RFR: 8284910: Buffer clean in PasswordCallback [v4]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Tue Apr 26 04:33:56 UTC 2022


On Mon, 25 Apr 2022 20:41:47 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Code clean up per feedback
>
> test/jdk/javax/security/auth/callback/PasswordCleanup.java line 58:
> 
>> 56:     }
>> 57: 
>> 58:     private static void clearWithMethod() throws Exception {
> 
> This looks like the exact same test as `clearAtCollection`.

Nice catch.  The passwordCallback.clearPassword() should not be called in clearAtCollection.

> test/jdk/javax/security/auth/callback/PasswordCleanup.java line 74:
> 
>> 72:     }
>> 73: 
>> 74:     private static void checkClearing() throws Exception {
> 
> How is this test testing that the password is cleared?

The test case is used to check that the Cleaner used is not bind to 'this' object, and the cleaner during finalization could work.  Unfortunately, as the cleaner behavior is not visible, I don't find a way to automated test that the password is really cleared during finalization.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8272


More information about the security-dev mailing list