RFR: 8284910: Buffer clean in PasswordCallback [v2]
Roger Riggs
rriggs at openjdk.java.net
Mon Apr 18 18:11:39 UTC 2022
On Mon, 18 Apr 2022 17:27:04 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/javax/security/auth/callback/PasswordCallback.java line 123:
>>
>>> 121: cleanable = CleanerFactory.cleaner().register(
>>> 122: this, cleanerFor(inputPassword));
>>> 123: }
>>
>> If `setPassword` is called twice in succession, should the previous password be cleaned before the new one is assigned and registered?
>
> I can see why that might be a good idea. Would require a specification change though. I also think it is fine to keep the behavior the same, and place the responsibility on the application to call `clearPassword` before setting a new one. We could add a warning though, something like: "Note: `clearPassword` should be called to clear any prior password before calling `setPassword` multiple times on the same `PasswordCallback` instance."
setPassword can/should always clear the previous password. It is an internal copy that no one else has a reference to and is being replaced.
It will need to either explicitly call cleanable.clean() or fill/erase the array itself.
Overwriting the cleanable will prevent the existing cleanable from being processed.
It don't think it needs a spec change, the internal value is implementation only.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8272
More information about the security-dev
mailing list