RFR: 8346094: Harden X509CertImpl.getExtensionValue for NPE cases
Sean Mullan
mullan at openjdk.org
Fri Feb 7 15:15:16 UTC 2025
On Thu, 6 Feb 2025 14:36:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> I'm wondering how necessary this fix is. These are internal classes, only called inside JDK, where some pre-conditions are always met. Unless someone explicitly calls `x509Certimpl.getInfo().setExtensions(null)` (as done in the test), it seems like both the `info` and `extensions` fields should never be null.
>
> If you’re concerned about misuse of these methods leading to potential future issues, consider adding comments to clarify their expected usage. You could also include `assert` statements or `Objects.requireNonNull` calls to enforce these preconditions.
I agree with Weijun. The `info` field should never be `null` under normal circumstances. Checking if it is `null` would only make sense if there is a bug somewhere else in the code, and in that case, the bug should be fixed.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/23315#issuecomment-2643211271
More information about the security-dev
mailing list