JDK-8246193 : Possible NPE in ENC-PA-REP search in AS-REQ
  • Type: Bug
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: openjdk8u262,11.0.7
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2020-05-30
  • Updated: 2020-10-12
  • Resolved: 2020-05-31
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 15 JDK 8 Other
11.0.9-oracleFixed 15 b26Fixed 8u270Fixed openjdk8u272Fixed
Related Reports
Relates :  
JDK-8215032 - Support Kerberos cross-realm referrals (RFC 6806)
Description
In Kerberos Referral, if ENC-PA-REP is sent in AS-REQ it also should be in AS-REP. An NPE might be thrown in this check if the AS-REQ does not contain any PA-DATA at all.
Comments
Critical Fix Request (8u) I'd like to make a critical request to have this bug fix in 8u. The reason is that several real Kerberos use-cases are broken and we need this fix to stabilize Kerberos. Patch does not apply cleanly but a review has been done: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-September/012615.html No regressions observed in sun/security/krb5. The risk is low because the fix is very specific and limited.
02-09-2020
8u code review: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-July/012177.html
27-08-2020
Fix request (11u) -- will label after testing completed. I would like to downport this for parity with 11.0.9-oracle. Applies clean except for the copyright in test KDC.java.
22-06-2020
URL: https://hg.openjdk.java.net/jdk/jdk/rev/7136c4d29901 User: weijun Date: 2020-05-31 02:13:35 +0000
31-05-2020