Bug 1481103
Summary: | NullPointerException when setting org.ietf.jgss.ChannelBinding without InetAddresses in GSSContext | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Josef Cacek <jcacek> | ||||||||||
Component: | java-1.8.0-ibm | Assignee: | jiri vanek <jvanek> | ||||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> | ||||||||||
Severity: | urgent | Docs Contact: | |||||||||||
Priority: | unspecified | ||||||||||||
Version: | 7.3 | CC: | bugproxy, hannsj_uhl, jjarvis, jvanek, mchoma, thoger, zzambers | ||||||||||
Target Milestone: | rc | Keywords: | Patch | ||||||||||
Target Release: | 7.5 | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2018-03-21 16:46:15 UTC | Type: | Bug | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | |||||||||||||
Bug Blocks: | 1399177 | ||||||||||||
Attachments: |
|
Description
Josef Cacek
2017-08-14 06:10:30 UTC
(In reply to Josef Cacek from comment #0) ... > > > Version-Release number of selected component (if applicable): > java version "1.8.0" > Java(TM) SE Runtime Environment (build pxa6480sr4fp6-20170518_02(SR4 FP6)) > IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References > 20170516_348050 (JIT enabled, AOT enabled) > J9VM - R28_20170516_1905_B348050 > JIT - tr.r14.java_20170516_348050 > GC - R28_20170516_1905_B348050_CMPRSS > J9CL - 20170516_348050) > JCL - 20170516_01 based on Oracle jdk8u131-b11 > . Hello Red Hat / Josef, by chance ... do you have maybe the possibility to retest this bugzilla with the most current IBM Java 8 SR4 FP10 as now available from https://developer.ibm.com/javasdk/downloads/sdk8/ ...? Please advise ... Thanks in advance for your support. I see the same issue with the newest Java jcacek@jcacek:~/projects/wildfly/wildfly-core/testsuite/elytron$ java -version java version "1.8.0" Java(TM) SE Runtime Environment (build pxa6480sr4fp10-20170727_01(SR4 FP10)) IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170722_357405 (JIT enabled, AOT enabled) J9VM - R28_20170722_0201_B357405 JIT - tr.r14.java_20170722_357405 GC - R28_20170722_0201_B357405_CMPRSS J9CL - 20170722_357405) JCL - 20170726_01 based on Oracle jdk8u144-b01 ------- Comment From chavez.com 2017-08-15 16:28 EDT------- A problem report has been raised with IBM Java L3. Will keep y'all posted on the status. ------- Comment From chavez.com 2017-08-16 18:45 EDT------- Java L3 attempted to reproduce the problem but has run into the following maven errors. I don't think the particular developer has much experience with maven so would appreciate help getting past this roadblock. ---- I tried to recreate the issue which you had mentioned , however I am getting the following errors during my recreate. [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 0.134 s [INFO] Finished at: 2017-08-16T17:01:39+05:30 [INFO] Final Memory: 80M/512M [INFO] ------------------------------------------------------------------------ [ERROR] The goal you specified requires a project to execute but there is no POM in this directory (/data/subbu/pmr/00957/wildfly-core/testsuite/elytron/target/surefire-reports). Please verify you invoked Maven from the correct directory. -> [Help 1] org.apache.maven.lifecycle.MissingProjectException: The goal you specified requires a project to execute but there is no POM in this directory (/data/subbu/pmr/00957/wildfly-core/testsuite/elytron/target/surefire-reports). Please verify you invoked Maven from the correct directory. at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:84) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107) at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993) at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345) at org.apache.maven.cli.MavenCli.main(MavenCli.java:191) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:508) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) [ERROR] [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MissingProjectException mvn command must be run in directory where pom.xml file is located. Just keep reproducer steps strictly and run mvn commands in directories wildfly-core or testsuite/elytron respectively. ------- Comment From chavez.com 2017-08-18 13:15 EDT------- A request from Java L3: Can you please send the JGSS traces while enabling the following flags: -Dcom.ibm.security.jgss.debug=all -Dcom.ibm.security.krb5.Krb5Debug=all Please also send a copy of the java.security file. Created attachment 1316678 [details]
bz-1481103-reproducer.zip
I'm attaching a very simplified reproducer. It just works with an existing credential cache. I'll attach also its output with debug options enabled as the next attachment.
