RFR: 8285516: clearPassword should be called in a finally try block [v3]
Sean Mullan
mullan at openjdk.java.net
Thu May 5 20:28:06 UTC 2022
On Thu, 5 May 2022 06:02:14 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Hi,
>>
>> Could I have the simple update reviewed?
>>
>> In the PKCS12 key store implementation, the PBEKeySpec.clearPassword() should be called in a finally try block. Otherwise, the password cleanup could be interrupted by exceptions.
>>
>> Thanks,
>> Xuelei
>
> Xue-Lei Andrew Fan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>
> - Merge
> - an extra whitespace added
> - 8285516: clearPassword should be called in a finally try block
Even though this looks like a very low risk change, I would advise not integrating until next week as the Loom integration into 19 is planned for this weekend and it would be better to have as few disruptions as possible. Thanks!
-------------
PR: https://git.openjdk.java.net/jdk/pull/8377
More information about the security-dev
mailing list