RFR 8031111: fix krb5 caddr (and 8079821: MSOID2.java test is not perfect)
Weijun Wang
weijun.wang at oracle.com
Tue Jun 2 01:24:22 UTC 2015
On 06/02/2015 04:36 AM, Valerie Peng wrote:
>
> Some nit/questions for 8031111 webrev:
> In the test, why not use "noaddresses" since it's the one documented in
> the krb5 conf page?
I'll use noaddresses.
> If "noaddresses" is true, then the extra_addresses has no effect, right?
> I didn't see checking for the "noaddresses" in HostAddresses.java file.
> Is that done somewhere else?
The getLocalAddresses() method is only called in KrbAsReq as
if (addresses == null && cfg.useAddresses()) {
addresses = HostAddresses.getLocalAddresses();
}
cfg.useAddress() checks the noaddresses setting.
>
> As for 8079821 webrev, do u need to check nt[pos-1] for overflow as well
> when adding 1 to it?
I don't think it's worth doing. Overflow at nt[pos-1] means the size is
bigger than 65535 (or 32767, unsigned? Not sure at the momemnt) which is
impossible for a SPNEGO token. Furthermore, if we really want to worry
about it, we will need to expand the length octets from 2 bytes to 3
bytes and it will be much more complicated.
Thanks
Max
> Valerie
>
> On 5/8/2015 8:00 AM, Weijun Wang wrote:
>> Hi Valerie
>>
>> Please review the code change at
>>
>> http://cr.openjdk.java.net/~weijun/8031111/webrev.00/
>>
>> The codes to read local addresses are updated. We are also supporting
>> the extra_addresses krb5.conf setting.
>>
>> This code change triggers a bug (MSOID2.java) in a test I've recently
>> added, please also review the change at
>>
>> http://cr.openjdk.java.net/~weijun/8079821/webrev.00/
>>
>> Thanks
>> Max
More information about the security-dev
mailing list