RFR - 8028627: Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings
Rob McKenna
rob.mckenna at oracle.com
Fri May 16 14:29:44 UTC 2014
Hi folks,
The synopsis says it all really. There is an unsynchronized code path
from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store
codebase mappings. While this bug is extremely unlikely to manifest we
have a couple of reports of it in the wild.
As you can see from the following webrev I'm simply syncing on the
WeakHashMap.
http://cr.openjdk.java.net/~robm/8028627/webrev.01/
-Rob
More information about the security-dev
mailing list