JDK-6919610 : KeyTabInputStream uses static field for per-instance value
  • Type: Bug
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 7
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2010-01-25
  • Updated: 2010-11-04
  • Resolved: 2010-02-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u21Fixed 7 b84Fixed
Description
This is a bug in the internal sun.security.krb5.internal.ktab package.

KrbTabInputStream#readEntry(length,kvno) reads length of bytes into a KeyTabEntry. A variable "index" is used to store how many bytes are left unread to determine if there are enough (or more) for this entry. The variable should be per-read or at least per-instance (since a KrbTabInputStream should be read sequentially and thus not multi-thread enabled). However, it's per-class (static) now.

This means when multiple threads are calling the method at the same time (for example, both refreshing a keytab), the value might be modified by another thread during the execution of the method. If it goes bigger, a false skip() will be called, otherwise, it triggers a keytab corruption error. Both lead to the keytab singleton object to be null.

Comments
EVALUATION http://hg.openjdk.java.net/jdk7/tl/jdk/rev/558f2a424bfa
26-01-2010

EVALUATION Fixed: static field into instance field. *** (#1 of 1): [ UNSAVED ] ###@###.###
26-01-2010