[OPENJPA-2672] ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.3, 2.4.1
Fix Version/s: 2.2.3, 2.4.2, 3.0.0
Component/s: lib
Labels:
None

Description

The following block in the loadGlobals() method:

// let system properties override other globals
try {
fromProperties(new HashMap(
AccessController.doPrivileged(
J2DoPrivHelper.getPropertiesAction())));

retrieves a Properties object from System.getProperties(), which is passed to HashMap's ctor. The ctor interacts with an enumerator associated with the Properties object to populate the new HashMap instance. However, if another thread mutates the JVM's System Properties, it can result in a ConcurrentModificationException as observed below:

Caused by: java.util.ConcurrentModificationException
at java.util.Hashtable$Enumerator.next(Hashtable.java:1256)
at java.util.HashMap.putAllForCreate(HashMap.java:566)
at java.util.HashMap.<init>(HashMap.java:310)
at org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OPENJPA_22X-2672.patch
10/Oct/16 16:44
1 kB
Jody Grassel

Activity

People

Assignee:: Jody Grassel

Reporter:: Jody Grassel

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Oct/16 16:42

Updated:: 03/Jan/17 07:37

Resolved:: 06/Nov/16 20:38