Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8225687

Newly added sspi.cpp in JDK-6722928 still contains some small errors

    XMLWordPrintable

    Details

      Backports

        Description

         - CHECK_*() macros

           Macro bodies should not end in a semi-colon.

           If these were public and since these macro bodies are all if
           statements, you should wrap them in do { } while (0), but since
           they're private we can make sure that all uses are correct.

         - gss_import_name() doesn't check that the first two bytes of the
           input buffer are the expected token ID when the name-type is
           GSS_C_NT_EXPORTED_NAME.

         - gss_import_name() doesn't check that the third byte of the input
           buffer is 0 when the name-type is GSS_C_NT_EXPORTED_NAME.

         - gss_compare_name(), this code will not distinguish a name of the
           form 'foo@' from 'foo\@'

              434 if (l1 < l2 && n2[l1] != L'@'
              435 || l2 < l1 && n1[l2] != L'@') {
              436 return GSS_S_COMPLETE; // different
              437 }

           Honestly, this is not the most serious problem because nothing
           really should be using gss_compare_name(), but you do use it... and
           anyways, it's wrong.

           Perhaps the gss_name_struct struct should have a length of realm or
           length-of-not-realm-part field to make this check easier.

         - gss_compare_name(), do not use NORM_IGNORECASE

         - gss_canonicalize_name() should check that mech_type is Kerberos

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                weijun Weijun Wang
                Reporter:
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: