-
Bug
-
Resolution: Fixed
-
P3
-
7
-
None
-
b84
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2187543 | 6u21 | Weijun Wang | P3 | Resolved | Fixed | b01 |
This is a bug in the internal sun.security.krb5.internal.ktab package.
KrbTabInputStream#readEntry(length,kvno) reads length of bytes into a KeyTabEntry. A variable "index" is used to store how many bytes are left unread to determine if there are enough (or more) for this entry. The variable should be per-read or at least per-instance (since a KrbTabInputStream should be read sequentially and thus not multi-thread enabled). However, it's per-class (static) now.
This means when multiple threads are calling the method at the same time (for example, both refreshing a keytab), the value might be modified by another thread during the execution of the method. If it goes bigger, a false skip() will be called, otherwise, it triggers a keytab corruption error. Both lead to the keytab singleton object to be null.
KrbTabInputStream#readEntry(length,kvno) reads length of bytes into a KeyTabEntry. A variable "index" is used to store how many bytes are left unread to determine if there are enough (or more) for this entry. The variable should be per-read or at least per-instance (since a KrbTabInputStream should be read sequentially and thus not multi-thread enabled). However, it's per-class (static) now.
This means when multiple threads are calling the method at the same time (for example, both refreshing a keytab), the value might be modified by another thread during the execution of the method. If it goes bigger, a false skip() will be called, otherwise, it triggers a keytab corruption error. Both lead to the keytab singleton object to be null.
- backported by
-
JDK-2187543 KeyTabInputStream uses static field for per-instance value
-
- Resolved
-