From: Robert Varga <robert.varga@pantheon.tech>
Date: Tue, 21 May 2019 11:27:02 +0000 (+0200)
Subject: Fix unsafe global config access
X-Git-Tag: release/neon-sr2~16
X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=netconf.git;a=commitdiff_plain;h=268bde77fa1196a742565202783d5071afa833bf

Fix unsafe global config access

Current global config is a volatile variable, hence it must be
acquired into a local variable for proper nullness checks --
otherwise it is open to TOCTOU race conditions leading to NPEs.

Change-Id: I9316b3ed976575726da7a065668c507e15fe0ddf
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
---

diff --git a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl.java b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl.java
index f6af5e41f8..840dca1ffd 100644
--- a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl.java
+++ b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl.java
@@ -236,7 +236,6 @@ public class CallHomeAuthProviderImpl implements CallHomeAuthorizationProvider,
     }
 
     private static class GlobalConfig implements DataTreeChangeListener<Global> {
-
         private volatile Global current = null;
 
         @Override
@@ -247,15 +246,14 @@ public class CallHomeAuthProviderImpl implements CallHomeAuthorizationProvider,
         }
 
         boolean allowedUnknownKeys() {
-            if (current == null) {
-                return false;
-            }
+            final Global local = current;
             // Deal with null values.
-            return Boolean.TRUE.equals(current.isAcceptAllSshKeys());
+            return local != null && Boolean.TRUE.equals(local.isAcceptAllSshKeys());
         }
 
         Credentials getCredentials() {
-            return current != null ? current.getCredentials() : null;
+            final Global local = current;
+            return local != null ? local.getCredentials() : null;
         }
     }
 }