RFR - 8028627: Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings

Rob McKenna rob.mckenna at oracle.com
Mon May 19 12:49:18 UTC 2014


Thanks Sean, will do.

     -Rob

On 16/05/14 17:52, Sean Mullan wrote:
> Looks ok to me. While you are in there, can you fix the typo a couple 
> lines above that:
>
> s/Retuns/Returns
>
> You also need to add an appropriate "noreg" label to the bug.
>
> --Sean
>
> On 05/16/2014 10:29 AM, Rob McKenna wrote:
>> Hi folks,
>>
>> The synopsis says it all really. There is an unsynchronized code path
>> from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store
>> codebase mappings. While this bug is extremely unlikely to manifest we
>> have a couple of reports of it in the wild.
>>
>> As you can see from the following webrev I'm simply syncing on the
>> WeakHashMap.
>>
>> http://cr.openjdk.java.net/~robm/8028627/webrev.01/
>>
>>      -Rob
>>



More information about the security-dev mailing list