On 5/8/13 8:24 AM, Weijun Wang wrote: > Hi All > > This is a request to backport a jdk8 fix into jdk7u-dev. > > 8012082: SASL: auth-conf negotiated, but unencrypted data is accepted, reset > to unencrypt
Approved. cheers, dalibor topic > > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8012082 > > The qop (quality of protection) value is shared between wrap and unwrap, so > the protection level of an incoming message will be used as the one of an > outgoing message. The result is something like "if you don't care neither do > I", but actually it should be "I care no matter what you do". > > The fix is already included in jdk8 as: > > http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ae4a82e69da2 > Reviewed-by: vinnie > > The patch for jdk7u-dev is identical to the one in jdk8. > > The fix is low-risk, and isolated. new regression test added. Existing tests > also run fine. > > Thanks > Weijun -- Oracle <http://www.oracle.com> Dalibor Topic | Principal Product Manager Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961 <tel:+491737185961> Oracle Java Platform Group ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg ORACLE Deutschland B.V. & Co. KG Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Geschäftsführer: Jürgen Kunz Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher Green Oracle <http://www.oracle.com/commitment> Oracle is committed to developing practices and products that help protect the environment
