Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8028627

Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings

    Details

    • Subcomponent:
    • Resolved In Build:
      b15
    • Verification:
      Not verified

      Backports

        Description

        There is an unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store class/codebase mappings. The call stack is:

        JceSecurity.getCodeBase
        JceSecurityManager.getCryptoPermission
        Cipher.getConfiguredPermission
        (various methods of Cipher)

          Activity

          Hide
          wetmore Bradford Wetmore added a comment -
          Copying from:

          http://mail.openjdk.java.net/pipermail/security-dev/2014-February/010197.html

          The problem described in that bug seems that it has been discovered by statically code analysis.
          However, it seems that we have this problem in production code. A thread dump shows that two threads are "looping":

          Java HotSpot(TM) Client VM (24.45-b08 mixed mode)

          "pool-2-thread-2" prio=6 tid=0x40537c00 nid=0xb80 runnable [0x4298e000]
             java.lang.Thread.State: RUNNABLE
                  at java.util.WeakHashMap.get(WeakHashMap.java:471)
                  at javax.crypto.JceSecurity.getCodeBase(JceSecurity.java:222)
                  at javax.crypto.JceSecurityManager.getCryptoPermission(JceSecurityManager.java:107)
                  at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2503)
                  at javax.crypto.Cipher.initCryptoPermission(Cipher.java:685)
                  at javax.crypto.Cipher.chooseProvider(Cipher.java:848)
                  - locked <0x16005f98> (a java.lang.Object)
                  at javax.crypto.Cipher.init(Cipher.java:1213)
                  at javax.crypto.Cipher.init(Cipher.java:1153)
                  at org.hsqldb.persist.Crypto.<init>(Unknown Source)
                  at org.hsqldb.persist.Logger.setVariables(Unknown Source)
                  at org.hsqldb.persist.Logger.openPersistence(Unknown Source)
                  at org.hsqldb.Database.reopen(Unknown Source)
                  at org.hsqldb.Database.open(Unknown Source)
                  - locked <0x15e51a60> (a org.hsqldb.Database)
                  at org.hsqldb.DatabaseManager.getDatabase(Unknown Source)
                  - locked <0x15e51a60> (a org.hsqldb.Database)
                  at org.hsqldb.DatabaseManager.newSession(Unknown Source)
                  at org.hsqldb.jdbc.JDBCConnection.<init>(Unknown Source) ...

          "pool-2-thread-1" prio=6 tid=0x40537400 nid=0x18f4 runnable [0x412fe000]
             java.lang.Thread.State: RUNNABLE
                  at java.util.WeakHashMap.get(WeakHashMap.java:471)
                  at javax.crypto.JceSecurity.getCodeBase(JceSecurity.java:222)
                  at javax.crypto.JceSecurityManager.getCryptoPermission(JceSecurityManager.java:107)
                  at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2503)
                  at javax.crypto.Cipher.initCryptoPermission(Cipher.java:685)
                  at javax.crypto.Cipher.chooseProvider(Cipher.java:848)
                  - locked <0x16006128> (a java.lang.Object)
                  at javax.crypto.Cipher.init(Cipher.java:1213)
                  at javax.crypto.Cipher.init(Cipher.java:1153)
                  at org.hsqldb.persist.Crypto.<init>(Unknown Source)
                  at org.hsqldb.persist.Logger.setVariables(Unknown Source)
                  at org.hsqldb.persist.Logger.openPersistence(Unknown Source)
                  at org.hsqldb.Database.reopen(Unknown Source)
                  at org.hsqldb.Database.open(Unknown Source)
                  - locked <0x15e5a718> (a org.hsqldb.Database)
                  at org.hsqldb.DatabaseManager.getDatabase(Unknown Source)
                  - locked <0x15e5a718> (a org.hsqldb.Database)
                  at org.hsqldb.DatabaseManager.newSession(Unknown Source)
                  at org.hsqldb.jdbc.JDBCConnection.<init>(Unknown Source)
                  at org.hsqldb.jdbc.JDBCDriver.getConnection(Unknown Source)
                  at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source) ...

