RFR: 8316964: Security tools should not call System.exit
ExE Boss
duke at openjdk.org
Tue Oct 3 21:13:53 UTC 2023
On Wed, 27 Sep 2023 20:33:49 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Remove most `System.exit()` calls in various security tools and only leave one in the `main` method. This paves the way to convert them to JSR 199 tools.
src/java.base/share/classes/sun/security/tools/keytool/Main.java line 433:
> 431: }
> 432: } catch (ExitException ee) {
> 433: throw ee;
`ExitException` is a private inner class, so external users won’t be able to distinguish it from a regular `Exception` to extract the `errorCode`.
src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Klist.java line 97:
> 95: }
> 96:
> 97: public void run(String[] args) throws ExitException {
Again, leaking a `private` `ExitException` from a `public` method.
src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Ktab.java line 92:
> 90: }
> 91:
> 92: public void run(String[] args) throws ExitException {
Another `ExitException` leak.
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 319:
> 317: return;
> 318: } else {
> 319: throw ee;
And another `ExitException` leak.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1344741198
PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1344742062
PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1344743018
PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1344744211
More information about the security-dev
mailing list