-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 13
-
Component/s: security-libs
-
b29
Macro bodies should not end in a semi-colon.
If these were public and since these macro bodies are all if
statements, you should wrap them in do { } while (0), but since
they're private we can make sure that all uses are correct.
- gss_import_name() doesn't check that the first two bytes of the
input buffer are the expected token ID when the name-type is
GSS_C_NT_EXPORTED_NAME.
- gss_import_name() doesn't check that the third byte of the input
buffer is 0 when the name-type is GSS_C_NT_EXPORTED_NAME.
- gss_compare_name(), this code will not distinguish a name of the
form 'foo@' from 'foo\@'
434 if (l1 < l2 && n2[l1] != L'@'
435 || l2 < l1 && n1[l2] != L'@') {
436 return GSS_S_COMPLETE; // different
437 }
Honestly, this is not the most serious problem because nothing
really should be using gss_compare_name(), but you do use it... and
anyways, it's wrong.
Perhaps the gss_name_struct struct should have a length of realm or
length-of-not-realm-part field to make this check easier.
- gss_compare_name(), do not use NORM_IGNORECASE
- gss_canonicalize_name() should check that mech_type is Kerberos
- backported by
-
JDK-8227531 Newly added sspi.cpp in JDK-6722928 still contains some small errors
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
JDK-6722928 Provide a default native GSS-API library on Windows
-
- Resolved
-
