[7u] Request for approval for CR 8012082: SASL: auth-conf negotiated, but unencrypted data is accepted, reset to unencrypt
Dalibor Topic
dalibor.topic at oracle.com
Wed May 8 03:50:54 PDT 2013
On 5/8/13 8:24 AM, Weijun Wang wrote:
> Hi All
>
> This is a request to backport a jdk8 fix into jdk7u-dev.
>
> 8012082: SASL: auth-conf negotiated, but unencrypted data is accepted, reset to unencrypt
Approved.
cheers,
dalibor topic
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8012082
>
> The qop (quality of protection) value is shared between wrap and unwrap, so the protection level of an incoming message will be used as the one of an outgoing message. The result is something like "if you don't care neither do I", but actually it should be "I care no matter what you do".
>
> The fix is already included in jdk8 as:
>
> http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ae4a82e69da2
> Reviewed-by: vinnie
>
> The patch for jdk7u-dev is identical to the one in jdk8.
>
> The fix is low-risk, and isolated. new regression test added. Existing tests also run fine.
>
> Thanks
> Weijun
--
Oracle <http://www.oracle.com>
Dalibor Topic | Principal Product Manager
Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961 <tel:+491737185961>
Oracle Java Platform Group
ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Geschäftsführer: Jürgen Kunz
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to developing practices and products that help protect the environment
More information about the jdk7u-dev
mailing list