Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8231387

java.security.Provider.getService returns random result due to race condition with mutating methods in the same class

    Details

    • Subcomponent:
    • Resolved In Build:
      b16
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        Filed on behalf of Tianmin Shi (tianshi@amazon.com).

        java.security.Provider.getService reads legacyMap at line 1260

        http://hg.openjdk.java.net/jdk/jdk/file/08a5148e7c4e/src/java.base/share/classes/java/security/Provider.java#l1276

        The read is not synchronized with the clear and repopulate of the same map's entries in java.security.Provider.ensureLegacyParsed. The result is a race condition when more than two threads execute both methods simultaneously. I've attached a reproducer.

        The fix is a simpler one liner.

        --- old/src/java.base/share/classes/java/security/Provider.java 2019-09-16 15:28:26.000000000 -0700
        +++ new/src/java.base/share/classes/java/security/Provider.java 2019-09-16 15:28:25.000000000 -0700
        @@ -1255,9 +1255,9 @@
                 }
                 synchronized (this) {
                     ensureLegacyParsed();
        - }
        - if (legacyMap != null && !legacyMap.isEmpty()) {
        - return legacyMap.get(key);
        + if (legacyMap != null && !legacyMap.isEmpty()) {
        + return legacyMap.get(key);
        + }
                 }
                 return null;
             }


         

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  phh Paul Hohensee
                  Reporter:
                  phh Paul Hohensee
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: