Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7126011

ReverseBuilder.getMatchingCACerts may throws NPE

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 7
    • Fix Version/s: 8
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b43
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        sun.security.provider.certpath.ReverseBuilder.getMatchingCACerts():
        222 sel.addPathToName(4, targetCertConstraints.getSubjectAsBytes());

        targetCertConstraints is an instance of X509CertSelector. X509CertSelector.getSubjectAsBytes() mey return null, as will result in X509CertSelector.addPathToName() throws NullPointerException.

        We may need to update the above code in case the subject in an X509CertSelector is null.

          Activity

          Hide
          mullan Sean Mullan added a comment -
          BT2:EVALUATION

          Will fix as part of JEP 124.
          Show
          mullan Sean Mullan added a comment - BT2:EVALUATION Will fix as part of JEP 124.
          Hide
          yulixu Vivian Xu (Inactive) added a comment -
          BT2:EVALUATION

          This bug is a part of bug 6854712:
          http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0c6830e7241f

          The code change for this bug looks good:
          http://hg.openjdk.java.net/jdk8/tl/jdk/diff/0c6830e7241f/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
          - sel.addPathToName(4, targetCertConstraints.getSubjectAsBytes());
          + byte[] subject = targetCertConstraints.getSubjectAsBytes();
          + if (subject != null) {
          + sel.addPathToName(4, subject);
          + } else {
          + X509Certificate cert = targetCertConstraints.getCertificate();
          + if (cert != null) {
          + sel.addPathToName(4,
          + cert.getSubjectX500Principal().getEncoded());
          + }
          + }
          Show
          yulixu Vivian Xu (Inactive) added a comment - BT2:EVALUATION This bug is a part of bug 6854712: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0c6830e7241f The code change for this bug looks good: http://hg.openjdk.java.net/jdk8/tl/jdk/diff/0c6830e7241f/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java - sel.addPathToName(4, targetCertConstraints.getSubjectAsBytes()); + byte[] subject = targetCertConstraints.getSubjectAsBytes(); + if (subject != null) { + sel.addPathToName(4, subject); + } else { + X509Certificate cert = targetCertConstraints.getCertificate(); + if (cert != null) { + sel.addPathToName(4, + cert.getSubjectX500Principal().getEncoded()); + } + }

            People

            • Assignee:
              mullan Sean Mullan
              Reporter:
              xuelei Xue-Lei Fan
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: