Bug 61668

Summary: Possible NullPointerException in org.apache.coyote.http11.AbstractHttp11Protocol
Product: Tomcat 8 Reporter: Esin Yakub <esinyakub>
Component: ConnectorsAssignee: Tomcat Developers Mailing List <dev>
Status: VERIFIED FIXED    
Severity: minor Keywords: Beginner
Priority: P2    
Version: 8.5.23   
Target Milestone: ----   
Hardware: PC   
OS: All   

Description Esin Yakub 2017-10-26 06:23:45 UTC
There are possible NullPointerException-s in org.apache.coyote.http11.AbstractHttp11Protocol's getSSLProtocol() and getSslEnabledProtocols() methods. In both methods if the SSL host configuration does not contain an "enabledProtocols" configuration the following line causes NPE:

StringUtils.join(this.defaultSSLHostConfig.getEnabledProtocols())

Easy repro step is running the following code:

public static void main(String[] args) {
    Http11Nio2Protocol protocol = new Http11Nio2Protocol();
    protocol.getSSLProtocol();
}
Comment 1 Mithun Sasidharan 2017-11-03 07:42:08 UTC
PR for this bug - https://github.com/apache/tomcat/pull/83
Comment 2 Mark Thomas 2017-11-08 11:09:58 UTC
Thanks for the report.

This has been fixed in:
- 9.0.x for 9.0.2 onwards
- 8.5.x for 8.5.24 onwards
Comment 3 Esin Yakub 2017-11-09 06:53:46 UTC
Thanks for the quick reaction guys!