RFR 8031111: fix krb5 caddr (and 8079821: MSOID2.java test is not perfect)

Weijun Wang weijun.wang at oracle.com
Tue Jun 2 01:24:22 UTC 2015

On 06/02/2015 04:36 AM, Valerie Peng wrote:
> Some nit/questions for 8031111 webrev:
> In the test, why not use "noaddresses" since it's the one documented in
> the krb5 conf page?

I'll use noaddresses.

> If "noaddresses" is true, then the extra_addresses has no effect, right?
> I didn't see checking for the "noaddresses" in HostAddresses.java file.
> Is that done somewhere else?

The getLocalAddresses() method is only called in KrbAsReq as

         if (addresses == null && cfg.useAddresses()) {
             addresses = HostAddresses.getLocalAddresses();

cfg.useAddress() checks the noaddresses setting.

> As for 8079821 webrev, do u need to check nt[pos-1] for overflow as well
> when adding 1 to it?

I don't think it's worth doing. Overflow at nt[pos-1] means the size is 
bigger than 65535 (or 32767, unsigned? Not sure at the momemnt) which is 
impossible for a SPNEGO token. Furthermore, if we really want to worry 
about it, we will need to expand the length octets from 2 bytes to 3 
bytes and it will be much more complicated.


> Valerie
> On 5/8/2015 8:00 AM, Weijun Wang wrote:
>> Hi Valerie
>> Please review the code change at
>>    http://cr.openjdk.java.net/~weijun/8031111/webrev.00/
>> The codes to read local addresses are updated. We are also supporting
>> the extra_addresses krb5.conf setting.
>> This code change triggers a bug (MSOID2.java) in a test I've recently
>> added, please also review the change at
>>    http://cr.openjdk.java.net/~weijun/8079821/webrev.00/
>> Thanks
>> Max

More information about the security-dev mailing list