RFR: 8282730: LdapLoginModule throw NPE from logout method after login failure [v3]
Weijun Wang
weijun at openjdk.org
Sat Jul 16 13:46:58 UTC 2022
> Add null-checks in all `LoginModule` implementations. It's possible that an application calls `logout` after a login failure, where most internal variables for principals and credentials are null and removing a null from the `Subject`'s principals and credentials sets will trigger a `NullPointerException`.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
more comment
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/9348/files
- new: https://git.openjdk.org/jdk/pull/9348/files/810a0114..86c1fd65
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=9348&range=02
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=9348&range=01-02
Stats: 6 lines in 1 file changed: 2 ins; 0 del; 4 mod
Patch: https://git.openjdk.org/jdk/pull/9348.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/9348/head:pull/9348
PR: https://git.openjdk.org/jdk/pull/9348
More information about the security-dev
mailing list