Null Pointer when receiving an invalid transport type during SockJS request [SPR-13545]

**[Ben Kiefer](https://jira.spring.io/secure/ViewProfile.jspa?name=benkiefer)** opened **[SPR-13545](https://jira.spring.io/browse/SPR-13545?redirect=false)** and commented

Our endpoint fuzzer was able to produce a 500 error due to a nullpointer in the  TransportHandlingSockJsService. The following lines were the problem

```java
protected boolean validateRequest(String serverId, String sessionId, String transport) {
		if (!getAllowedOrigins().contains("*") && !TransportType.fromValue(transport).supportsOrigin()) {
			if (logger.isWarnEnabled()) {
				logger.warn("Origin check has been enabled, but transport " + transport + " does not support it");
			}
			return false;
		}
		return super.validateRequest(serverId, sessionId, transport);
```

The nullpointer occurs when the transport is an unknown value (ex: bob) as the fromValue returns null when the type is not found.


---

**Affects:** 4.1.7, 4.2.1

**Reference URL:** https://github.com/spring-projects/spring-framework/pull/882

**Referenced from:** commits https://github.com/spring-projects/spring-framework/commit/8429c4be74f18022eff57b5a5184eb215899d726, https://github.com/spring-projects/spring-framework/commit/966f95b9b5966d0d75015d81fdede442ba5c2598

**Backported to:** [4.1.8](https://github.com/spring-projects/spring-framework/milestone/132?closed=1)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Null Pointer when receiving an invalid transport type during SockJS request [SPR-13545] #18121

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Null Pointer when receiving an invalid transport type during SockJS request [SPR-13545] #18121

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions