<div dir="ltr"><div><div><div>Ok, thanks Valerie!<br></div><div>Sorry for spam, I has supposed my previous email was not considered to be patch.<br></div><div><br></div>Martin:<br>As this is way how it is initialized in other places, I has not considered it.<br><a href="http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/59e88d3b9b17/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c#l132">http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/59e88d3b9b17/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c#l132</a><br></div><br></div>Follows fixed version - tested and works ok - keeping on Valerie which version will be used:<br><div><br>---------------------------------------------<br>diff --git a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c<br>--- a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c<br>+++ b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c<br>@@ -169,6 +169,9 @@<br> // initialize addrtype in CB first<br> cb->initiator_addrtype = GSS_C_AF_NULLADDR;<br> cb->acceptor_addrtype = GSS_C_AF_NULLADDR;<br>+ // addresses needs to be initialized to empty<br>+ memset(&cb->initiator_address, 0, sizeof(cb->initiator_address));<br>+ memset(&cb->acceptor_address, 0, sizeof(cb->acceptor_address));<br> <br> /* set up initiator address */<br> jinetAddr = (*env)->CallObjectMethod(env, jcb,<br>---------------------------------------------<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 21, 2018 at 7:26 PM, Martin Balao <span dir="ltr"><<a href="mailto:mbalao@redhat.com" target="_blank">mbalao@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Have you considered zeroizing the whole "gss_channel_bindings_t" structure with memset? So we don't have problem if new fields are eventually added.</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 21, 2018 at 1:39 PM, Jan Kalina <span dir="ltr"><<a href="mailto:jkalina@redhat.com" target="_blank">jkalina@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I has prepared fix for bug related to using native GSS API.<br><div>Uninitialized fields causes JVM crash or authentication failing.<br></div><div><br>Bug consequences are more described in bugreport:<br><a href="https://bugs.openjdk.java.net/browse/JDK-8194630" target="_blank">https://bugs.openjdk.java.net/<wbr>browse/JDK-8194630</a><br></div><div>Reproducer is attached to bugreport too.<br></div><div></div><div><br>Would anyone be interested in reviewing/sponsoring this change?<br></div><div>It would be really great to get this into JDK 9 and above.<br></div><div>(I am covered by Red Hat OCA.)<br></div><div><br></div><div>Thanks for your response!<br></div><div><br></div><div>PATCH:<br>------------------------------<wbr>----------------<br>diff --git a/src/java.security.jgss/share<wbr>/native/libj2gss/GSSLibStub.c b/src/java.security.jgss/share<wbr>/native/libj2gss/GSSLibStub.c<br>--- a/src/java.security.jgss/share<wbr>/native/libj2gss/GSSLibStub.c<br>+++ b/src/java.security.jgss/share<wbr>/native/libj2gss/GSSLibStub.c<br>@@ -169,6 +169,11 @@<br> // initialize addrtype in CB first<br> cb->initiator_addrtype = GSS_C_AF_NULLADDR;<br> cb->acceptor_addrtype = GSS_C_AF_NULLADDR;<br>+ // addresses needs to be initialized to empty<br>+ cb->initiator_address.length = 0;<br>+ cb->initiator_address.value = NULL;<br>+ cb->acceptor_address.length = 0;<br>+ cb->acceptor_address.value = NULL;<br> <br> /* set up initiator address */<br> jinetAddr = (*env)->CallObjectMethod(env, jcb,<br>------------------------------<wbr>----------------<br><br></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>