# HG changeset patch
# User weijun
# Date 1276750761 -28800
# Node ID 5b1c9a7c3b809fb6405cb334c6f49ed3e05b9baa
# Parent  0b0cdd787307995255bde8f82567125bdf2e3bcf
6958060: Malformed AP-REQ crashes acceptor side
Reviewed-by: valeriep, xuelei

diff -r 0b0cdd787307 -r 5b1c9a7c3b80 jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java
--- a/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java	Thu Jun 17 12:59:14 2010 +0800
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java	Thu Jun 17 12:59:21 2010 +0800
@@ -35,7 +35,6 @@
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import sun.security.krb5.*;
-import sun.security.jgss.HttpCaller;
 import sun.security.krb5.internal.Krb5;
 
 abstract class InitialToken extends Krb5Token {
@@ -217,6 +216,12 @@
 
             int pos = 0;
 
+            if (checksum == null) {
+                GSSException ge = new GSSException(GSSException.FAILURE, -1,
+                        "No cksum in AP_REQ's authenticator");
+                ge.initCause(new KrbException(Krb5.KRB_AP_ERR_INAPP_CKSUM));
+                throw ge;
+            }
             checksumBytes = checksum.getBytes();
 
             if ((checksumBytes[0] != CHECKSUM_FIRST_BYTES[0]) ||