-
Bug
-
Resolution: Fixed
-
P3
-
1.4.1
-
None
-
mantis
-
generic
-
generic
I downloaded J2SE 1.4.0 for Windows from your site recently, specifically
j2sdk-1_4_0_01-windows-i586.exe. I'm using Java GSS-API with the built in
Kerberos V5 security mechanism. There's a bug in GSSContext.unwrap(byte[]
inBuf, int offset, int len, MessageProp msgProp). If the privacy is set to
true by a previous operation and I reuse the MessageProp object for an
unwrap on a token which was wrapped with the privacy set to false, I get the
errors below. The MessageProp object is supposed to be strictly an output
object when used for an unwrap but apparently it's not. This is incorrect
since unwrap should use the GSS token's header fields and nothing else to
determine what protection was applied. When I reset the privacy to false
before calling unwrap, the unwrap operation is successful.
java.security.PrivilegedActionException:
java.security.PrivilegedActionException:
java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:499)
at Login.main(Login.java:177)
Caused by: java.security.PrivilegedActionException:
java.lang.reflect.InvocationTargetException
at MyAction.run(Login.java:214)
... 3 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at MyAction.run(Login.java:212)
... 3 more
Caused by: java.lang.ArrayIndexOutOfBoundsException
at sun.security.jgss.krb5.WrapToken.desCbcDecrypt(WrapToken.java:435)
at sun.security.jgss.krb5.WrapToken.getDataFromBuffer(WrapToken.java:236)
at sun.security.jgss.krb5.WrapToken.getData(WrapToken.java:198)
at sun.security.jgss.krb5.WrapToken.getData(WrapToken.java:171)
at sun.security.jgss.krb5.Krb5Context.unwrap(Krb5Context.java:737)
at sun.security.jgss.GSSContextImpl.unwrap(GSSContextImpl.java:362)
at CSSSampleServer.main(CSSSampleServer.java:176)
... 8 more
Arlene Berry
Certified Security Solutions Incorporated
j2sdk-1_4_0_01-windows-i586.exe. I'm using Java GSS-API with the built in
Kerberos V5 security mechanism. There's a bug in GSSContext.unwrap(byte[]
inBuf, int offset, int len, MessageProp msgProp). If the privacy is set to
true by a previous operation and I reuse the MessageProp object for an
unwrap on a token which was wrapped with the privacy set to false, I get the
errors below. The MessageProp object is supposed to be strictly an output
object when used for an unwrap but apparently it's not. This is incorrect
since unwrap should use the GSS token's header fields and nothing else to
determine what protection was applied. When I reset the privacy to false
before calling unwrap, the unwrap operation is successful.
java.security.PrivilegedActionException:
java.security.PrivilegedActionException:
java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:499)
at Login.main(Login.java:177)
Caused by: java.security.PrivilegedActionException:
java.lang.reflect.InvocationTargetException
at MyAction.run(Login.java:214)
... 3 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at MyAction.run(Login.java:212)
... 3 more
Caused by: java.lang.ArrayIndexOutOfBoundsException
at sun.security.jgss.krb5.WrapToken.desCbcDecrypt(WrapToken.java:435)
at sun.security.jgss.krb5.WrapToken.getDataFromBuffer(WrapToken.java:236)
at sun.security.jgss.krb5.WrapToken.getData(WrapToken.java:198)
at sun.security.jgss.krb5.WrapToken.getData(WrapToken.java:171)
at sun.security.jgss.krb5.Krb5Context.unwrap(Krb5Context.java:737)
at sun.security.jgss.GSSContextImpl.unwrap(GSSContextImpl.java:362)
at CSSSampleServer.main(CSSSampleServer.java:176)
... 8 more
Arlene Berry
Certified Security Solutions Incorporated