RFR: 8284910: Buffer clean in PasswordCallback [v2]
Roger Riggs
rriggs at openjdk.java.net
Mon Apr 18 19:13:30 UTC 2022
On Mon, 18 Apr 2022 18:15:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> setPassword can/should always clear the previous password. It is an internal copy that no one else has a reference to and is being replaced.
>> It will need to either explicitly call cleanable.clean() or fill/erase the array itself.
>> Overwriting the cleanable will prevent the existing cleanable from being processed.
>> It don't think it needs a spec change, the internal value is implementation only.
>
> What about code that is already calling `clearPassword` between calls to `setPassword`? This seems to be a change in the design of this API. The `clearPassword` method is there to allow callers to manage and clear the passwords itself.
I think its "belt and suspenders".
If the caller does not call `clearPassword` before calling a second `setPassword,` the previous char array will still contain the previous password and remain uncleared in memory for a (longer) indeterminate time.
It is fulfilling the same purpose as the original finalizer.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8272
More information about the security-dev
mailing list