RFR (XS) JDK-8231387 "java.security.Provider.getService returns random result due to race condition with mutating methods in the same class"

Valerie Peng valerie.peng at oracle.com
Wed Sep 25 04:40:56 UTC 2019


Great, the update looks good.

Thanks,
Valerie
On 9/24/2019 5:49 PM, Hohensee, Paul wrote:
>
> Thank you, Valerie. :)
>
> The patch needs a test, however, so I added a slightly modified 
> version of Tianmin’s reproducer. New webrev at
>
> http://cr.openjdk.java.net/~phh/8231387/webrev.01/
>
> The test fails without the fix.
>
> *From: *Valerie Peng <valerie.peng at oracle.com>
> *Organization: *Oracle Corporation
> *Date: *Tuesday, September 24, 2019 at 3:03 PM
> *To: *"Hohensee, Paul" <hohensee at amazon.com>, 
> "security-dev at openjdk.java.net" <security-dev at openjdk.java.net>
> *Subject: *Re: RFR (XS) JDK-8231387 "java.security.Provider.getService 
> returns random result due to race condition with mutating methods in 
> the same class"
>
> I am the security reviewer that you need. One should be enough. ;)
>
> Valerie
>
> On 9/24/2019 2:37 PM, Hohensee, Paul wrote:
>
>     Yes, I’ll sponsor. Though it looks ok to me, I’m not a security
>     expert, so do we need another security reviewer?
>
>     *From: *security-dev <security-dev-bounces at openjdk.java.net>
>     <mailto:security-dev-bounces at openjdk.java.net> on behalf of
>     Valerie Peng <valerie.peng at oracle.com>
>     <mailto:valerie.peng at oracle.com>
>     *Organization: *Oracle Corporation
>     *Date: *Tuesday, September 24, 2019 at 2:17 PM
>     *To: *"security-dev at openjdk.java.net"
>     <mailto:security-dev at openjdk.java.net>
>     <security-dev at openjdk.java.net> <mailto:security-dev at openjdk.java.net>
>     *Subject: *Re: RFR (XS) JDK-8231387
>     "java.security.Provider.getService returns random result due to
>     race condition with mutating methods in the same class"
>
>     Changes look fine. I suppose Paul will help sponsoring the fix as
>     he is listed as the RE for 8231387?
>
>     Thanks,
>     Valerie
>
>     On 9/24/2019 12:36 PM, Shi, Tianmin wrote:
>
>         Hi
>
>         Can someone help reviewing this fix?
>
>         Bug: https://bugs.openjdk.java.net/browse/JDK-8231387
>
>         Webrev: http://cr.openjdk.java.net/~phh/8231387/webrev.00/
>
>         Thank you,
>
>         Tianmin Shi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20190924/d46ed109/attachment.html>


More information about the security-dev mailing list