Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7126011

ReverseBuilder.getMatchingCACerts may throws NPE

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 7
    • Fix Version/s: 8
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b43
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Description

      sun.security.provider.certpath.ReverseBuilder.getMatchingCACerts():
      222 sel.addPathToName(4, targetCertConstraints.getSubjectAsBytes());

      targetCertConstraints is an instance of X509CertSelector. X509CertSelector.getSubjectAsBytes() mey return null, as will result in X509CertSelector.addPathToName() throws NullPointerException.

      We may need to update the above code in case the subject in an X509CertSelector is null.

        Activity

        Hide
        mullan Sean Mullan added a comment -
        BT2:EVALUATION

        Will fix as part of JEP 124.
        Show
        mullan Sean Mullan added a comment - BT2:EVALUATION Will fix as part of JEP 124.
        Hide
        yulixu Vivian Xu (Inactive) added a comment -
        BT2:EVALUATION

        This bug is a part of bug 6854712:
        http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0c6830e7241f

        The code change for this bug looks good:
        http://hg.openjdk.java.net/jdk8/tl/jdk/diff/0c6830e7241f/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
        - sel.addPathToName(4, targetCertConstraints.getSubjectAsBytes());
        + byte[] subject = targetCertConstraints.getSubjectAsBytes();
        + if (subject != null) {
        + sel.addPathToName(4, subject);
        + } else {
        + X509Certificate cert = targetCertConstraints.getCertificate();
        + if (cert != null) {
        + sel.addPathToName(4,
        + cert.getSubjectX500Principal().getEncoded());
        + }
        + }
        Show
        yulixu Vivian Xu (Inactive) added a comment - BT2:EVALUATION This bug is a part of bug 6854712: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0c6830e7241f The code change for this bug looks good: http://hg.openjdk.java.net/jdk8/tl/jdk/diff/0c6830e7241f/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java - sel.addPathToName(4, targetCertConstraints.getSubjectAsBytes()); + byte[] subject = targetCertConstraints.getSubjectAsBytes(); + if (subject != null) { + sel.addPathToName(4, subject); + } else { + X509Certificate cert = targetCertConstraints.getCertificate(); + if (cert != null) { + sel.addPathToName(4, + cert.getSubjectX500Principal().getEncoded()); + } + }

          People

          • Assignee:
            mullan Sean Mullan
            Reporter:
            xuelei Xue-Lei Fan
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Imported:
              Indexed: