RFR: 8284910: Buffer clean in PasswordCallback [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu Apr 21 06:55:22 UTC 2022
On Thu, 21 Apr 2022 06:50:58 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> I'd recommend setting `cleanable` to null after it's been cleaned to make the state machine easier to reason about. The invariant would be: if `cleanable` is non-null, then we have something dirty that needs to be cleaned. If we don't clear it to null after cleaning, it potentially results in confusing states. For example, suppose the app calls `setPassword(nonNull)` and later calls `setPassword(null)`. The second call will set `inputPassword` to null but leave a stale reference in `cleanable`. This isn't necessarily harmful, but it's confusing.
>
>> The code in `clearPassword` can be simplified and only test `cleanable != null`; it will be null unless there is an inputPassword to clean.
>
> Yes. The testing of `cleanable != null` is sufficient.
> I'd recommend setting `cleanable` to null after it's been cleaned to make the state machine easier to reason about.
I like this idea. Updated.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8272
More information about the security-dev
mailing list