You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2010/12/07 13:04:09 UTC

[jira] Updated: (SANTUARIO-251) Concurrency problem on incomplete Init.init() calls

     [ https://issues.apache.org/jira/browse/SANTUARIO-251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh updated SANTUARIO-251:
------------------------------------------

    Fix Version/s: Java 1.4.4
         Assignee:     (was: XML Security Developers Mailing List)

> Concurrency problem on incomplete Init.init() calls
> ---------------------------------------------------
>
>                 Key: SANTUARIO-251
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-251
>             Project: Santuario
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: Java 1.4.2
>         Environment: Operating System: Windows XP
> Platform: PC
>            Reporter: oliver.moehrke
>            Priority: Critical
>             Fix For: Java 1.4.4
>
>
> The static method Init.init() is synchronized and therefore protected against calling it by more than one thread at a time. It is also protected against accidentally calling it more than once. But it is not protected against an incomplete initialization:
> Imagine the two threads T1 and T2.
> Inside Init.init() the line "_alreadyInitialized = true;" is at the beginning of the method, when only some variables have been set, but the initialization process is not fully completed.
> If T1 successfully entered Init.init() but is suspended by the scheduler just after processing the line "_alreadyInitialized = true;" this will cause concurrency problems for T2.
> Because T1 already set "_alreadyInitialized" to "true", T2 can use the unsynchronized method Init.isInitialized() to check if an initialization is needed. Unfortunately T2 will get the result "true" and therefore skips the call to Init.init() and directly goes to check a signature via XMLSginature.checkSignatureValue(X509Certificate).
> Because of the incomplete initialization this will lead to some very strange exceptions. In our case the exception misses some entries of the ResourceBundle...
> To fix this issue, the line "_alreadyInitialized = true;" should be the last line of Init.init().

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.