RFR - 8028627: Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings

Rob McKenna rob.mckenna at oracle.com
Fri May 16 14:29:44 UTC 2014


Hi folks,

The synopsis says it all really. There is an unsynchronized code path 
from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store 
codebase mappings. While this bug is extremely unlikely to manifest we 
have a couple of reports of it in the wild.

As you can see from the following webrev I'm simply syncing on the 
WeakHashMap.

http://cr.openjdk.java.net/~robm/8028627/webrev.01/

     -Rob




More information about the security-dev mailing list