Code review request: 7158329: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()

Weijun Wang weijun.wang at oracle.com
Fri Apr 6 02:35:57 UTC 2012


Webrev updated:

   http://cr.openjdk.java.net/~weijun/7158329/webrev.01

No change to src.

*Jon*: Is this the correct style to use ProcessBuilder to launch a test? 
I guess there is no need to go othervm?

*Valerie*: Can you take a review on this?

Thanks
Max

On 04/06/2012 02:29 AM, Jonathan Gibbons wrote:
> Max,
>
> If it were me writing the test, I'd avoid using a shell script and would
> write Java code using ProcessBuilder to set an env-var and then realunch
> the test via new File(new File(System.getProperty("java.home"), "bin"),
> "java");
>
> This Java code could even be co-located in the EmptyCC.java file.
>
> -- Jon
>
>
> On 04/05/2012 02:32 AM, Weijun Wang wrote:
>> The webrev is at
>>
>> http://cr.openjdk.java.net/~weijun/7158329/webrev.00/
>>
>> There are two places where the content (getDefaultCreds) of a cache
>> might be null, one with a specified ccache file name, one default. In
>> order to check for both, a KRB5CCNAME environment variable is needed.
>> Therefore the test must be a script calling a Java program.
>>
>> *Jon*: I guess this is the only way to feed an environment variable to
>> a Java test?
>>
>> Thanks
>> Max
>>
>> -------- Original Message --------
>> *Change Request ID*: 7158329
>> *Synopsis*: NPE in sun.security.krb5.Credentials.acquireDefaultCreds()
>>
>> Product: java
>> Category: java
>> Subcategory: classes_security
>> Type: Defect
>>
>> === *Description*
>> ============================================================
>> FULL PRODUCT VERSION :
>> java version "1.6.0_26"
>> Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
>> Java HotSpot(TM) Client VM (build 20.1-b02, mixed mode, sharing)
>>
>> ADDITIONAL OS VERSION INFORMATION :
>> Microsoft Windows XP [Version 5.1.2600]
>>
>> A DESCRIPTION OF THE PROBLEM :
>> Trying to invoke login with Krb5LoginModule, debug=false,
>> doNotPrompt=true, useTicketCache=true, storeKey=false.
>>
>> When an empty file krb5cc_<username> in <userhome> exists, this throws
>> a NullPointerException in
>> sun.security.krb5.Credentials.acquireDefaultCreds().
>>
>> The cause is the following code:
>>
>> if (cache == null) {
>> cache = CredentialsCache.getInstance();
>> }
>> if (cache != null) {
>> if (DEBUG) {
>> System.out.println(">>> KrbCreds found the default ticket " +
>> "granting ticket in credential cache.");
>> }
>> sun.security.krb5.internal.ccache.Credentials temp =
>> cache.getDefaultCreds();
>> if (EType.isSupported(temp.getEType())) {
>> result = temp.setKrbCreds();
>> } else {
>> if (DEBUG) {
>> System.out.println(
>> ">>> unsupported key type found the default TGT: " +
>> temp.getEType());
>> }
>> }
>> }
>>
>> where cache.getDefaultCreds() can and will return null in case the
>> ticket cache is empty, so the EType.isSupported(...) fails.
>>
>>
>> REPRODUCIBILITY :
>> This bug can be reproduced always.
>>
>



More information about the security-dev mailing list