Integrated: 8284910: Buffer clean in PasswordCallback
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu Apr 28 02:51:46 UTC 2022
On Sat, 16 Apr 2022 15:45:21 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> Please review this password cleanup enhancement in the PasswordCallback implementation. This is one of the effort to clean up the buffered passwords.
>
> The PasswordCallback.setPassword() clones the password, but is not registered for cleanup. An application could call clearPassword() for the purpose, but it would be nice to cleanup the buffer as well if clearPassword() was not called in an application. And, if the setPassword() get called multiple times, the clearPassword() should also be called the same times if not relying on finalization. It could be fragile in practice.
This pull request has now been integrated.
Changeset: 89fd6d34
Author: Xue-Lei Andrew Fan <xuelei at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/89fd6d34f859d61d9cf5a1edf9419eee7c338390
Stats: 147 lines in 3 files changed: 141 ins; 0 del; 6 mod
8284910: Buffer clean in PasswordCallback
Reviewed-by: mullan
-------------
PR: https://git.openjdk.java.net/jdk/pull/8272
More information about the security-dev
mailing list