Page History

Null pointer dereferencing bugs commonly appear in security contexts. For instance, Java WebstartWeb Start applications and applets particular to JDK version 1.6, prior to update 4, were affected by a bug that had some noteworthy security consequences. A {{NullPointerException}} was generated in some isolated cases when the application or applet attempted to establish an https connection with a server \[[SDN 2008|AA. Bibliography#SDN 08]\]. The failure to establish a secure https connection with the server caused a denial of service issue: clients were temporarily forced to use an insecure http channel for data exchange.

This noncompliant example shows a bug in Tomcat version 4.1.24, initially discovered by Reasoning \[[Reasoning 2003|AA. Bibliography#Reasoning 03]\]. The {{cardinality}} method was designed to return the number of occurrences of object {{obj}} in collection {{col}}. A valid use of the {{cardinality}} method  is to determine how many objects in the collection are {{null}}. However, because membership in the collection is checked with the expression {{obj.equals(elt)}}, a null pointer dereference is guaranteed whenever {{obj}} is {{null}}. Such ambiguity can also result from the short-circuit behavior of the conditional AND and OR operators (See guideline [EXP07-J. Understand the differences between bitwise and logical operators].) 

\[[API 2006|AA. Bibliography#API 06]\] [method doPrivileged()|http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)]
\[[Hovemeyer 2007|AA. Bibliography#Hovemeyer 07]\]
\[[Reasoning 2003|AA. Bibliography#Reasoning 03]\] Defect ID 00-0001, Null Pointer Dereference
\[[SDN 2008|AA. Bibliography#SDN 08]\] [Bug ID 6514454|http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6514454]