Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
8246193: Possible NPE in ENC-PA-REP search in AS-REQ
Reviewed-by: xuelei
  • Loading branch information
wangweij committed May 31, 2020
1 parent 4eeb612 commit 6212aea580fd018b9b7edecad9821c8208d2a12e
@@ -146,12 +146,14 @@ static void check(
boolean reqPaReqEncPaRep = false;
boolean repPaReqEncPaRepValid = false;

for (PAData pa : req.pAData) {
if (pa.getType() == Krb5.PA_REQ_ENC_PA_REP) {
// The KDC supports RFC 6806 and ENC-PA-REP was sent in
// the request (AS-REQ). A valid checksum is now required.
reqPaReqEncPaRep = true;
break;
if (req.pAData != null) {
for (PAData pa : req.pAData) {
if (pa.getType() == Krb5.PA_REQ_ENC_PA_REP) {
// The KDC supports RFC 6806 and ENC-PA-REP was sent in
// the request (AS-REQ). A valid checksum is now required.
reqPaReqEncPaRep = true;
break;
}
}
}

@@ -0,0 +1,41 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* @test
* @bug 8246193
* @summary Possible NPE in ENC-PA-REP search in AS-REQ
* @library /test/lib
* @compile -XDignore.symbol.file AlwaysEncPaReq.java
* @run main jdk.test.lib.FileInstaller TestHosts TestHosts
* @run main/othervm -Dtest.kdc.always.enc.pa.rep
* -Djdk.net.hosts.file=TestHosts AlwaysEncPaReq
*/

public class AlwaysEncPaReq {
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf()
.setOption(KDC.Option.PREAUTH_REQUIRED, false);
Context.fromJAAS("client");
}
}
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1168,6 +1168,9 @@ protected byte[] processAsReq(byte[] in) throws Exception {
bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
}
bFlags[Krb5.TKT_OPTS_INITIAL] = true;
if (System.getProperty("test.kdc.always.enc.pa.rep") != null) {
bFlags[Krb5.TKT_OPTS_ENC_PA_REP] = true;
}

// Creating PA-DATA
DerValue[] pas2 = null, pas = null;

0 comments on commit 6212aea

Please sign in to comment.