[7u] Request for approval for CR 8012082: SASL: auth-conf negotiated, but unencrypted data is accepted, reset to unencrypt
Weijun Wang
weijun.wang at oracle.com
Tue May 7 23:24:04 PDT 2013
Hi All
This is a request to backport a jdk8 fix into jdk7u-dev.
8012082: SASL: auth-conf negotiated, but unencrypted data is accepted,
reset to unencrypt
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8012082
The qop (quality of protection) value is shared between wrap and unwrap,
so the protection level of an incoming message will be used as the one
of an outgoing message. The result is something like "if you don't care
neither do I", but actually it should be "I care no matter what you do".
The fix is already included in jdk8 as:
http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ae4a82e69da2
Reviewed-by: vinnie
The patch for jdk7u-dev is identical to the one in jdk8.
The fix is low-risk, and isolated. new regression test added. Existing
tests also run fine.
Thanks
Weijun
More information about the jdk7u-dev
mailing list