RFR 8130720: BadKDC1 failed again
Weijun Wang
weijun.wang at oracle.com
Wed Jul 8 02:25:31 UTC 2015
Hi All
Please review the fix at
http://cr.openjdk.java.net/~weijun/8130720/webrev.00/
As the bug description [1] says, at this stage, when k1 and k2 are on,
although the most likely output is 1212 (try #1 without preauth,
succeeds; try #1 with preauth, succeed), the actual output we spotted in
a test run 122212 (try #1 without preauth, timeout; try #2 without
preauth, succeed; try #1 with preauth, succeed) is still possible.
It will be a mess to list all possible outputs because of possible
timeout at each request and its different consequences. In the case, the
list is "(12(12){1,2}|122232-)". The main reason I want to add a new
output is that compare to 122232- (timeout at #1, timeout at #2, timeout
at #3, fail at last), 122212 is much more likely to happen.
Thanks
Max
[1] https://bugs.openjdk.java.net/browse/JDK-8130720
More information about the security-dev
mailing list