RFR: 8284910: Buffer clean in PasswordCallback [v5]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Tue Apr 26 04:51:48 UTC 2022


> Please review this password cleanup enhancement in the PasswordCallback implementation.  This is one of the effort to clean up the buffered passwords.
> 
> The PasswordCallback.setPassword() clones the password, but is not registered for cleanup. An application could call clearPassword() for the purpose, but it would be nice to cleanup the buffer as well if clearPassword() was not called in an application. And, if the setPassword() get called multiple times, the clearPassword() should also be called the same times if not relying on finalization. It could be fragile in practice.

Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:

  correct test typo and test clearPassword()

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/8272/files
  - new: https://git.openjdk.java.net/jdk/pull/8272/files/01542bb6..aaedee46

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8272&range=04
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8272&range=03-04

  Stats: 12 lines in 1 file changed: 10 ins; 0 del; 2 mod
  Patch: https://git.openjdk.java.net/jdk/pull/8272.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/8272/head:pull/8272

PR: https://git.openjdk.java.net/jdk/pull/8272


More information about the security-dev mailing list