Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8225687

Newly added sspi.cpp in JDK-6722928 still contains some small errors

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 13
    • Fix Version/s: 13
    • Component/s: security-libs
    • Labels:
      None

      Backports

        Description

         - CHECK_*() macros

           Macro bodies should not end in a semi-colon.

           If these were public and since these macro bodies are all if
           statements, you should wrap them in do { } while (0), but since
           they're private we can make sure that all uses are correct.

         - gss_import_name() doesn't check that the first two bytes of the
           input buffer are the expected token ID when the name-type is
           GSS_C_NT_EXPORTED_NAME.

         - gss_import_name() doesn't check that the third byte of the input
           buffer is 0 when the name-type is GSS_C_NT_EXPORTED_NAME.

         - gss_compare_name(), this code will not distinguish a name of the
           form 'foo@' from 'foo\@'

              434 if (l1 < l2 && n2[l1] != L'@'
              435 || l2 < l1 && n1[l2] != L'@') {
              436 return GSS_S_COMPLETE; // different
              437 }

           Honestly, this is not the most serious problem because nothing
           really should be using gss_compare_name(), but you do use it... and
           anyways, it's wrong.

           Perhaps the gss_name_struct struct should have a length of realm or
           length-of-not-realm-part field to make this check easier.

         - gss_compare_name(), do not use NORM_IGNORECASE

         - gss_canonicalize_name() should check that mech_type is Kerberos

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  weijun Weijun Wang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: