[jboss-jira] [JBoss JIRA] (ELY-283) Investigate Elytron and gssproxy interoperability

Jan Kalina (JIRA) issues at jboss.org
Fri Dec 22 11:49:00 EST 2017 

    [ https://issues.jboss.org/browse/ELY-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13508167#comment-13508167 ] 

Jan Kalina commented on ELY-283:
--------------------------------

For needs of OpenJDK patch review I has prepared simple reproducer without AS: [^reproducer-gss.zip] 
{panel}
Hi, I was just able to prepare usable reproducer (attaching in ZIP file) and fixing patch of JDK (attaching too).
Before I was able to make my usecase working, I has found second issue too - I has included it too.

Issues and their reproducing:

*1) already described problem of wrong initialized SunNativeProvider.INSTANCE*

This can be reproduced by recreating GSSManager before createGSSContext - ProviderList.factories
will be initialized as part of initSecContext/acceptSecContext which will cause using wrong initialized
SunNativeProvider.INSTANCE and described exception.

*2) when channel binding is used SIGSEGV occure*

This can be reproduced by setting channel binding without initAddr/acceptAddr.
This is caused by sending uninitialized (with random length) cb->initiator_address from JDK to the kerberos.
(It is used by krb library for messages checksum calculation even when addrtype is GSS_C_AF_NULLADDR.)

Attached reproducer-gss.zip reproduces both issues and attached patch fixes both.

I would welcome merging into OpenJDK. (I am covered by OCA of Red Hat)

This issue affect both tested JDKs, JKD8u121 and upstream JDK9 from mercurial master.

Thanks,
Jan
{panel}

> Investigate Elytron and gssproxy interoperability
> -------------------------------------------------
>
>                 Key: ELY-283
>                 URL: https://issues.jboss.org/browse/ELY-283
>             Project: WildFly Elytron
>          Issue Type: Task
>          Components: SASL
>            Reporter: Peter Skopek
>            Assignee: Jan Kalina
>             Fix For: 2.0.0.Alpha1
>
>         Attachments: jkalina-openjdk-native-gss.patch, openjdk-patch-native-mechs.patch, reproducer-gss.zip
>
>
> Investigate Elytron and gssproxy interoperability.
> https://fedorahosted.org/gss-proxy/



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list