-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P5
-
Affects Version/s: 6
-
Component/s: security-libs
-
None
-
b63
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2132253 | 5.0u7 | Weijun Wang | P3 | Resolved | Fixed | b01 |
sun.security.jgss.krb5.CipherHelper creates a private desCipher object and caches it.
this caching should not be done. a new Cipher object should be retrieved as needed. the caching can pose problems, for example, in multi-threaded environments since access to the object is not synchronized.
in JGSS workspace, 2 classes -- AesDkCrypto and ArcFourCrypto -- in the sun.security.krb5.internal.crypto.dk package also cache the Cipher in a similar style.
this caching should not be done. a new Cipher object should be retrieved as needed. the caching can pose problems, for example, in multi-threaded environments since access to the object is not synchronized.
in JGSS workspace, 2 classes -- AesDkCrypto and ArcFourCrypto -- in the sun.security.krb5.internal.crypto.dk package also cache the Cipher in a similar style.
- backported by
-
JDK-2132253 GSSContext/Krb5 mechanism should not cache Cipher object
-
- Resolved
-