JDK-8163104 : Unexpected NPE still possible on some Kerberos ticket calls
Type:Bug
Component:security-libs
Sub-Component:javax.security
Affected Version:9
Priority:P4
Status:Closed
Resolution:Fixed
OS:generic
CPU:generic
Submitted:2016-08-03
Updated:2020-02-26
Resolved:2016-08-10
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
JDK-8147772 fixed up most NPE issues for KerberosTickets. Howerver, I think there are still some corner cases. Here's one example :
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java#238
Comments
Dev engineer has suggested that methods like Krb5InitCredential::getInitLifeTime should return 0 if null pointer is encountered (ticket destroyed scenario). if code is calling this method without checking isDestroyed() first, this will convince end user that the ticket is no longer usable.
There are a few other related calls that need tightening also