-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 6u4
-
Component/s: security-libs
-
b25
-
sparc
-
solaris_2.5.1
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2158027 | 6u10 | Xuelei Fan | P3 | Resolved | Fixed | b12 |
| JDK-2159951 | 6u6 | Mala Bankal | P2 | Resolved | Fixed | b02 |
| JDK-2182178 | OpenJDK6 | Xuelei Fan | P3 | Resolved | Fixed | b17 |
1) Write a simple negative (junit) test that uses AccessController.checkPermission
public void testACCNeg() {
try {
AccessController.checkPermission(new TestPermission("nonExistPermission"));
fail("Authorzation check should have failed");
} catch (SecurityException se) {
// ignore
}
}
2) Run this test with -Djava.security.debug=failure, and you will see output similar to the following:
[java] TestCase: testACCNeg
[java] ERROR Message: java.lang.NullPointerException
[java] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:311)
[java] at java.security.AccessController.checkPermission(AccessController.java:546)
3) Here is the offending code in AccessController.java:
if (!dumpDebug) {
debug.println("access denied " + perm);
}
The conditional is incorrect and the field debug is null -- hence the NPE. The "!" should be removed.
Release Regression From : 6u3
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
Release Regression From : 6
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
Release Regression From : 6
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
public void testACCNeg() {
try {
AccessController.checkPermission(new TestPermission("nonExistPermission"));
fail("Authorzation check should have failed");
} catch (SecurityException se) {
// ignore
}
}
2) Run this test with -Djava.security.debug=failure, and you will see output similar to the following:
[java] TestCase: testACCNeg
[java] ERROR Message: java.lang.NullPointerException
[java] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:311)
[java] at java.security.AccessController.checkPermission(AccessController.java:546)
3) Here is the offending code in AccessController.java:
if (!dumpDebug) {
debug.println("access denied " + perm);
}
The conditional is incorrect and the field debug is null -- hence the NPE. The "!" should be removed.
Release Regression From : 6u3
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
Release Regression From : 6
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
Release Regression From : 6
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
- backported by
-
JDK-2159951 REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-