RFR: 8282730: LdapLoginModule throw NPE from logout method after login failure [v2]
Weijun Wang
weijun at openjdk.org
Mon Jul 11 21:42:47 UTC 2022
> Add null-checks in all `LoginModule` implementations. It's possible that an application calls `logout` after a login failure, where most internal variables for principals and credentials are null and removing a null from the `Subject`'s principals and credentials sets will trigger a `NullPointerException`.
Weijun Wang has updated the pull request incrementally with two additional commits since the last revision:
- null not in code
- sean comments
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/9348/files
- new: https://git.openjdk.org/jdk/pull/9348/files/b3e1f541..810a0114
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=9348&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=9348&range=00-01
Stats: 49 lines in 7 files changed: 8 ins; 7 del; 34 mod
Patch: https://git.openjdk.org/jdk/pull/9348.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/9348/head:pull/9348
PR: https://git.openjdk.org/jdk/pull/9348
More information about the security-dev
mailing list