APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: Java callstack: java.sql.SQLException: <OSB>IBM<CSB><OSB>Hive JDBC Driver<CSB>System Exception: java.lang.NullPointerException: invalid null input(s) at java.util.Objects.requireNonNull(Objects.java:239) at javax.security.auth.Subject$SecureSet.remove(Subject.java:1368) at java.util.Collections$SynchronizedCollection.remove(Collections. java:2051) at com.ibm.security.auth.module.Krb5LoginModule.logout(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor Impl.java:90) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod AccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:508) at javax.security.auth.login.LoginContext.invoke(LoginContext.java: 788) at javax.security.auth.login.LoginContext.access$000(LoginContext.j ava:196) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:6 98) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:6 96) at java.security.AccessController.doPrivileged(AccessController.jav a:738) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.j ava:696) at javax.security.auth.login.LoginContext.logout(LoginContext.java: 645) at com.ibm.isf.hiveutil.ddad.b(Unknown Source) at com.ibm.isf.hiveutil.ddaw.a(Unknown Source) at com.ibm.isf.jdbc.hive.HiveImplConnection.d(Unknown Source) at com.ibm.isf.jdbc.hivebase.BaseConnection.m(Unknown Source) at com.ibm.isf.jdbc.hivebase.BaseConnection.close(Unknown Source) at com.ibm.is.cc.hive.HiveConnection.closeConnection(HiveConnection .java:1051) at com.ibm.is.cc.hive.HiveConnection.disconnect(HiveConnection.java :941) .
Local fix
N/A
Problem summary
Krb5LoginModule.logout() iterates through the Subject's private credentials to remove them as part of the logout process. The Collections classes within the javax.security.auth.Subject are implemented to disallow NULL Object values. However, in this scenario Subject$SecureSet.remove() is being passed a NULL Object, resulting in a java.lang.NullPointerException.
Problem conclusion
This issue is caused by an application making back-to-back calls to Krb5LoginModule.logout() for the same Subject. The first logout() removes all of the Kerberos credentials from the Subject via Subject$SecureSet.remove(non-null Object), so the second call fails in Subject$SecureSet.remove(null Object), because the Subject.getPrivateCredentials().iterator() is referencing an empty credentials set. Since redundant calls to logout() are not strictly forbidden, the Krb5LoginModule.logout() implementation was modified to gracefully ignore redundant calls, and in debug mode to simply print out an informational trace log message. The files affected by this APAR are: ibmjgssprovider.jar (Java 7 & 7.1: build_20210722--103, Java 8: build_20210722--104). The associated Hursley RTC Problem Report is: PR145912. The associated Austin Git issue is: Issue# 27 for IBMJGSS. The associated Austin APAR issue is: IJ33763. The fix was delivered for: Java 7.0 SR11, Java 7.1 SR5 , & Java 8.0 SR7. . This APAR will be fixed in the following Java Releases: 8 SR7 (8.0.7.0) 7 R1 SR5 (7.1.5.0) 7 SR11 (7.0.11.0)
Temporary fix
Comments
APAR Information
APAR number
IJ34966
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-09-14
Closed date
2021-09-14
Last modified date
2021-09-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
Document Information
Modified date:
29 September 2021