RFR: 8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 [v3]
Rajan Halade
rhalade at openjdk.org
Tue Feb 27 21:42:55 UTC 2024
On Tue, 27 Feb 2024 21:09:04 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Add a `memset` after memory is successfully allocated.
>>
>> No regression test, hard to write without a KDC.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> no need to zero again for some fields
src/java.security.jgss/share/native/libj2gss/GSSLibStub.c line 213:
> 211: if ((*env)->IsInstanceOf(env, jcb, tlsCBCl)) {
> 212: // TLS Channel Binding requires unspecified addrtype=0
> 213: cb->initiator_addrtype = GSS_C_AF_UNSPEC;
Thanks for the update. I suggest not to remove this assignment as it helps understand the flow. Or if you prefer it then invert if condition to cover else part and avoid empty if block.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18015#discussion_r1505039772
More information about the security-dev
mailing list