The steps to use it (read included README.md for more details):
# Get a kerberos ticket
kinit yourKerberosName
# Check the credential cache file path
# search for Ticket cache line in the output of klist
klist
# Run the reproducer and use the credential cache file path as krb5cc.path system property
mvn install exec:java -Dkrb5cc.path=/path/to/krb5cc_xxx
Created attachment 1316682 [details]
bz-1481103-reproducer.log
Created attachment 1316683 [details]
java.security
------- Comment From chavez.com 2017-08-25 10:03 EDT------- Thank you for the testcase. I was out of the office earlier this week due to a family emergency so I posted the update to the Java L3 problem ticket yesterday and this was the reply today: Thanks for the code. Unfortunately, I wasn't able to reproduce the problem by using my local cache. Maybe I need to modify something here in my lab, but that's why I need to see the JGSS trace, to check what configs are they using. So, please ask them to send me the JGSS trace showing the NPE. Thanks! The trace is already in this attachment: https://bugzilla.redhat.com/attachment.cgi?id=1316682 If the Docker image would help to show you the issue, I could prepare one. ------- Comment From chavez.com 2017-08-31 18:03 EDT------- Update yesterday from Java L3: Thanks for the information. I'll investigate the trace and let you know what's happening. Created attachment 1324306 [details]
ibmjgssprovider.jar testfix
------- Comment on attachment From chavez.com 2017-09-10 19:47 EDT-------
Update from Java L3:
We were able to reproduce the issue with the customer's testcase.
Can you ask the customer to move the original ibmjgssprovider.jar to a location completely outside of the classpath, and replace it with this modified version attached to see if it fixes the issue in their environment?
Thanks!
The provided JAR patches the NPE in channel-binding for me. It resolves the problem in both my usecases - the simple reproducer and the JBoss EAP Kerberos tests. ------- Comment From chavez.com 2017-09-15 09:30 EDT------- Update from Java L3 (I will be monitoring the APAR a few weeks from now for updates to share): We created APAR IJ00028 to address this issue. We take 3-6 weeks to close the APARs. After that, you'll see which versions will include the fix. I believe the versions that will include the fix will be available by the end of October or within the first two weeks of November. However, this is just an estimate. Please let me know if you have any other questions. (In reply to IBM Bug Proxy from comment #16) > ------- Comment From chavez.com 2017-09-15 09:30 EDT------- > Update from Java L3 (I will be monitoring the APAR a few weeks from now for > updates to share): > > We created APAR IJ00028 to address this issue. > We take 3-6 weeks to close the APARs. After that, you'll see which versions > will include the fix. > I believe the versions that will include the fix will be available by the > end of October or within the first two weeks of November. However, this is > just an estimate. > Please let me know if you have any other questions. . fyi ... APAR IJ00028 is now closed (see http://www-01.ibm.com/support/docview.wss?uid=swg1IJ00028 ...) as follows: " Problem conclusion Updated the Krb5ChannelBinding(ChannelBinding) ctor to allow NULL initiator and acceptor host addresses. The associated RTC PR is 135339 The associated Austin CMVC defect is 117715 The associated Austin APAR is IJ00028 JVMs affected : Java 8, 7, and 6 The fix was delivered for: Java 8 SR5 FP5, Java 7 SR10 FP15, Java 727 SR4 FP15, Java 6 SR16 FP55, Java 626 SR8 FP55 The affected jars: ibmjgssprovider.jar The build level of this jar for the affected releases is "20171010" " ... Hello Red Hat / Josef or Jiri, ... with IBM Java 8 SR5 FP5 available on RHN since 11/27/2017 (see https://access.redhat.com/errata/RHSA-2017:3264 ...) please verify as soon as possible whether this bugzilla is resolved ... Thanks in advance for your support. I can confirm I don't see issue on latest java [1] Thank you [1] java -version java version "1.8.0_151" Java(TM) SE Runtime Environment (build 8.0.5.6 - pxa6480sr5fp6-20171124_02(SR5 FP6)) IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64 Compressed References 20171122_371101 (JIT enabled, AOT enabled) OpenJ9 - 8e3c85d OMR - 713f08e IBM - c041ee8) JCL - 20171113_01 based on Oracle jdk8u151-b12 PASSED on 1.8.0.5.10, which is currently being shipped on rhel-7: java version "1.8.0_161" Java(TM) SE Runtime Environment (build 8.0.5.10 - pxa6480sr5fp10-20180214_01(SR5 FP10)) IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64 Compressed References 20180208_378436 (JIT enabled, AOT enabled) OpenJ9 - 39bb844 OMR - c04ccb2 IBM - 2321a81) JCL - 20180209_01 based on Oracle jdk8u161-b12 closing |