Code review request: 7158329: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()
Weijun Wang
weijun.wang at oracle.com
Thu Apr 5 09:32:39 UTC 2012
The webrev is at
http://cr.openjdk.java.net/~weijun/7158329/webrev.00/
There are two places where the content (getDefaultCreds) of a cache
might be null, one with a specified ccache file name, one default. In
order to check for both, a KRB5CCNAME environment variable is needed.
Therefore the test must be a script calling a Java program.
*Jon*: I guess this is the only way to feed an environment variable to a
Java test?
Thanks
Max
-------- Original Message --------
*Change Request ID*: 7158329
*Synopsis*: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()
Product: java
Category: java
Subcategory: classes_security
Type: Defect
=== *Description*
============================================================
FULL PRODUCT VERSION :
java version "1.6.0_26"
Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
Java HotSpot(TM) Client VM (build 20.1-b02, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
Trying to invoke login with Krb5LoginModule, debug=false,
doNotPrompt=true, useTicketCache=true, storeKey=false.
When an empty file krb5cc_<username> in <userhome> exists, this throws a
NullPointerException in sun.security.krb5.Credentials.acquireDefaultCreds().
The cause is the following code:
if (cache == null) {
cache = CredentialsCache.getInstance();
}
if (cache != null) {
if (DEBUG) {
System.out.println(">>> KrbCreds found the default
ticket " +
"granting ticket in credential cache.");
}
sun.security.krb5.internal.ccache.Credentials temp =
cache.getDefaultCreds();
if (EType.isSupported(temp.getEType())) {
result = temp.setKrbCreds();
} else {
if (DEBUG) {
System.out.println(
">>> unsupported key type found the default
TGT: " +
temp.getEType());
}
}
}
where cache.getDefaultCreds() can and will return null in case the
ticket cache is empty, so the EType.isSupported(...) fails.
REPRODUCIBILITY :
This bug can be reproduced always.
More information about the security-dev
mailing list