Bug 1251935 - Preserving mechanism of original hostnames in SSLSocketImpl fails
Preserving mechanism of original hostnames in SSLSocketImpl fails
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: java-1.6.0-openjdk (Show other bugs)
6.6
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Andrew John Hughes
Lukas Zachar
:
Depends On: CVE-2015-2625
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-10 07:10 EDT by Takeshi Nishimura
Modified: 2016-05-10 16:30 EDT (History)
3 users (show)

See Also:
Fixed In Version: java-1.6.0-openjdk-1.6.0.37-1.13.9.0.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-10 16:30:21 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch (5.35 KB, patch)
2015-08-10 07:10 EDT, Takeshi Nishimura
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
openjdk bug system JDK-8132662 None None None Never
openjdk bug system JDK-8133196 None None None Never

  None (edit)
Description Takeshi Nishimura 2015-08-10 07:10:06 EDT
Created attachment 1061012 [details]
Proposed patch

Description of problem:
As described in
https://bugs.openjdk.java.net/browse/JDK-8132662
, sslSession.getPeerHost() is broken in recent OpenJDK packages.
With my further investigation, InetAddressHolder.originalHostName is not initialized properly in various situations.

Proposed patch is attached.

Version-Release number of selected component (if applicable):
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1
Comment 1 Andrew John Hughes 2015-08-14 15:48:58 EDT
Taking this one as it relates to the last security update.
Comment 2 Takeshi Nishimura 2015-08-21 06:52:34 EDT
I'd like to submit this patch to JDK-8133196 but I don't know how to sign up.
Comment 3 Andrew John Hughes 2015-08-21 16:14:15 EDT
Their bug database is weird in that it only allows those with commit access to OpenJDK to use it.

I suggest posting the patch to the net-dev mailing list:

http://mail.openjdk.java.net/mailman/listinfo/net-dev
Comment 4 Takeshi Nishimura 2015-10-17 04:27:33 EDT
JDK-8133196 was fixed so the fix will be carried in later versions.
Comment 5 Andrew John Hughes 2015-10-21 22:27:47 EDT
This has just now been made public:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/64ac5b0b4b9e

Expect it to appear in the January security update.
Comment 6 Andrew John Hughes 2015-11-09 21:03:11 EST
This isn't specific to a particular RHEL version, so switching it to the better supported RHEL 6 series.
Comment 11 errata-xmlrpc 2016-05-10 16:30:21 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0788.html

Note You need to log in before you can comment on or make changes to this bug.