          We have two database instances running parallel.
          Show
          wetmore Bradford Wetmore added a comment - Copying from: http://mail.openjdk.java.net/pipermail/security-dev/2014-February/010197.html The problem described in that bug seems that it has been discovered by statically code analysis. However, it seems that we have this problem in production code. A thread dump shows that two threads are "looping": Java HotSpot(TM) Client VM (24.45-b08 mixed mode) "pool-2-thread-2" prio=6 tid=0x40537c00 nid=0xb80 runnable [0x4298e000]    java.lang.Thread.State: RUNNABLE         at java.util.WeakHashMap.get(WeakHashMap.java:471)         at javax.crypto.JceSecurity.getCodeBase(JceSecurity.java:222)         at javax.crypto.JceSecurityManager.getCryptoPermission(JceSecurityManager.java:107)         at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2503)         at javax.crypto.Cipher.initCryptoPermission(Cipher.java:685)         at javax.crypto.Cipher.chooseProvider(Cipher.java:848)         - locked <0x16005f98> (a java.lang.Object)         at javax.crypto.Cipher.init(Cipher.java:1213)         at javax.crypto.Cipher.init(Cipher.java:1153)         at org.hsqldb.persist.Crypto.<init>(Unknown Source)         at org.hsqldb.persist.Logger.setVariables(Unknown Source)         at org.hsqldb.persist.Logger.openPersistence(Unknown Source)         at org.hsqldb.Database.reopen(Unknown Source)         at org.hsqldb.Database.open(Unknown Source)         - locked <0x15e51a60> (a org.hsqldb.Database)         at org.hsqldb.DatabaseManager.getDatabase(Unknown Source)         - locked <0x15e51a60> (a org.hsqldb.Database)         at org.hsqldb.DatabaseManager.newSession(Unknown Source)         at org.hsqldb.jdbc.JDBCConnection.<init>(Unknown Source) ... "pool-2-thread-1" prio=6 tid=0x40537400 nid=0x18f4 runnable [0x412fe000]    java.lang.Thread.State: RUNNABLE         at java.util.WeakHashMap.get(WeakHashMap.java:471)         at javax.crypto.JceSecurity.getCodeBase(JceSecurity.java:222)         at javax.crypto.JceSecurityManager.getCryptoPermission(JceSecurityManager.java:107)         at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2503)         at javax.crypto.Cipher.initCryptoPermission(Cipher.java:685)         at javax.crypto.Cipher.chooseProvider(Cipher.java:848)         - locked <0x16006128> (a java.lang.Object)         at javax.crypto.Cipher.init(Cipher.java:1213)         at javax.crypto.Cipher.init(Cipher.java:1153)         at org.hsqldb.persist.Crypto.<init>(Unknown Source)         at org.hsqldb.persist.Logger.setVariables(Unknown Source)         at org.hsqldb.persist.Logger.openPersistence(Unknown Source)         at org.hsqldb.Database.reopen(Unknown Source)         at org.hsqldb.Database.open(Unknown Source)         - locked <0x15e5a718> (a org.hsqldb.Database)         at org.hsqldb.DatabaseManager.getDatabase(Unknown Source)         - locked <0x15e5a718> (a org.hsqldb.Database)         at org.hsqldb.DatabaseManager.newSession(Unknown Source)         at org.hsqldb.jdbc.JDBCConnection.<init>(Unknown Source)         at org.hsqldb.jdbc.JDBCDriver.getConnection(Unknown Source)         at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source) ... We have two database instances running parallel.
          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/33a73cb00814
          User: robm
          Date: 2014-05-19 13:33:51 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/33a73cb00814 User: robm Date: 2014-05-19 13:33:51 +0000
          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/33a73cb00814
          User: lana
          Date: 2014-05-29 05:34:48 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/33a73cb00814 User: lana Date: 2014-05-29 05:34:48 +0000
          Hide
          zailiu Kevin Liu (Inactive) added a comment -
          Not verified, no test provided.
          Show
          zailiu Kevin Liu (Inactive) added a comment - Not verified, no test provided.

            People

            • Assignee:
              robm Robert Mckenna
              Reporter:
              mullan Sean Mullan
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: