Skip to content

Avoid NPEs in JavaNetAuthenticator #9100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Avoid NPEs in JavaNetAuthenticator #9100

wants to merge 1 commit into from
+82 −13

Conversation

@DanielThomas
Copy link

Configuring JavaNetAuthenticator as the proxyAuthenticator when using the default ProxySelector causes NPEs to be thrown because the socket addresses returned are unresolved:

Exception in thread "main" java.lang.NullPointerException: address() as InetSocketAddress).address must not be null
	at okhttp3.internal.authenticator.JavaNetAuthenticator.connectToInetAddress(JavaNetAuthenticator.kt:91)
	at okhttp3.internal.authenticator.JavaNetAuthenticator.authenticate(JavaNetAuthenticator.kt:53)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.followUpRequest(RetryAndFollowUpInterceptor.kt:220)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:108)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
	at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)

The implementation could also NPE on a 407 from an non-proxy host, so I've handled this too.
@DanielThomas DanielThomas force-pushed the dannyt/proxy-authenticate-fixes branch from 54448bb to 415ab5c Compare October 3, 2025 02:21
swankjesse
swankjesse reviewed Oct 3, 2025
View reviewed changes
okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/authenticator/JavaNetAuthenticator.kt
else -> {
val socketAddress = address() as InetSocketAddress
if (socketAddress.isUnresolved) {
dns.lookup(socketAddress.hostString).first()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this resolving the DNS address? I don’t think we guarantee that we’ll use this same resolved address later when we connect
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahhh, I see from your stack trace. Hmmmmm.....
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let’s just change this function to return InetAddress? ?
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that’s what this should do. Authenticator.requestPasswordAuthentication is even documented as such.

addr – The InetAddress of the site requesting authorization, or null if not known.
swankjesse
swankjesse requested changes Oct 3, 2025
View reviewed changes
okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/authenticator/JavaNetAuthenticator.kt
else -> {
val socketAddress = address() as InetSocketAddress
if (socketAddress.isUnresolved) {
dns.lookup(socketAddress.hostString).first()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let’s just change this function to return InetAddress? ?
okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/authenticator/JavaNetAuthenticator.kt
else -> {
val socketAddress = address() as InetSocketAddress
if (socketAddress.isUnresolved) {
dns.lookup(socketAddress.hostString).first()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that’s what this should do. Authenticator.requestPasswordAuthentication is even documented as such.

addr – The InetAddress of the site requesting authorization, or null if not known.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants

@DanielThomas @swankjesse @yschimke