Skip to content

Avoid NPEs in JavaNetAuthenticator#9100

Open
DanielThomas wants to merge 2 commits intosquare:masterfrom
DanielThomas:dannyt/proxy-authenticate-fixes
Open

Avoid NPEs in JavaNetAuthenticator#9100
DanielThomas wants to merge 2 commits intosquare:masterfrom
DanielThomas:dannyt/proxy-authenticate-fixes

Conversation

@DanielThomas
Copy link

@DanielThomas DanielThomas commented Oct 3, 2025

Configuring JavaNetAuthenticator as the proxyAuthenticator when using the default ProxySelector causes NPEs to be thrown because the socket addresses returned are unresolved:

Exception in thread "main" java.lang.NullPointerException: address() as InetSocketAddress).address must not be null
	at okhttp3.internal.authenticator.JavaNetAuthenticator.connectToInetAddress(JavaNetAuthenticator.kt:91)
	at okhttp3.internal.authenticator.JavaNetAuthenticator.authenticate(JavaNetAuthenticator.kt:53)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.followUpRequest(RetryAndFollowUpInterceptor.kt:220)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:108)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
	at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)

The implementation could also NPE on a 407 from an non-proxy host, so I've handled this too.

@DanielThomas DanielThomas force-pushed the dannyt/proxy-authenticate-fixes branch from 54448bb to 415ab5c Compare October 3, 2025 02:21
swankjesse
swankjesse reviewed Oct 3, 2025
View reviewed changes
okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/authenticator/JavaNetAuthenticator.kt
else -> {
val socketAddress = address() as InetSocketAddress
if (socketAddress.isUnresolved) {
dns.lookup(socketAddress.hostString).first()
Copy link
Collaborator

@swankjesse swankjesse Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this resolving the DNS address? I don’t think we guarantee that we’ll use this same resolved address later when we connect

Copy link
Collaborator

@swankjesse swankjesse Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahhh, I see from your stack trace. Hmmmmm.....

Copy link
Collaborator

@swankjesse swankjesse Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let’s just change this function to return InetAddress? ?

Copy link
Collaborator

@swankjesse swankjesse Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that’s what this should do. Authenticator.requestPasswordAuthentication is even documented as such.

addr – The InetAddress of the site requesting authorization, or null if not known.

swankjesse
swankjesse requested changes Oct 3, 2025
View reviewed changes
okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/authenticator/JavaNetAuthenticator.kt
else -> {
val socketAddress = address() as InetSocketAddress
if (socketAddress.isUnresolved) {
dns.lookup(socketAddress.hostString).first()
Copy link
Collaborator

@swankjesse swankjesse Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let’s just change this function to return InetAddress? ?

okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/authenticator/JavaNetAuthenticator.kt
else -> {
val socketAddress = address() as InetSocketAddress
if (socketAddress.isUnresolved) {
dns.lookup(socketAddress.hostString).first()
Copy link
Collaborator

@swankjesse swankjesse Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that’s what this should do. Authenticator.requestPasswordAuthentication is even documented as such.

addr – The InetAddress of the site requesting authorization, or null if not known.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yschimke yschimke yschimke left review comments

@swankjesse swankjesse swankjesse requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DanielThomas @swankjesse @yschimke