The later version looks good and I will use this one.
Thanks,
Valerie
On 2/22/2018 2:49 AM, Jan Kalina wrote:
Ok, thanks Valerie!
Sorry for spam, I has supposed my previous email was not considered to
be patch.
Martin:
As this is way how it is initialized in other places, I has not
considered it.
http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/59e88d3b9b17/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c#l132
Follows fixed version - tested and works ok - keeping on Valerie which
version will be used:
---------------------------------------------
diff --git a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
--- a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
+++ b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
@@ -169,6 +169,9 @@
// initialize addrtype in CB first
cb->initiator_addrtype = GSS_C_AF_NULLADDR;
cb->acceptor_addrtype = GSS_C_AF_NULLADDR;
+ // addresses needs to be initialized to empty
+ memset(&cb->initiator_address, 0, sizeof(cb->initiator_address));
+ memset(&cb->acceptor_address, 0, sizeof(cb->acceptor_address));
/* set up initiator address */
jinetAddr = (*env)->CallObjectMethod(env, jcb,
---------------------------------------------
On Wed, Feb 21, 2018 at 7:26 PM, Martin Balao <mba...@redhat.com
<mailto:mba...@redhat.com>> wrote:
Have you considered zeroizing the whole "gss_channel_bindings_t"
structure with memset? So we don't have problem if new fields are
eventually added.
On Wed, Feb 21, 2018 at 1:39 PM, Jan Kalina <jkal...@redhat.com
<mailto:jkal...@redhat.com>> wrote:
I has prepared fix for bug related to using native GSS API.
Uninitialized fields causes JVM crash or authentication failing.
Bug consequences are more described in bugreport:
https://bugs.openjdk.java.net/browse/JDK-8194630
<https://bugs.openjdk.java.net/browse/JDK-8194630>
Reproducer is attached to bugreport too.
Would anyone be interested in reviewing/sponsoring this change?
It would be really great to get this into JDK 9 and above.
(I am covered by Red Hat OCA.)
Thanks for your response!
PATCH:
----------------------------------------------
diff --git
a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
--- a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
+++ b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
@@ -169,6 +169,11 @@
// initialize addrtype in CB first
cb->initiator_addrtype = GSS_C_AF_NULLADDR;
cb->acceptor_addrtype = GSS_C_AF_NULLADDR;
+ // addresses needs to be initialized to empty
+ cb->initiator_address.length = 0;
+ cb->initiator_address.value = NULL;
+ cb->acceptor_address.length = 0;
+ cb->acceptor_address.value = NULL;
/* set up initiator address */
jinetAddr = (*env)->CallObjectMethod(env, jcb,
----------------------------------------------
