I has prepared fix for bug related to using native GSS API. Uninitialized fields causes JVM crash or authentication failing.
Bug consequences are more described in bugreport: https://bugs.openjdk.java.net/browse/JDK-8194630 Reproducer is attached to bugreport too. Would anyone be interested in reviewing/sponsoring this change? It would be really great to get this into JDK 9 and above. (I am covered by Red Hat OCA.) Thanks for your response! PATCH: ---------------------------------------------- diff --git a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c --- a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c +++ b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c @@ -169,6 +169,11 @@ // initialize addrtype in CB first cb->initiator_addrtype = GSS_C_AF_NULLADDR; cb->acceptor_addrtype = GSS_C_AF_NULLADDR; + // addresses needs to be initialized to empty + cb->initiator_address.length = 0; + cb->initiator_address.value = NULL; + cb->acceptor_address.length = 0; + cb->acceptor_address.value = NULL; /* set up initiator address */ jinetAddr = (*env)->CallObjectMethod(env, jcb, ----------------------------------------------
