Details
-
Enhancement
-
Resolution: Fixed
-
P4
-
None
-
b18
-
windows
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8297320 | 11.0.19-oracle | Prasadarao Koppula | P4 | Resolved | Fixed | b01 |
JDK-8289059 | 11.0.17 | Sergey Nazarkin | P4 | Resolved | Fixed | b01 |
JDK-8298436 | 8u371 | Prasadarao Koppula | P4 | Resolved | Fixed | b01 |
Description
In gss_compare_name(), there is [1]:
if (l1 < l2 && l1 != r2
|| l2 < l1 && l2 != l1) {
return GSS_S_COMPLETE; // different
}
If one name is "user@R" and the other is "user1". This check fails fast when one "user" and "user1" already have different length.
The comparison should be symmetric and the last check should be l2 != r1.
This bug is reported at [2].
[1] https://github.com/openjdk/jdk/blob/51d5164ca2b4801c14466e8d1420ecf27cb7615f/src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp#L467
[2] http://mail.openjdk.java.net/pipermail/security-dev/2020-September/022643.html
if (l1 < l2 && l1 != r2
|| l2 < l1 && l2 != l1) {
return GSS_S_COMPLETE; // different
}
If one name is "user@R" and the other is "user1". This check fails fast when one "user" and "user1" already have different length.
The comparison should be symmetric and the last check should be l2 != r1.
This bug is reported at [2].
[1] https://github.com/openjdk/jdk/blob/51d5164ca2b4801c14466e8d1420ecf27cb7615f/src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp#L467
[2] http://mail.openjdk.java.net/pipermail/security-dev/2020-September/022643.html
Attachments
Issue Links
- backported by
-
JDK-8289059 Wrong length compared in SSPI bridge
- Resolved
-
JDK-8297320 Wrong length compared in SSPI bridge
- Resolved
-
JDK-8298436 Wrong length compared in SSPI bridge
- Resolved
- links to
-
Commit openjdk/jdk11u-dev/e16aacad
-
Commit openjdk/jdk/e5ba020e
-
Review openjdk/jdk11u-dev/1170
-
Review openjdk/jdk/419
(2 links to)