Looks fine to me.
Xuelei
On 1/25/2010 1:07 PM, Max (Weijun) Wang wrote:
Hi All
Please take a review at --
http://cr.openjdk.java.net/~weijun/6919610/webrev.00
Bug description follows.
Thanks
Max
*Change Request ID*: 6919610
*Synopsis*: KeyTabInputStream uses static field for per-instance value
Product: java
Category: jgss
Subcategory: krb5plugin
Type: Defect
Priority: 3-Medium
=== *Description*
============================================================
This is a bug in the internal sun.security.krb5.internal.ktab package.
KrbTabInputStream#readEntry(length,kvno) reads length of bytes into a
KeyTabEntry. A variable "index" is used to store how many bytes are
left unread to determine if there are enough (or more) for this
entry. The variable should be per-read or at least per-instance
(since a KrbTabInputStream should be read sequentially and thus not
multi-thread enabled). However, it's per-class (static) now.
This means when multiple threads are calling the method at the same
time (for example, both refreshing a keytab), the value might be
modified by another thread during the execution of the method. If it
goes bigger, a false skip() will be called, otherwise, it triggers a
keytab corruption error. Both lead to the keytab singleton object to
be null.
*** (#1 of 1): 2010-01-25 04:36:30 GMT+00:00 weijun.w...@sun.com
