<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Aleksei!</p>
<p><br>
</p>
<p>Thanks for looking this! I have submitted a PR:
<a class="moz-txt-link-freetext" href="https://urldefense.com/v3/__https://github.com/openjdk/jdk/pull/9256__;!!ACWV5N9M2RV99hQ!N6w6ddmLGzMwLtn4iF3iQBiba655wOSbjHMcPnGTfRKHGoRJrUBsjlMfQrNWSGsdq52zIquCT_9Yx2z4G8NGMeYI$">https://github.com/openjdk/jdk/pull/9256</a></p>
<p><br>
</p>
<p>Best regards!</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 6/21/22 17:30, Aleksei Efimov wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CY4PR1001MB237645CBEE5610892A0A5F3FECB39@CY4PR1001MB2376.namprd10.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)" class="elementToProof">
Hi Ricardo,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)" class="elementToProof">
<div><br>
</div>
<div>Thank you for discovering and reproducing the issue - it
looks like JDK-8176553 was incomplete in solving how referrals
are limited. At first glance the attached patch (fix + test)
looks like a good change to have - I think it is PR worthy :)</div>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)" class="elementToProof">
I've logged a bug for your change - <a
href="https://bugs.openjdk.org/browse/JDK-8288895"
id="LPlnk116822" moz-do-not-send="true"
class="moz-txt-link-freetext">
https://bugs.openjdk.org/browse/JDK-8288895</a>.<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)" class="elementToProof">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)" class="elementToProof">
Best,
<div>Aleksei</div>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b>
core-libs-dev <a class="moz-txt-link-rfc2396E" href="mailto:core-libs-dev-retn@openjdk.org"><core-libs-dev-retn@openjdk.org></a> on behalf
of Sean Mullan <a class="moz-txt-link-rfc2396E" href="mailto:sean.mullan@oracle.com"><sean.mullan@oracle.com></a><br>
<b>Sent:</b> Friday, June 17, 2022 3:15 PM<br>
<b>To:</b> core-libs-dev
<a class="moz-txt-link-rfc2396E" href="mailto:core-libs-dev@openjdk.java.net"><core-libs-dev@openjdk.java.net></a><br>
<b>Subject:</b> Fwd: Bug JDK-8176553</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span
style="font-size:11pt">
<div class="PlainText">[reposting to core-libs-dev as this
is in the JNDI/LDAP component]<br>
<br>
<br>
-------- Forwarded Message --------<br>
Subject: Bug JDK-8176553<br>
Date: Fri, 17 Jun 2022 14:23:11 +0200<br>
From: Ricardo Martin Camarero <a class="moz-txt-link-rfc2396E" href="mailto:rmartinc@redhat.com"><rmartinc@redhat.com></a><br>
To: <a class="moz-txt-link-abbreviated" href="mailto:security-dev@openjdk.org">security-dev@openjdk.org</a><br>
<br>
Hi!<br>
<br>
I decided to send an email to the security-dev email list
as ldap is<br>
involved. Please redirect me to other list if it is not
the proper audience.<br>
<br>
The last last days I have faced the same issue that is
commented in<br>
JDK-8176553 [1]. Although it is cataloged as fixed in 12,
the issue is<br>
not solved in the openjdk master branch yet. You can test
with this<br>
simple project [2]. The project is using apache-ds and
creating 12<br>
branches with redirects from one to the other. The search
should be<br>
limited to 5 hops but you will see that all of them are
followed (12).<br>
Therefore, If there are loops, the search hangs
indefinitely. So<br>
JDK-8176553 is not fixed completely. You just need `mvn
clean test` to<br>
reproduce the problem in that project.<br>
<br>
I have investigated and I think the attached little patch
fixes the<br>
issue. Mainly the `LdapReferralException` is not stopping
the referral<br>
loop in some situations. I have added a test in the jndi
jtreg<br>
test-suite to check everything works OK; `make test<br>
TEST=jtreg:jdk/com/sun/jndi/ldap/ReferralLimitSearchTest.java`<br>
<br>
WDYT? Is the PR worthy?<br>
<br>
Thanks in advance!<br>
<br>
<br>
[1] <a href="https://bugs.openjdk.org/browse/JDK-8176553"
data-auth="NotApplicable" moz-do-not-send="true"
class="moz-txt-link-freetext">
https://bugs.openjdk.org/browse/JDK-8176553</a><br>
[2] <br>
<a
href="https://urldefense.com/v3/__https://github.com/rmartinc/apache-ds-referrals__;!!ACWV5N9M2RV99hQ!IZkp5q_gOAeIP8Y9Gvr8aniLloG51lZJwlG1yN6BRDyHHLpyr0W64TDMUPAzoPu7dOBOyJrNcKYmwaOF9REM3oA$"
data-auth="NotApplicable" moz-do-not-send="true"
class="moz-txt-link-freetext">https://urldefense.com/v3/__https://github.com/rmartinc/apache-ds-referrals__;!!ACWV5N9M2RV99hQ!IZkp5q_gOAeIP8Y9Gvr8aniLloG51lZJwlG1yN6BRDyHHLpyr0W64TDMUPAzoPu7dOBOyJrNcKYmwaOF9REM3oA$</a>
<br>
<br>
</div>
</span></font></div>
</blockquote>
<div class="moz-signature">-- <br>
<style> @import url(https://static.redhat.com/libs/redhat/redhat-font/latest/webfonts/red-hat-font.css); </style>
<p class="fullname-container" style="font-weight:bold; margin:0;
padding:0; font-size: 14px; text-transform: capitalize;
margin-bottom:0; font-family:'RedHatText', sans-serif;"> <span
class="firstname-container">Ricardo</span> <span
class="lastname-container">Martín Camarero</span><span
class="cert" style="color:#aaa; margin:0;"></span>
</p>
<p class="pronoun-container" style="font-weight: normal;
font-size: 12px; margin: 0px 0px 4px; text-transform:
capitalize; font-family: "RedHatText", sans-serif;"> </p>
<p class="position-container" style="font-weight: normal;
font-size: 12px; margin: 0px; text-transform: capitalize;
font-family: "RedHatText", sans-serif;"> <span
class="position">Software Engineer</span>
</p>
<p class="legal-container" style="font-weight:normal;
margin:0;margin-bottom:4px; font-size:12px;
font-family:'RedHatText', sans-serif;"> <a class="redhat-anchor" style="color:#0088ce;font-size:12px;margin:0;text-decoration:none;font-family:'RedHatText',
sans-serif;" href="https://urldefense.com/v3/__https://www.redhat.com__;!!ACWV5N9M2RV99hQ!N6w6ddmLGzMwLtn4iF3iQBiba655wOSbjHMcPnGTfRKHGoRJrUBsjlMfQrNWSGsdq52zIquCT_9Yx2z4GwU3RyqW$" target="_blank">Red
Hat <span></span></a>
</p>
<table cell-padding="0" cell-spacing="0" style="margin-top:12px;"
border="0">
<tbody>
<tr>
<td width="100px"><a href="https://urldefense.com/v3/__https://www.redhat.com__;!!ACWV5N9M2RV99hQ!N6w6ddmLGzMwLtn4iF3iQBiba655wOSbjHMcPnGTfRKHGoRJrUBsjlMfQrNWSGsdq52zIquCT_9Yx2z4GwU3RyqW$"> <img
src="https://www.redhat.com/profiles/rh/themes/redhatdotcom/img/logo-red-hat-black.png"
width="90" height="auto"></a> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>