Webrev request: JDK-8015081
Jamil Nimeh
jamil.j.nimeh at oracle.com
Thu Jun 12 14:58:28 UTC 2014
The Subject's readObject can get called in one of two scenarios: When a
Subject is deserialized and if a SecureSet is deserialized (because of
the reference to the containing Subject in SecureSet). In the latter
case, accessing the contents of inputPrincs before deserialization is
complete causes NPEs (even in valid cases) because the Subject is being
deserialized before the SecureSet - chicken/egg thing. I believe I
could add that simple null check for the object itself back in without
breaking things, but SecureSet's readObject is now checking the
contents. I'll put it back in and re-run the tests to make sure it'll work.
--Jamil
On 06/12/2014 02:40 AM, Wang Weijun wrote:
> Why
>
> @@ -968,14 +963,10 @@
>
> readOnly = gf.get("readOnly", false);
>
> Set<Principal> inputPrincs = (Set<Principal>)gf.get("principals", null);
>
> // Rewrap the principals into a SecureSet
>
> - if (inputPrincs == null) {
> - throw new NullPointerException
> - (ResourcesMgr.getString("invalid.null.input.s."));
> - }
>
> try {
> principals = Collections.synchronizedSet(new SecureSet<Principal>
> (this, PRINCIPAL_SET, inputPrincs));
> } catch (NullPointerException npe) {
> // Sometimes people deserialize the principals set only.
>
>
> It looks you accept principals being null in serialized form. (Of course, the new object contains a non-null one).
>
> Thanks
> Max
>
> On Jun 12, 2014, at 17:26, Jamil Nimeh <jamil.j.nimeh at oracle.com> wrote:
>
>> Next round: This one incorporates Weijun's comments and cleans up a couple warnings in the test code.
>>
>> http://cr.openjdk.java.net/~weijun/8015081/webrev.05/
>>
>> --Jamil
More information about the security-dev
mailing list