Code review request: 8012082: SASL auth-conf negotiated, but unencrypted data is accepted, reset to unencrypt
Vincent Ryan
Vincent.X.Ryan at Oracle.Com
Wed May 1 11:26:28 UTC 2013
Your fix looks good Max.
On 1 May 2013, at 11:31, Weijun Wang wrote:
> Ping again.
>
> On 4/19/13 8:56 AM, Weijun Wang wrote:
>> Resubmitted at http://cr.openjdk.java.net/~weijun/8012082/webrev.01/.
>>
>> Now, when unwrap is called, it does *not* check if the message received
>> matches the QoP. So when auth-conf is negotiated, one side can send an
>> unencrypted token and the other side will accept it. It just will not
>> forget its own QoP.
>>
>> This is the same behavior as Cyrus SASL and GNU SASL.
>>
>> Thanks
>> Max
>>
>> On 4/18/13 12:19 PM, Weijun Wang wrote:
>>> Webrev withdrawn. I'm studying the behavior of several third-party SASL
>>> impls to see how they deal with this.
>>>
>>> Stay tuned.
>>>
>>> -Max
>>>
>>> On 4/17/13 6:39 PM, Weijun Wang wrote:
>>>> Hi Valerie or Vinnie
>>>>
>>>> Please take a review on this fix
>>>>
>>>> http://cr.openjdk.java.net/~weijun/8012082/webrev.00/
>>>>
>>>> Bug is
>>>>
>>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8012082
>>>>
>>>> The problem is that a single MessageProp is used in all wrap and unwrap
>>>> calls and the output value is not checked.
>>>>
>>>> After the output check, it looks like it's OK to share the MessageProp
>>>> object (because once it's changed, an exception is thrown), but I create
>>>> one for each wrap/unwrap to be safe and clean, and I don't know if there
>>>> are applications trying to "recover" from an exception.
>>>>
>>>> This is not a security issue, it's after the peer establishing the
>>>> security context, therefore already authenticated.
>>>>
>>>> Thanks
>>>> Max
More information about the security-dev
mailing list