Discussion:
Infinite loop in jdk/test/sun/management/windows/revokeall
Jonathan Gibbons
2018-10-01 14:56:56 UTC
Permalink
I'm guessing serviceability-dev is a better place for this message.

-- Jon
Hello guys,
the revokeall utility has an infinite loop in its revokeAll method.
while (count > 0) {
if (((ACCESS_ALLOWED_ACE *)ace)->Header.AceType !=
ACCESS_ALLOWED_ACE_TYPE) {
     continue;
}
which loops forever if the condition is met. Note that the “count”
if (((ACCESS_ALLOWED_ACE *)ace)->Header.AceType !=
ACCESS_ALLOWED_ACE_TYPE) {
     count--;
     continue;
}
I checked the OpenJDK 8, 9 and 10, the bug is in all versions.
Thanks ahead for the fix,
Lada Jahoda
JC Beyler
2018-10-01 16:43:08 UTC
Permalink
Hi,

Should we not be also incrementing i to get the next Ace? Otherwise, we are
always getting the same one and probably just waiting till the count is 0
which would terminate the loop (if that is what we want, why not just
break?).

Thanks,
Jc
Post by Jonathan Gibbons
I'm guessing serviceability-dev is a better place for this message.
-- Jon
Hello guys,
the revokeall utility has an infinite loop in its revokeAll method. Please
while (count > 0) {
if (((ACCESS_ALLOWED_ACE *)ace)->Header.AceType !=
ACCESS_ALLOWED_ACE_TYPE) {
continue;
}
which loops forever if the condition is met. Note that the “count” counter
if (((ACCESS_ALLOWED_ACE *)ace)->Header.AceType !=
ACCESS_ALLOWED_ACE_TYPE) {
count--;
continue;
}
I checked the OpenJDK 8, 9 and 10, the bug is in all versions.
Thanks ahead for the fix,
Lada Jahoda
--
Thanks,
Jc
Alan Bateman
2018-10-02 18:35:16 UTC
Permalink
Post by JC Beyler
Hi,
Should we not be also incrementing i to get the next Ace? Otherwise,
we are always getting the same one and probably just waiting till the
count is 0 which would terminate the loop (if that is what we want,
why not just break?).
Thanks,
Jc
An alternative is to replace the revokeall tool in the test suite with
test infrastructure that uses the new file system API. There is support
for editing ACLs which I think should be enough to drop the entries that
the runtime looks as part of its check to ensure that password file is
secure.

-Alan

Loading...