Bug JDK-8176553
Ricardo Martin Camarero
rmartinc at redhat.com
Fri Jun 17 12:23:11 UTC 2022
Hi!
I decided to send an email to the security-dev email list as ldap is
involved. Please redirect me to other list if it is not the proper audience.
The last last days I have faced the same issue that is commented in
JDK-8176553 [1]. Although it is cataloged as fixed in 12, the issue is
not solved in the openjdk master branch yet. You can test with this
simple project [2]. The project is using apache-ds and creating 12
branches with redirects from one to the other. The search should be
limited to 5 hops but you will see that all of them are followed (12).
Therefore, If there are loops, the search hangs indefinitely. So
JDK-8176553 is not fixed completely. You just need `mvn clean test` to
reproduce the problem in that project.
I have investigated and I think the attached little patch fixes the
issue. Mainly the `LdapReferralException` is not stopping the referral
loop in some situations. I have added a test in the jndi jtreg
test-suite to check everything works OK; `make test
TEST=jtreg:jdk/com/sun/jndi/ldap/ReferralLimitSearchTest.java`
WDYT? Is the PR worthy?
Thanks in advance!
[1] https://bugs.openjdk.org/browse/JDK-8176553
[2] https://urldefense.com/v3/__https://github.com/rmartinc/apache-ds-referrals__;!!ACWV5N9M2RV99hQ!IZkp5q_gOAeIP8Y9Gvr8aniLloG51lZJwlG1yN6BRDyHHLpyr0W64TDMUPAzoPu7dOBOyJrNcKYmwaOF9REM3oA$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 8176553.patch
Type: text/x-patch
Size: 9531 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20220617/605b3eec/8176553.patch>
More information about the security-dev
mailing list