RFR 8151788: NullPointerException from ntlm.Client.type3
Weijun Wang
weijun.wang at oracle.com
Tue Jul 12 14:55:54 UTC 2016
On 7/12/2016 22:34, Pavel Rappo wrote:
> What's the difference between no security buffer and an empty one (from the
> com.sun.security.ntlm.Client#type3's perspective)?
I quickly browse through the NTLM protocol and yes they look like the
same in each case. (Except for one which I am not sure, is there any
difference between no domain and empty domain?) In all cases where a
security buffer is optional, there is a flag we can rely on, and no need
to look at whether the offset of the security buffer is zero.
So it does look safer to return a new byte[0] right inside
readSecurityBuffer(int offset) when the offset is zero.
Thanks
Max
>
>> On 12 Jul 2016, at 15:25, Wang Weijun <weijun.wang at oracle.com> wrote:
>>
>> When there is no offset, there is no security buffer at all. When the length is zero, the security buffer is an empty byte array.
>
More information about the net-dev
mailing list