[jboss-jira] [JBoss JIRA] (ELY-283) Investigate Elytron and gssproxy interoperability
Jan Kalina (JIRA)
issues at jboss.org
Thu Jan 4 07:47:00 EST 2018
[ https://issues.jboss.org/browse/ELY-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13508167#comment-13508167 ]
Jan Kalina edited comment on ELY-283 at 1/4/18 7:46 AM:
--------------------------------------------------------
For needs of OpenJDK patch review I has prepared simple reproducer without AS: [^reproducer-gss.zip]
{panel}
Hi, I was just able to prepare usable reproducer (attaching in ZIP file) and fixing patch of JDK (attaching too).
Before I was able to make my usecase working, I has found second issue too - I has included it too.
Issues and their reproducing:
*1) already described problem of wrong initialized SunNativeProvider.INSTANCE*
This can be reproduced by recreating GSSManager before createGSSContext - ProviderList.factories
will be initialized as part of initSecContext/acceptSecContext which will cause using wrong initialized
SunNativeProvider.INSTANCE and described exception.
*2) when channel binding is used SIGSEGV occure*
This can be reproduced by setting channel binding without initAddr/acceptAddr.
This is caused by sending uninitialized (with random length) cb->initiator_address from JDK to the kerberos.
(It is used by krb library for messages checksum calculation even when addrtype is GSS_C_AF_NULLADDR.)
Attached reproducer-gss.zip reproduces both issues and attached patch fixes both.
I would welcome merging into OpenJDK. (I am covered by OCA of Red Hat)
This issue affect both tested JDKs, JKD8u121 and upstream JDK9 from mercurial master.
Thanks,
Jan
{panel}
Also reported as Oracle JDK issues:
* 1) as [JDK-8194073|https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8194073]
* 2) as [JDK-8194630|https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8194630]
was (Author: honza889):
For needs of OpenJDK patch review I has prepared simple reproducer without AS: [^reproducer-gss.zip]
{panel}
Hi, I was just able to prepare usable reproducer (attaching in ZIP file) and fixing patch of JDK (attaching too).
Before I was able to make my usecase working, I has found second issue too - I has included it too.
Issues and their reproducing:
*1) already described problem of wrong initialized SunNativeProvider.INSTANCE*
This can be reproduced by recreating GSSManager before createGSSContext - ProviderList.factories
will be initialized as part of initSecContext/acceptSecContext which will cause using wrong initialized
SunNativeProvider.INSTANCE and described exception.
*2) when channel binding is used SIGSEGV occure*
This can be reproduced by setting channel binding without initAddr/acceptAddr.
This is caused by sending uninitialized (with random length) cb->initiator_address from JDK to the kerberos.
(It is used by krb library for messages checksum calculation even when addrtype is GSS_C_AF_NULLADDR.)
Attached reproducer-gss.zip reproduces both issues and attached patch fixes both.
I would welcome merging into OpenJDK. (I am covered by OCA of Red Hat)
This issue affect both tested JDKs, JKD8u121 and upstream JDK9 from mercurial master.
Thanks,
Jan
{panel}
> Investigate Elytron and gssproxy interoperability
> -------------------------------------------------
>
> Key: ELY-283
> URL: https://issues.jboss.org/browse/ELY-283
> Project: WildFly Elytron
> Issue Type: Task
> Components: SASL
> Reporter: Peter Skopek
> Assignee: Jan Kalina
> Fix For: 2.0.0.Alpha1
>
> Attachments: jkalina-openjdk-native-gss.patch, openjdk-patch-native-mechs.patch, reproducer-gss.zip
>
>
> Investigate Elytron and gssproxy interoperability.
> https://fedorahosted.org/gss-proxy/
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list