Bug JDK-8176553

Aleksei Efimov aleksej.efimov at oracle.com
Tue Jun 21 15:30:17 UTC 2022 

Hi Ricardo,

Thank you for discovering and reproducing the issue - it looks like JDK-8176553 was incomplete in solving how referrals are limited. At first glance the attached patch (fix + test) looks like a good change to have - I think it is PR worthy :)
I've logged a bug for your change - https://bugs.openjdk.org/browse/JDK-8288895.

Best,
Aleksei

________________________________
From: core-libs-dev <core-libs-dev-retn at openjdk.org> on behalf of Sean Mullan <sean.mullan at oracle.com>
Sent: Friday, June 17, 2022 3:15 PM
To: core-libs-dev <core-libs-dev at openjdk.java.net>
Subject: Fwd: Bug JDK-8176553

[reposting to core-libs-dev as this is in the JNDI/LDAP component]


-------- Forwarded Message --------
Subject: Bug JDK-8176553
Date: Fri, 17 Jun 2022 14:23:11 +0200
From: Ricardo Martin Camarero <rmartinc at redhat.com>
To: security-dev at openjdk.org

Hi!

I decided to send an email to the security-dev email list as ldap is
involved. Please redirect me to other list if it is not the proper audience.

The last last days I have faced the same issue that is commented in
JDK-8176553 [1]. Although it is cataloged as fixed in 12, the issue is
not solved in the openjdk master branch yet. You can test with this
simple project [2]. The project is using apache-ds and creating 12
branches with redirects from one to the other. The search should be
limited to 5 hops but you will see that all of them are followed (12).
Therefore, If there are loops, the search hangs indefinitely. So
JDK-8176553 is not fixed completely. You just need `mvn clean test` to
reproduce the problem in that project.

I have investigated and I think the attached little patch fixes the
issue. Mainly the `LdapReferralException` is not stopping the referral
loop in some situations. I have added a test in the jndi jtreg
test-suite to check everything works OK; `make test
TEST=jtreg:jdk/com/sun/jndi/ldap/ReferralLimitSearchTest.java`

WDYT? Is the PR worthy?

Thanks in advance!


[1] https://bugs.openjdk.org/browse/JDK-8176553
[2]
https://urldefense.com/v3/__https://github.com/rmartinc/apache-ds-referrals__;!!ACWV5N9M2RV99hQ!IZkp5q_gOAeIP8Y9Gvr8aniLloG51lZJwlG1yN6BRDyHHLpyr0W64TDMUPAzoPu7dOBOyJrNcKYmwaOF9REM3oA$

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20220621/ab9ed49a/attachment.htm>

More information about the core-libs-dev mailing list