Code review request: 7158329: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()

Weijun Wang weijun.wang at oracle.com
Thu Apr 5 02:32:39 PDT 2012 

The webrev is at

   http://cr.openjdk.java.net/~weijun/7158329/webrev.00/

There are two places where the content (getDefaultCreds) of a cache 
might be null, one with a specified ccache file name, one default. In 
order to check for both, a KRB5CCNAME environment variable is needed. 
Therefore the test must be a script calling a Java program.

*Jon*: I guess this is the only way to feed an environment variable to a 
Java test?

Thanks
Max

-------- Original Message --------
*Change Request ID*: 7158329
*Synopsis*: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()

   Product: java
   Category: java
   Subcategory: classes_security
   Type: Defect

=== *Description* 
============================================================
FULL PRODUCT VERSION :
java version "1.6.0_26"
Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
Java HotSpot(TM) Client VM (build 20.1-b02, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
Trying to invoke login with Krb5LoginModule, debug=false, 
doNotPrompt=true, useTicketCache=true, storeKey=false.

When an empty file krb5cc_<username> in <userhome> exists, this throws a 
NullPointerException in sun.security.krb5.Credentials.acquireDefaultCreds().

The cause is the following code:

         if (cache == null) {
             cache = CredentialsCache.getInstance();
         }
         if (cache != null) {
             if (DEBUG) {
                 System.out.println(">>> KrbCreds found the default 
ticket " +
                                    "granting ticket in credential cache.");
             }
             sun.security.krb5.internal.ccache.Credentials temp =
                 cache.getDefaultCreds();
             if (EType.isSupported(temp.getEType())) {
                 result = temp.setKrbCreds();
             } else {
                 if (DEBUG) {
                     System.out.println(
                         ">>> unsupported key type found the default 
TGT: " +
                         temp.getEType());
                 }
             }
         }

where cache.getDefaultCreds() can and will return null in case the 
ticket cache is empty, so the EType.isSupported(...) fails.


REPRODUCIBILITY :
This bug can be reproduced always.

More information about the security-dev mailing list