RFR: 8282730: LdapLoginModule throw NPE from logout method after login failure
Sean Mullan
mullan at openjdk.org
Mon Jul 11 21:20:39 UTC 2022
On Mon, 11 Jul 2022 19:49:13 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixLoginModule.java line 289:
>>
>>> 287: subject.getPrincipals().remove(GIDPrincipal);
>>> 288: }
>>> 289: if (supplementaryGroups != null) {
>>
>> This line is harmless, but you could take it out as supplementaryGroups is never null.
>
> Yes, in fact, whenever `add()` is called, a `new UnixNumericGroupPrincipal(...)` is added. So it seems there is no need to check the elements inside as well. Same in `JndiLoginModule`. In `NTLoginModule`, while the `groups` array itself can be null, its element is also never null.
Right, agreed.
-------------
PR: https://git.openjdk.org/jdk/pull/9348
More information about the security-dev
mailing list