Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BCryptPasswordEncoder.encode() throws NPE #8317

Closed
alan-czajkowski opened this issue Apr 2, 2020 · 3 comments
Closed

BCryptPasswordEncoder.encode() throws NPE #8317

alan-czajkowski opened this issue Apr 2, 2020 · 3 comments
Assignees
@rwinch
Labels
in: core An issue in spring-security-core status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Milestone
5.4.0-M1

Comments

@alan-czajkowski
Copy link
Contributor

alan-czajkowski commented Apr 2, 2020
edited
Loading

spring-security/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java

Line 108 in 1de0cf5

return BCrypt.hashpw(rawPassword.toString(), salt);

BCryptPasswordEncoder.encode() throws a Null Pointer Exception (NPE) when passing in a null rawPassword and then rawPassword.toString() is called inside the method.

This method can and should be made null-safe, either:

  • check for null and return null, or
  • throw some kind of exception
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Apr 2, 2020
@rwinch
Copy link
Member

rwinch commented Apr 3, 2020

@alan-czajkowski We don't want to return null for the encoding, but I'd be open to returning an IllegalArgumentException. Would you be willing to submit a PR?

@rwinch rwinch added in: core An issue in spring-security-core status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 3, 2020
@alan-czajkowski
Copy link
Contributor Author

@rwinch I'll submit a PR

@alan-czajkowski alan-czajkowski mentioned this issue Apr 4, 2020
Merged
@alan-czajkowski
Copy link
Contributor Author

alan-czajkowski commented Apr 4, 2020
edited
Loading

@rwinch done: #8330

alan-czajkowski added a commit to alan-czajkowski/spring-security that referenced this issue Apr 7, 2020
@alan-czajkowski
BCryptPasswordEncoder rawPassword cannot be null
c52a36a 
Closes spring-projectsgh-8317
@rwinch rwinch closed this as completed in 4b2afdf Apr 7, 2020
@rwinch rwinch removed the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Apr 7, 2020
@rwinch rwinch self-assigned this Apr 7, 2020
@rwinch rwinch added this to the 5.4.0.M1 milestone Apr 7, 2020
rwinch pushed a commit that referenced this issue Apr 7, 2020
@alan-czajkowski @rwinch
BCryptPasswordEncoder rawPassword cannot be null
d1909ec 
Closes gh-8317
@spring-projects-issues spring-projects-issues added the status: backported An issue that has been backported to maintenance branches label Apr 7, 2020
Closed
rwinch pushed a commit that referenced this issue Apr 7, 2020
@alan-czajkowski @rwinch
BCryptPasswordEncoder rawPassword cannot be null
564d564 
Closes gh-8317
Closed
rwinch pushed a commit that referenced this issue Apr 7, 2020
@alan-czajkowski @rwinch
BCryptPasswordEncoder rawPassword cannot be null
c2296b0 
Closes gh-8317
Closed
rwinch pushed a commit that referenced this issue Apr 7, 2020
@alan-czajkowski @rwinch
BCryptPasswordEncoder rawPassword cannot be null
62bc17e 
Closes gh-8317
Closed
rwinch pushed a commit that referenced this issue Apr 7, 2020
@alan-czajkowski @rwinch
BCryptPasswordEncoder rawPassword cannot be null
3c81e12 
Closes gh-8317
@dafnaephraim dafnaephraim mentioned this issue Feb 22, 2022
Open
@cxronen cxronen mentioned this issue Mar 4, 2022
Open
@CxElks CxElks mentioned this issue Apr 26, 2022
Open
@james-bostock-cx james-bostock-cx mentioned this issue May 9, 2022
Open
@jittramas-in jittramas-in mentioned this issue May 9, 2022
Closed
@andreiamtm andreiamtm mentioned this issue May 9, 2022
Open
@cx-philippecosta cx-philippecosta mentioned this issue May 9, 2022
Open
@cx-slopes cx-slopes mentioned this issue May 9, 2022
Open
@YairCx YairCx mentioned this issue May 16, 2022
Open
@shaulco shaulco mentioned this issue May 16, 2022
Open
@cx-rotemd cx-rotemd mentioned this issue May 16, 2022
Open
@cxronen cxronen mentioned this issue Sep 20, 2022
Open
@skyler-kim skyler-kim mentioned this issue Apr 26, 2022
Open
@cx-tatianab cx-tatianab mentioned this issue Nov 7, 2022
Open
@cxronen cxronen mentioned this issue Nov 28, 2022
Open
@cx-tatianab cx-tatianab mentioned this issue Feb 7, 2023
Open
@dorohayon dorohayon mentioned this issue Feb 7, 2023
Open
@cxronen cxronen mentioned this issue Jan 26, 2023
Open
@Vadim-Sedletsky Vadim-Sedletsky mentioned this issue Feb 9, 2023
Open
This was referenced Feb 21, 2023
Open
Open
@cxronen cxronen mentioned this issue Apr 13, 2023
Open
@cxronen cxronen mentioned this issue May 25, 2023
Open
@diogopcx diogopcx mentioned this issue Jun 27, 2023
Open
@cxronen cxronen mentioned this issue Jul 19, 2023
Open
@apcxtest apcxtest mentioned this issue Aug 17, 2023
Closed
@Sang140790 Sang140790 mentioned this issue Jun 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: core An issue in spring-security-core status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Projects
None yet
Milestone
5.4.0-M1
Development

No branches or pull requests
3 participants
@rwinch @alan-czajkowski @spring-projects-issues