United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6919610 KeyTabInputStream uses static field for per-instance value
JDK-6919610 : KeyTabInputStream uses static field for per-instance value

Details
Type:
Bug
Submit Date:
2010-01-25
Status:
Resolved
Updated Date:
2010-11-04
Project Name:
JDK
Resolved Date:
2010-02-16
Component:
security-libs
OS:
generic
Sub-Component:
org.ietf.jgss:krb5
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:

Related Reports
Backport:

Sub Tasks

Description
This is a bug in the internal sun.security.krb5.internal.ktab package.

KrbTabInputStream#readEntry(length,kvno) reads length of bytes into a KeyTabEntry. A variable "index" is used to store how many bytes are left unread to determine if there are enough (or more) for this entry. The variable should be per-read or at least per-instance (since a KrbTabInputStream should be read sequentially and thus not multi-thread enabled). However, it's per-class (static) now.

This means when multiple threads are calling the method at the same time (for example, both refreshing a keytab), the value might be modified by another thread during the execution of the method. If it goes bigger, a false skip() will be called, otherwise, it triggers a keytab corruption error. Both lead to the keytab singleton object to be null.

                                    

Comments
EVALUATION

http://hg.openjdk.java.net/jdk7/tl/jdk/rev/558f2a424bfa
                                     
2010-01-26
EVALUATION

Fixed: static field into instance field.
*** (#1 of 1): [ UNSAVED ] ###@###.###
                                     
2010-01-26



Hardware and Software, Engineered to Work Together