RFR: 8367024: JNI exception pending in Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey of p11_keymgmt.c:950 [v2]
Daniel Jeliński
djelinski at openjdk.org
Thu Jan 8 07:02:58 UTC 2026
On Wed, 7 Jan 2026 21:05:55 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:
>> The method ckAssertReturnValueOK will invoke ckAssertReturnValueOK2 which makes multiple calls to JNI functions, such as FindClass or GetMethodID. These calls would be unsafe as there may be a pending exception at this time.
>> So adding exception check to return immediately and do not call any further JNI functions when there is exception pending.
>
> Koushik Muthukrishnan Thirupattur has updated the pull request incrementally with one additional commit since the last revision:
>
> 8367024: Addressing review comments
src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c line 967:
> 965: /* Do not continue if any copy-back operation raised an exception */
> 966: if ((*env)->ExceptionCheck(env)) {
> 967: goto cleanup;
This shouldn't be necessary now; note that `cleanup` will be executed next whether the `if` branch is taken or not.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29054#discussion_r2671118904
More information about the security-dev
mailing list