archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-22 12:04:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8246193: Possible NPE in ENC-PA-REP search in AS-REQ

Browse source 
Reviewed-by: xuelei
This commit is contained in:
Weijun Wang 2020-05-31 10:13:04 +08:00
parent 4eeb61299f
commit 6212aea580
3 changed files with 53 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/java.security.jgss/share/classes/sun/security/krb5/KrbKdcRep.java
View file

@ -146,6 +146,7 @@ abstract class KrbKdcRep {
boolean reqPaReqEncPaRep = false; boolean reqPaReqEncPaRep = false;
boolean repPaReqEncPaRepValid = false; boolean repPaReqEncPaRepValid = false;
if (req.pAData != null) {
for (PAData pa : req.pAData) { for (PAData pa : req.pAData) {
if (pa.getType() == Krb5.PA_REQ_ENC_PA_REP) { if (pa.getType() == Krb5.PA_REQ_ENC_PA_REP) {
// The KDC supports RFC 6806 and ENC-PA-REP was sent in // The KDC supports RFC 6806 and ENC-PA-REP was sent in
@ -154,6 +155,7 @@ abstract class KrbKdcRep {
break; break;
} }
} }
}
if (rep.encKDCRepPart.pAData != null) { if (rep.encKDCRepPart.pAData != null) {
for (PAData pa : rep.encKDCRepPart.pAData) { for (PAData pa : rep.encKDCRepPart.pAData) {

41
test/jdk/sun/security/krb5/auto/AlwaysEncPaReq.java Normal file
View file

@ -0,0 +1,41 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8246193
* @summary Possible NPE in ENC-PA-REP search in AS-REQ
* @library /test/lib
* @compile -XDignore.symbol.file AlwaysEncPaReq.java
* @run main jdk.test.lib.FileInstaller TestHosts TestHosts
* @run main/othervm -Dtest.kdc.always.enc.pa.rep
* -Djdk.net.hosts.file=TestHosts AlwaysEncPaReq
*/
public class AlwaysEncPaReq {
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf()
.setOption(KDC.Option.PREAUTH_REQUIRED, false);
Context.fromJAAS("client");
}
}

5
test/jdk/sun/security/krb5/auto/KDC.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2008, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2008, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -1168,6 +1168,9 @@ public class KDC {
bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true; bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
} }
bFlags[Krb5.TKT_OPTS_INITIAL] = true; bFlags[Krb5.TKT_OPTS_INITIAL] = true;
if (System.getProperty("test.kdc.always.enc.pa.rep") != null) {
bFlags[Krb5.TKT_OPTS_ENC_PA_REP] = true;
}
// Creating PA-DATA // Creating PA-DATA
DerValue[] pas2 = null, pas = null; DerValue[] pas2 = null, pas = null;