[PATCH] JDK-8194630: Uninitialized initiator_address in native GSS

Jan Kalina jkalina at redhat.com
Thu Feb 22 10:49:18 UTC 2018


Ok, thanks Valerie!
Sorry for spam, I has supposed my previous email was not considered to be
patch.

Martin:
As this is way how it is initialized in other places, I has not considered
it.
http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/59e88d3b9b17/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c#l132

Follows fixed version - tested and works ok - keeping on Valerie which
version will be used:

---------------------------------------------
diff --git a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
--- a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
+++ b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
@@ -169,6 +169,9 @@
   // initialize addrtype in CB first
   cb->initiator_addrtype = GSS_C_AF_NULLADDR;
   cb->acceptor_addrtype = GSS_C_AF_NULLADDR;
+  // addresses needs to be initialized to empty
+  memset(&cb->initiator_address, 0, sizeof(cb->initiator_address));
+  memset(&cb->acceptor_address, 0, sizeof(cb->acceptor_address));

   /* set up initiator address */
   jinetAddr = (*env)->CallObjectMethod(env, jcb,
---------------------------------------------

On Wed, Feb 21, 2018 at 7:26 PM, Martin Balao <mbalao at redhat.com> wrote:

> Have you considered zeroizing the whole "gss_channel_bindings_t" structure
> with memset? So we don't have problem if new fields are eventually added.
>
> On Wed, Feb 21, 2018 at 1:39 PM, Jan Kalina <jkalina at redhat.com> wrote:
>
>> I has prepared fix for bug related to using native GSS API.
>> Uninitialized fields causes JVM crash or authentication failing.
>>
>> Bug consequences are more described in bugreport:
>> https://bugs.openjdk.java.net/browse/JDK-8194630
>> Reproducer is attached to bugreport too.
>>
>> Would anyone be interested in reviewing/sponsoring this change?
>> It would be really great to get this into JDK 9 and above.
>> (I am covered by Red Hat OCA.)
>>
>> Thanks for your response!
>>
>> PATCH:
>> ----------------------------------------------
>> diff --git a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
>> b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
>> --- a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
>> +++ b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
>> @@ -169,6 +169,11 @@
>>    // initialize addrtype in CB first
>>    cb->initiator_addrtype = GSS_C_AF_NULLADDR;
>>    cb->acceptor_addrtype = GSS_C_AF_NULLADDR;
>> +  // addresses needs to be initialized to empty
>> +  cb->initiator_address.length = 0;
>> +  cb->initiator_address.value = NULL;
>> +  cb->acceptor_address.length = 0;
>> +  cb->acceptor_address.value = NULL;
>>
>>    /* set up initiator address */
>>    jinetAddr = (*env)->CallObjectMethod(env, jcb,
>> ----------------------------------------------
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20180222/a704a162/attachment.html>


More information about the security-dev mailing list