RFR: 8280409: JarFile::verifiableEntry can fail with NPE accessing ze.getName() [v3]
Lance Andersen
lancea at openjdk.java.net
Fri Feb 11 17:50:09 UTC 2022
On Fri, 11 Feb 2022 13:45:47 GMT, Alan Bateman <alanb at openjdk.org> wrote:
>> Lance Andersen has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - Return a null InputStream when the ZipEntry is not found in the Jar
>> - Address formatting and message feedback
>
> src/java.base/share/classes/java/util/jar/JarFile.java line 881:
>
>> 879: ze = getJarEntry(entryName);
>> 880: } else {
>> 881: throw new ZipException("ZipEntry::getName returned null");
>
> Throwing ZipException when ZipEntry::getName returns null is still surprising but not terrible. The spec for getInputStream specifies ZipException for when a zip file format occurs so we might have to extend that to add "or the zip entry name is null".
If you would like me to update the ZipException to clarify this I can. The original issue was due to a format error in the CEN so the current wording covers that. It does not cover the case where ZipEntry is subclassed and ZipEntry::getName() returns null which is what your suggested wording would address.
Please note the above change addresses the signed jar scenario. I can add an additional check in JarFile::getInputStream to check for null from ZipEntry::getName so that it covers unsigned jars and signed jars not being verified.
The issue will not occur with ZipEntry::getInputStream given its use of ZipEntry.name which can never be null.
Please let me know your preference
-------------
PR: https://git.openjdk.java.net/jdk/pull/7348
More information about the security-dev
mailing list