RFR 8130720: BadKDC1 failed again

Xuelei Fan xuelei.fan at oracle.com
Wed Jul 8 02:34:23 UTC 2015


Looks fine to me.

Xuelei

On 7/8/2015 10:25 AM, Weijun Wang wrote:
> Hi All
> 
> Please review the fix at
> 
>    http://cr.openjdk.java.net/~weijun/8130720/webrev.00/
> 
> As the bug description [1] says, at this stage, when k1 and k2 are on,
> although the most likely output is 1212 (try #1 without preauth,
> succeeds; try #1 with preauth, succeed), the actual output we spotted in
> a test run 122212 (try #1 without preauth, timeout; try #2 without
> preauth, succeed; try #1 with preauth, succeed) is still possible.
> 
> It will be a mess to list all possible outputs because of possible
> timeout at each request and its different consequences. In the case, the
> list is "(12(12){1,2}|122232-)". The main reason I want to add a new
> output is that compare to 122232- (timeout at #1, timeout at #2, timeout
> at #3, fail at last), 122212 is much more likely to happen.
> 
> Thanks
> Max
> 
> [1] https://bugs.openjdk.java.net/browse/JDK-8130720



More information about the security-dev mailing list