From 7cf6aee069388b51e952214fd84cd76fdf60c9ca Mon Sep 17 00:00:00 2001
From: Likitha Shetty <likitha.shetty@citrix.com>
Date: Tue, 12 Mar 2013 11:56:21 +0530
Subject: [PATCH] CLOUDSTACK-1625. NPE with updateResourceCount when && is
 passed thru API. If any API contains '&' i.e. no key value pair or
 '&<paramter-name>' i.e. a parameter without a value, then we get an NPE as
 owasp.esapi.StringUtilities.stripControls deosn't handle NPE.

---
 server/src/com/cloud/api/ApiServer.java | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index deb5e12f9fc..0439c6e2cc9 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -327,10 +327,12 @@ public class ApiServer implements HttpRequestHandler, ApiServerService {
                     }
                     String[] value = (String[]) params.get(key);
                     // fail if parameter value contains ASCII control (non-printable) characters
-                    String newValue = StringUtils.stripControlCharacters(value[0]);
-                    if ( !newValue.equals(value[0]) ) {
-                        throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter "
-                                + key + " is invalid, contains illegal ASCII non-printable characters");
+                    if (value[0] != null) {
+                        String newValue = StringUtils.stripControlCharacters(value[0]);
+                        if ( !newValue.equals(value[0]) ) {
+                            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter "
+                                    + key + " is invalid, contains illegal ASCII non-printable characters");
+                        }
                     }
                     paramMap.put(key, value[0]);
                 }