Code review request, 7155051 jndi/dns, DNS provider may return incorrect results
Xuelei Fan
Xuelei.Fan at Oracle.Com
Tue Mar 20 03:29:51 PDT 2012
Thanks for the review, Chris and Weijun.
Xuelei
On Mar 20, 2012, at 1:13 PM, Chris Hegarty <chris.hegarty at oracle.com> wrote:
> On 19/03/12 18:47, Xuelei Fan wrote:
>> Hi,
>>
>> Please review the fix:
>> webrev: http://cr.openjdk.java.net/~xuelei/7155051/webrev.00/
>
> Wow, strange this wasn't seen before.
>
> The change looks fine to me.
>
> -Chris.
>
>>
>> Cause of the issue:
>>
>> The DNS provider attempts to check the XID of the response to make sure
>> the response received from the server matches the requested XID. If the
>> response's XID does not match, the DNS provider caches the response in
>> case another thread needs it. However, the response is cached with the
>> incorrect XID. Therefore, when the lookup code continues, the current
>> request receives an incorrect response.
>>
>>
>> Thanks,
>> Xuelei Fan
More information about the security-dev
mailing list