RFR: 8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized
Weijun Wang
weijun at openjdk.java.net
Thu Jan 20 18:26:13 UTC 2022
Set `output_token` to empty. It is always accessed (even for a `GSS_S_FAILURE`) at https://github.com/openjdk/jdk/blob/cfa3f7493149170f2b23a516bc95110dab43fd06/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c#L1160.
-------------
Commit messages:
- 8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized
Changes: https://git.openjdk.java.net/jdk/pull/7163/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7163&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8280401
Stats: 5 lines in 1 file changed: 4 ins; 0 del; 1 mod
Patch: https://git.openjdk.java.net/jdk/pull/7163.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/7163/head:pull/7163
PR: https://git.openjdk.java.net/jdk/pull/7163
More information about the security-dev
mailing list