RFR: 8356997: /etc/krb5.conf parser should not forbid include/includedir directives after sections [v2]
Mikhail Yankelevich
myankelevich at openjdk.org
Thu May 29 09:32:51 UTC 2025
On Wed, 28 May 2025 15:25:27 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.security.jgss/share/classes/sun/security/krb5/Config.java line 774:
>>
>>> 772: result.add(previous);
>>> 773: unwritten.forEach(result::add);
>>> 774: unwritten.clear();
>>
>> I don't think this code is covered by the tests at all.
>> I have found 2 simple ways to test it:
>> 1. change the line 62-66 in IncludeDup from
>> ```java
>> for (var inc : List.of("outside", "beginsec", "insec", "insec2",
>> "insubsec", "endsubsec", "endsec")) {
>> Files.writeString(Path.of(inc), String.format("""
>> [a]
>> b = {
>> c = %s
>> }
>> """, inc));
>> }
>>
>> to
>> ```
>> for (var inc : List.of("outside", "beginsec", "insec", "insec2",
>> "insubsec", "endsubsec", "endsec")) {
>> Files.writeString(Path.of(inc), String.format("""
>> [a]
>> b =
>> { c = %s
>> }
>> """, inc));
>> }
>>
>> 2. change `krb5.conf` EXAMPLE_3.COM from
>> ``` java
>>
>> EXAMPLE_3.COM = {
>> kdc = kdc.example.com
>> kdc = kdc2.example.com
>> inner =
>> {
>> aaa = nnn
>> }
>> }
>>
>> to
>> ```java
>>
>> EXAMPLE_3.COM = {
>> kdc = kdc.example.com
>> kdc = kdc2.example.com
>> inner =
>> { aaa = nnn
>> }
>> }
>> ```
>>
>> There are other ways to cover this as well as writing it's own test case, however I feel that it might be an overkill for this.
>> What do you think?
>
> Good catch. Instead I've enhanced the random test to cover this.
Thank you :)
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25421#discussion_r2113575984
More information about the security-dev
mailing list