From aa55d71cf53ccca0f985706983423fac82852f49 Mon Sep 17 00:00:00 2001 From: luccioman Date: Mon, 29 May 2017 19:16:09 +0200 Subject: [PATCH] Fixed a NullPointerException case on Digest authentication. Could occur when upgrading from a Debian package configured with Basic authentication (as in release 1.92.9000) to a more recent one with Digest authentication, without having re-encoded the admin password (for example with dpkg-reconfigure). As reported by eros on YaCy forum (http://forum.yacy-websuche.de/viewtopic.php?f=23&t=5988#p33686). --- source/net/yacy/http/YaCyLegacyCredential.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/source/net/yacy/http/YaCyLegacyCredential.java b/source/net/yacy/http/YaCyLegacyCredential.java index 5deb9accd..13c217002 100644 --- a/source/net/yacy/http/YaCyLegacyCredential.java +++ b/source/net/yacy/http/YaCyLegacyCredential.java @@ -65,8 +65,11 @@ public class YaCyLegacyCredential extends Credential { public boolean check(Object credentials) { if (credentials instanceof Credential) { // for DIGEST auth - return ((Credential) credentials).check(c); - + if(this.c == null) { + /* credential may be null after switching from BASIC to DIGEST authentication without re-encoding the password */ + return false; + } + return ((Credential) credentials).check(this.c); } if (credentials instanceof String) { // for BASIC auth final String pw = (String) credentials;