<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
The later version looks good and I will use this one.<br>
Thanks,<br>
Valerie<br>
<br>
<div class="moz-cite-prefix">On 2/22/2018 2:49 AM, Jan Kalina wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANvHcN90aGKtd8HdwLZKBsOn-N2xqLJ-W=XQHTuOU0QHLzv_7A@mail.gmail.com">
<div dir="ltr">
<div>
<div>
<div>Ok, thanks Valerie!<br>
</div>
<div>Sorry for spam, I has supposed my previous email was
not considered to be patch.<br>
</div>
<div><br>
</div>
Martin:<br>
As this is way how it is initialized in other places, I has
not considered it.<br>
<a
href="http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/59e88d3b9b17/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c#l132"
moz-do-not-send="true">http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/59e88d3b9b17/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c#l132</a><br>
</div>
<br>
</div>
Follows fixed version - tested and works ok - keeping on Valerie
which version will be used:<br>
<div><br>
---------------------------------------------<br>
diff --git
a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c<br>
---
a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c<br>
+++
b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c<br>
@@ -169,6 +169,9 @@<br>
// initialize addrtype in CB first<br>
cb->initiator_addrtype = GSS_C_AF_NULLADDR;<br>
cb->acceptor_addrtype = GSS_C_AF_NULLADDR;<br>
+ // addresses needs to be initialized to empty<br>
+ memset(&cb->initiator_address, 0,
sizeof(cb->initiator_address));<br>
+ memset(&cb->acceptor_address, 0,
sizeof(cb->acceptor_address));<br>
<br>
/* set up initiator address */<br>
jinetAddr = (*env)->CallObjectMethod(env, jcb,<br>
---------------------------------------------<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Feb 21, 2018 at 7:26 PM, Martin
Balao <span dir="ltr"><<a href="mailto:mbalao@redhat.com"
target="_blank" moz-do-not-send="true">mbalao@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Have you considered zeroizing the whole
"gss_channel_bindings_t" structure with memset? So we
don't have problem if new fields are eventually added.</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Feb 21, 2018 at 1:39
PM, Jan Kalina <span dir="ltr"><<a
href="mailto:jkalina@redhat.com" target="_blank"
moz-do-not-send="true">jkalina@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I has prepared fix for bug related
to using native GSS API.<br>
<div>Uninitialized fields causes JVM crash or
authentication failing.<br>
</div>
<div><br>
Bug consequences are more described in
bugreport:<br>
<a
href="https://bugs.openjdk.java.net/browse/JDK-8194630"
target="_blank" moz-do-not-send="true">https://bugs.openjdk.java.net/<wbr>browse/JDK-8194630</a><br>
</div>
<div>Reproducer is attached to bugreport too.<br>
</div>
<div><br>
Would anyone be interested in
reviewing/sponsoring this change?<br>
</div>
<div>It would be really great to get this into
JDK 9 and above.<br>
</div>
<div>(I am covered by Red Hat OCA.)<br>
</div>
<div><br>
</div>
<div>Thanks for your response!<br>
</div>
<div><br>
</div>
<div>PATCH:<br>
------------------------------<wbr>----------------<br>
diff --git a/src/java.security.jgss/share<wbr>/native/libj2gss/GSSLibStub.c
b/src/java.security.jgss/share<wbr>/native/libj2gss/GSSLibStub.c<br>
--- a/src/java.security.jgss/share<wbr>/native/libj2gss/GSSLibStub.c<br>
+++ b/src/java.security.jgss/share<wbr>/native/libj2gss/GSSLibStub.c<br>
@@ -169,6 +169,11 @@<br>
// initialize addrtype in CB first<br>
cb->initiator_addrtype =
GSS_C_AF_NULLADDR;<br>
cb->acceptor_addrtype =
GSS_C_AF_NULLADDR;<br>
+ // addresses needs to be initialized to
empty<br>
+ cb->initiator_address.length = 0;<br>
+ cb->initiator_address.value = NULL;<br>
+ cb->acceptor_address.length = 0;<br>
+ cb->acceptor_address.value = NULL;<br>
<br>
/* set up initiator address */<br>
jinetAddr =
(*env)->CallObjectMethod(env, jcb,<br>
------------------------------<wbr>----------------<br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>