RFR: 8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized

Weijun Wang weijun at openjdk.java.net
Thu Jan 20 18:26:13 UTC 2022


Set `output_token` to empty. It is always accessed (even for a `GSS_S_FAILURE`) at https://github.com/openjdk/jdk/blob/cfa3f7493149170f2b23a516bc95110dab43fd06/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c#L1160.

-------------

Commit messages:
 - 8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized

Changes: https://git.openjdk.java.net/jdk/pull/7163/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7163&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8280401
  Stats: 5 lines in 1 file changed: 4 ins; 0 del; 1 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7163.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7163/head:pull/7163

PR: https://git.openjdk.java.net/jdk/pull/7163



More information about the security-dev mailing list