

Our endpoint fuzzer was able to produce a 500 error due to a nullpointer in the TransportHandlingSockJsService. The following lines were the problem

protected boolean validateRequest(String serverId, String sessionId, String transport) {
		if (!getAllowedOrigins().contains("*") && !TransportType.fromValue(transport).supportsOrigin()) {
			if (logger.isWarnEnabled()) {
				logger.warn("Origin check has been enabled, but transport " + transport + " does not support it");
			return false;
		return super.validateRequest(serverId, sessionId, transport);

The nullpointer occurs when the transport is an unknown value (ex: bob) as the fromValue returns null when the type is not found.

Affects: 4.1.7, 4.2.1

Reference URL: #882

Referenced from: commits 8429c4b, 966f95b

Backported to: 4.1.8

Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Oct 7, 2015

Juergen Hoeller commented

Good catch! Addressed in a slight different fashion, since the super.validateRequest should actually go first there anyway (catching a missing transport value), plus a few other refinements across that class. I'll backport all of those to 4.1.8 as well.


@spring-projects-issues spring-projects-issues added type: bug status: backported labels Jan 11, 2019
@spring-projects-issues spring-projects-issues added this to the 4.2.2 milestone Jan 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
status: backported type: bug
None yet

No branches or pull requests

2 participants