• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None
    • Jenkins 2.190.1
    • Jenkins 2.203

      Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check.

       
      java.lang.NullPointerException
      at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328)
      at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296)
      at jenkins.model.Jenkins.doLogout(Jenkins.java:4063)
      at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
      at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
      at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)

       

      How to reproduce:

      curl https://ci.jenkins.io/logout

      or open a browser, delete all cookies and the browse open the same url

          [JENKINS-59904] NPE when calling logout without cookie

          Markus Winter created issue -
          Markus Winter made changes -
          Description Original: Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check.

           
          java.lang.NullPointerException
          at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328)
          at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296)
          at jenkins.model.Jenkins.doLogout(Jenkins.java:4063)
          at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
          at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
          at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
          at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
          at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
          at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
           
          New: Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check.

           
           java.lang.NullPointerException
           at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328)
           at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296)
           at jenkins.model.Jenkins.doLogout(Jenkins.java:4063)
           at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
           at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
           at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
           at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
           at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
           at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
           at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
           at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)

           

          How to reproduce:

          curl [https://ci.jenkins.io/logout]


            
          Markus Winter made changes -
          Description Original: Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check.

           
           java.lang.NullPointerException
           at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328)
           at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296)
           at jenkins.model.Jenkins.doLogout(Jenkins.java:4063)
           at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
           at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
           at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
           at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
           at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
           at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
           at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
           at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)

           

          How to reproduce:

          curl [https://ci.jenkins.io/logout]


            
          New: Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check.

           
           java.lang.NullPointerException
           at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328)
           at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296)
           at jenkins.model.Jenkins.doLogout(Jenkins.java:4063)
           at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
           at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
           at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
           at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
           at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
           at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
           at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
           at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)

           

          How to reproduce:

          curl [https://ci.jenkins.io/logout]

          or open a browser, delete all cookies and the browse open the same url
          Oleg Nenashev made changes -
          Released As New: Jenkins 2.203
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          Oleg Nenashev made changes -
          Labels New: lts-candidate
          Daniel Beck made changes -
          Labels Original: lts-candidate

            Unassigned Unassigned
            mawinter69 Markus Winter
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: