RFR: 8280409: JarFile::verifiableEntry can fail with NPE accessing ze.getName()
Sean Mullan
mullan at openjdk.java.net
Fri Feb 4 15:58:16 UTC 2022
On Fri, 4 Feb 2022 12:42:39 GMT, Lance Andersen <lancea at openjdk.org> wrote:
> Hi all,
>
> Please review the attached patch to address
>
> - That JarFile::getInputStream did not check for a null ZipEntry passed as a parameter
> - Have Zip/JarFile::getInputStream throw a ZipException in the event that an unexpected exception occurs
>
> Mach5 tiers1-3 runs are clean as are the TCK java.util.zip and java.util.jar test runs
>
> Best
> Lance
Could these unexpected exceptions also occur when using the `JarInputStream` API?
-------------
PR: https://git.openjdk.java.net/jdk/pull/7348
More information about the security-dev
mailing list