Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8160518

Semicolon is not recognized as comment starting character (Kerberos)

    Details

    • Subcomponent:
    • Resolved In Build:
      b127
    • CPU:
      generic
    • OS:
      linux
    • Verification:
      Verified

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.8.0_66"
        Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
        Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Linux <host> 2.6.32-573.8.1.el6.x86_64 #1 SMP Wed Nov 11 15:27:45 CET 2015 x86_64 x86_64 x86_64 GNU/Linux

        A DESCRIPTION OF THE PROBLEM :
        Whenever the krb5.conf file has a comment starting with semicolon not in the beginning of file, for example:
        [libdefaults]
         default_realm = EXAMPLE.COM
         ...
        ; comment
        [realms]
         EXAMPLE.ORG = {
          ...
         }

        When parsing the configuration, Java is throwing an exception:
        KrbException: Illegal config content:; comment
        at sun.security.krb5.Config.parseStanzaTable(Config.java:609)
        at sun.security.krb5.Config.<init>(Config.java:177)
        at sun.security.krb5.Config.getInstance(Config.java:98)
        ... 9 more

        While checking the source code of Kerberos (the latest version), you can see that semicolon is a valid comment starting character. Check prof_parce.c file in src/util/profile directory.

        Other sources suggest that semicolon should be accepted as comment starting character:
        https://groups.google.com/forum/#!topic/comp.protocols.kerberos/i_Cl2d7TLGU


        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        The krb5.conf file with semicolons should be parsed successfully.
        ACTUAL -
        Exception is being thrown:
        KrbException: Illegal config content:; comment
        at sun.security.krb5.Config.parseStanzaTable(Config.java:609)
        at sun.security.krb5.Config.<init>(Config.java:177)
        at sun.security.krb5.Config.getInstance(Config.java:98)
        ... 9 more

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        KrbException: Illegal config content:; comment
        at sun.security.krb5.Config.parseStanzaTable(Config.java:609)
        at sun.security.krb5.Config.<init>(Config.java:177)
        at sun.security.krb5.Config.getInstance(Config.java:98)
        ... 9 more

        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        Taken from Hadoop source code:


            Object kerbConf;
            Class<?> classRef;
            Method getInstanceMethod;
            Method getDefaultRealmMethod;
            if (IBM_JAVA) {
              classRef = Class.forName("com.ibm.security.krb5.internal.Config");
            } else {
              classRef = Class.forName("sun.security.krb5.Config");
            }
            getInstanceMethod = classRef.getMethod("getInstance", new Class[0]);
            kerbConf = getInstanceMethod.invoke(classRef, new Object[0]);
            getDefaultRealmMethod = classRef.getDeclaredMethod("getDefaultRealm",
                 new Class[0]);
            return (String)getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        Removing the comment starting with semicolon or replacing semicolon by #.

          Activity

          Hide
          psonal Pallavi Sonal added a comment -
          Executed the attached test case in linux environment on:
          JDK 8u92 - Fail
          JDK 9ea - because of the new module system, , getting IllegalAccessException - so not sure if it fails or passes.

          Output on JDK8u92:
          ----------------------------
          Exception in thread "main" java.lang.reflect.InvocationTargetException
                  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:62)
                  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43)
                  at java.lang.reflect.Method.invoke(Method.java:498)
                  at JI9040891.main(JI9040891.java:16)
          Caused by: KrbException: Illegal config content:;comment
                  at sun.security.krb5.Config.parseStanzaTable(Config.java:634)
                  at sun.security.krb5.Config.<init>(Config.java:197)
                  at sun.security.krb5.Config.getInstance(Config.java:98)
                  ... 5 more


          Output on JDK 9
          -----------------------
          Exception in thread "main" java.lang.IllegalAccessException: class JI9040891 can not access class sun.security.krb5.Config (in module java.security.jgss) because module java.security.jgss does not export sun.security.krb5 to unnamed module @ 47f37ef1
                  at jdk.internal.reflect.Reflection.throwIllegalAccessException(java.base @9-ea/Reflection.java:405)
                  at jdk.internal.reflect.Reflection.throwIllegalAccessException(java.base @9-ea/Reflection.java:396)
                  at jdk.internal.reflect.Reflection.ensureMemberAccess(java.base@9-ea/Ref lection.java:98)
                  at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(java.base@9- ea/AccessibleObject.java:355)
                  at java.lang.reflect.AccessibleObject.checkAccess(java.base@9-ea/Accessi bleObject.java:347)
                  at java.lang.reflect.Method.invoke(java.base@9-ea/Method.java:527)
                  at JI9040891.main(JI9040891.java:16)
          Show
          psonal Pallavi Sonal added a comment - Executed the attached test case in linux environment on: JDK 8u92 - Fail JDK 9ea - because of the new module system, , getting IllegalAccessException - so not sure if it fails or passes. Output on JDK8u92: ---------------------------- Exception in thread "main" java.lang.reflect.InvocationTargetException         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:62)         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43)         at java.lang.reflect.Method.invoke(Method.java:498)         at JI9040891.main(JI9040891.java:16) Caused by: KrbException: Illegal config content:;comment         at sun.security.krb5.Config.parseStanzaTable(Config.java:634)         at sun.security.krb5.Config.<init>(Config.java:197)         at sun.security.krb5.Config.getInstance(Config.java:98)         ... 5 more Output on JDK 9 ----------------------- Exception in thread "main" java.lang.IllegalAccessException: class JI9040891 can not access class sun.security.krb5.Config (in module java.security.jgss) because module java.security.jgss does not export sun.security.krb5 to unnamed module @ 47f37ef1         at jdk.internal.reflect.Reflection.throwIllegalAccessException(java.base @9-ea/Reflection.java:405)         at jdk.internal.reflect.Reflection.throwIllegalAccessException(java.base @9-ea/Reflection.java:396)         at jdk.internal.reflect.Reflection.ensureMemberAccess( java.base@9-ea /Ref lection.java:98)         at java.lang.reflect.AccessibleObject.slowCheckMemberAccess( java.base@9 - ea/AccessibleObject.java:355)         at java.lang.reflect.AccessibleObject.checkAccess( java.base@9-ea /Accessi bleObject.java:347)         at java.lang.reflect.Method.invoke( java.base@9-ea /Method.java:527)         at JI9040891.main(JI9040891.java:16)
          Show
          weijun Weijun Wang added a comment - This is also consistent with MIT krb5: https://github.com/krb5/krb5/blob/0744026f06e8cbf477aa49cfe16b5fd28a9ddc9e/src/util/profile/prof_parse.c#L86
          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/4d5c6e8bad2d
          User: igerasim
          Date: 2016-07-08 16:39:22 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/4d5c6e8bad2d User: igerasim Date: 2016-07-08 16:39:22 +0000
          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/4d5c6e8bad2d
          User: amurillo
          Date: 2016-07-13 03:50:56 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/4d5c6e8bad2d User: amurillo Date: 2016-07-13 03:50:56 +0000

            People

            • Assignee:
              igerasim Ivan Gerasimov
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: