Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6346265

GSSContext/Krb5 mechanism should not cache Cipher object

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P5 P5
    • 6
    • 6
    • security-libs
    • None
    • b63
    • generic
    • generic

        sun.security.jgss.krb5.CipherHelper creates a private desCipher object and caches it.

        this caching should not be done. a new Cipher object should be retrieved as needed. the caching can pose problems, for example, in multi-threaded environments since access to the object is not synchronized.
        in JGSS workspace, 2 classes -- AesDkCrypto and ArcFourCrypto -- in the sun.security.krb5.internal.crypto.dk package also cache the Cipher in a similar style.

              weijun Weijun Wang
              claisunw Charlie Lai (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: