Code review request: 7158329: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()

Jonathan Gibbons jonathan.gibbons at oracle.com
Thu Apr 5 11:29:10 PDT 2012


Max,

If it were me writing the test, I'd avoid using a shell script and would 
write Java code using ProcessBuilder to set an env-var and then realunch 
the test via  new File(new File(System.getProperty("java.home"), "bin"), 
"java");

This Java code could even be co-located in the EmptyCC.java file.

-- Jon


On 04/05/2012 02:32 AM, Weijun Wang wrote:
> The webrev is at
>
>   http://cr.openjdk.java.net/~weijun/7158329/webrev.00/
>
> There are two places where the content (getDefaultCreds) of a cache 
> might be null, one with a specified ccache file name, one default. In 
> order to check for both, a KRB5CCNAME environment variable is needed. 
> Therefore the test must be a script calling a Java program.
>
> *Jon*: I guess this is the only way to feed an environment variable to 
> a Java test?
>
> Thanks
> Max
>
> -------- Original Message --------
> *Change Request ID*: 7158329
> *Synopsis*: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()
>
>   Product: java
>   Category: java
>   Subcategory: classes_security
>   Type: Defect
>
> === *Description* 
> ============================================================
> FULL PRODUCT VERSION :
> java version "1.6.0_26"
> Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
> Java HotSpot(TM) Client VM (build 20.1-b02, mixed mode, sharing)
>
> ADDITIONAL OS VERSION INFORMATION :
> Microsoft Windows XP [Version 5.1.2600]
>
> A DESCRIPTION OF THE PROBLEM :
> Trying to invoke login with Krb5LoginModule, debug=false, 
> doNotPrompt=true, useTicketCache=true, storeKey=false.
>
> When an empty file krb5cc_<username> in <userhome> exists, this throws 
> a NullPointerException in 
> sun.security.krb5.Credentials.acquireDefaultCreds().
>
> The cause is the following code:
>
>         if (cache == null) {
>             cache = CredentialsCache.getInstance();
>         }
>         if (cache != null) {
>             if (DEBUG) {
>                 System.out.println(">>> KrbCreds found the default 
> ticket " +
>                                    "granting ticket in credential 
> cache.");
>             }
>             sun.security.krb5.internal.ccache.Credentials temp =
>                 cache.getDefaultCreds();
>             if (EType.isSupported(temp.getEType())) {
>                 result = temp.setKrbCreds();
>             } else {
>                 if (DEBUG) {
>                     System.out.println(
>                         ">>> unsupported key type found the default 
> TGT: " +
>                         temp.getEType());
>                 }
>             }
>         }
>
> where cache.getDefaultCreds() can and will return null in case the 
> ticket cache is empty, so the EType.isSupported(...) fails.
>
>
> REPRODUCIBILITY :
> This bug can be reproduced always.
>




More information about the security-dev mailing list