[PATCH] JDK-8194630: Uninitialized initiator_address in native GSS

Jan Kalina jkalina at redhat.com
Wed Feb 21 16:39:49 UTC 2018


I has prepared fix for bug related to using native GSS API.
Uninitialized fields causes JVM crash or authentication failing.

Bug consequences are more described in bugreport:
https://bugs.openjdk.java.net/browse/JDK-8194630
Reproducer is attached to bugreport too.

Would anyone be interested in reviewing/sponsoring this change?
It would be really great to get this into JDK 9 and above.
(I am covered by Red Hat OCA.)

Thanks for your response!

PATCH:
----------------------------------------------
diff --git a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
--- a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
+++ b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
@@ -169,6 +169,11 @@
   // initialize addrtype in CB first
   cb->initiator_addrtype = GSS_C_AF_NULLADDR;
   cb->acceptor_addrtype = GSS_C_AF_NULLADDR;
+  // addresses needs to be initialized to empty
+  cb->initiator_address.length = 0;
+  cb->initiator_address.value = NULL;
+  cb->acceptor_address.length = 0;
+  cb->acceptor_address.value = NULL;

   /* set up initiator address */
   jinetAddr = (*env)->CallObjectMethod(env, jcb,
----------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20180221/ab621f6b/attachment.html>


More information about the security-dev mailing list