You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openjpa.apache.org by "Francesco Chicchiriccò (JIRA)" <ji...@apache.org> on 2017/01/03 07:37:59 UTC
[jira] [Closed] (OPENJPA-2672) ConfigurationImpl.loadGlobals() has
java.util.ConcurrentModificationException vulnerability
[ https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francesco Chicchiriccò closed OPENJPA-2672.
-------------------------------------------
Bulk close for 2.4.2
> ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-2672
> URL: https://issues.apache.org/jira/browse/OPENJPA-2672
> Project: OpenJPA
> Issue Type: Bug
> Components: lib
> Affects Versions: 2.2.3, 2.4.1
> Reporter: Jody Grassel
> Assignee: Jody Grassel
> Fix For: 2.2.3, 2.4.2, 3.0.0
>
> Attachments: OPENJPA_22X-2672.patch
>
>
> The following block in the loadGlobals() method:
> // let system properties override other globals
> try {
> fromProperties(new HashMap(
> AccessController.doPrivileged(
> J2DoPrivHelper.getPropertiesAction())));
> retrieves a Properties object from System.getProperties(), which is passed to HashMap's ctor. The ctor interacts with an enumerator associated with the Properties object to populate the new HashMap instance. However, if another thread mutates the JVM's System Properties, it can result in a ConcurrentModificationException as observed below:
> Caused by: java.util.ConcurrentModificationException
> at java.util.Hashtable$Enumerator.next(Hashtable.java:1256)
> at java.util.HashMap.putAllForCreate(HashMap.java:566)
> at java.util.HashMap.<init>(HashMap.java:310)
> at org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)