RFR: 8280409: JarFile::verifiableEntry can fail with NPE accessing ze.getName() [v2]
Lance Andersen
lancea at openjdk.java.net
Tue Feb 8 18:15:07 UTC 2022
On Tue, 8 Feb 2022 18:05:25 GMT, Lance Andersen <lancea at openjdk.org> wrote:
>> ze can't be null here.
>
>> ze can't be null here.
>
> Actually it can be: Consider the following:
>
>
> try (JarFile jf = new JarFile(SIGNED_VALID_ENTRY_NAME_JAR.toFile(), true)) {
> var ze = new ZipEntry("org/gotham/Batcave.class");
> var ex= expectThrows(ZipException.class,
> () -> jf.getInputStream(ze) );
> // Validate that we receive the expected message from
> // JarFile::verifiableEntry when ZipEntry::getName returns null
> assertTrue( ex != null && ex.getMessage().equals("Error: ZipEntry should not be null!"));
> }
>
>
> The above code does generate the error.
> Nit, add space after "if"
will fix
-------------
PR: https://git.openjdk.java.net/jdk/pull/7348
More information about the security-dev
mailing list