Fwd: Bug JDK-8176553
Sean Mullan
sean.mullan at oracle.com
Fri Jun 17 14:15:52 UTC 2022
[reposting to core-libs-dev as this is in the JNDI/LDAP component]
-------- Forwarded Message --------
Subject: Bug JDK-8176553
Date: Fri, 17 Jun 2022 14:23:11 +0200
From: Ricardo Martin Camarero <rmartinc at redhat.com>
To: security-dev at openjdk.org
Hi!
I decided to send an email to the security-dev email list as ldap is
involved. Please redirect me to other list if it is not the proper audience.
The last last days I have faced the same issue that is commented in
JDK-8176553 [1]. Although it is cataloged as fixed in 12, the issue is
not solved in the openjdk master branch yet. You can test with this
simple project [2]. The project is using apache-ds and creating 12
branches with redirects from one to the other. The search should be
limited to 5 hops but you will see that all of them are followed (12).
Therefore, If there are loops, the search hangs indefinitely. So
JDK-8176553 is not fixed completely. You just need `mvn clean test` to
reproduce the problem in that project.
I have investigated and I think the attached little patch fixes the
issue. Mainly the `LdapReferralException` is not stopping the referral
loop in some situations. I have added a test in the jndi jtreg
test-suite to check everything works OK; `make test
TEST=jtreg:jdk/com/sun/jndi/ldap/ReferralLimitSearchTest.java`
WDYT? Is the PR worthy?
Thanks in advance!
[1] https://bugs.openjdk.org/browse/JDK-8176553
[2]
https://urldefense.com/v3/__https://github.com/rmartinc/apache-ds-referrals__;!!ACWV5N9M2RV99hQ!IZkp5q_gOAeIP8Y9Gvr8aniLloG51lZJwlG1yN6BRDyHHLpyr0W64TDMUPAzoPu7dOBOyJrNcKYmwaOF9REM3oA$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 8176553.patch
Type: text/x-patch
Size: 9531 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20220617/c6c84ebc/8176553-0001.patch>
More information about the core-libs-dev
mailing list