You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openjpa.apache.org by "Jody Grassel (JIRA)" <ji...@apache.org> on 2016/10/11 18:31:21 UTC
[jira] [Resolved] (OPENJPA-2672) ConfigurationImpl.loadGlobals()
has java.util.ConcurrentModificationException vulnerability
[ https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jody Grassel resolved OPENJPA-2672.
-----------------------------------
Resolution: Fixed
Fix Version/s: 3.0.0
2.2.3
> ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-2672
> URL: https://issues.apache.org/jira/browse/OPENJPA-2672
> Project: OpenJPA
> Issue Type: Bug
> Components: lib
> Affects Versions: 2.2.3
> Reporter: Jody Grassel
> Assignee: Jody Grassel
> Fix For: 2.2.3, 3.0.0
>
> Attachments: OPENJPA_22X-2672.patch
>
>
> The following block in the loadGlobals() method:
> // let system properties override other globals
> try {
> fromProperties(new HashMap(
> AccessController.doPrivileged(
> J2DoPrivHelper.getPropertiesAction())));
> retrieves a Properties object from System.getProperties(), which is passed to HashMap's ctor. The ctor interacts with an enumerator associated with the Properties object to populate the new HashMap instance. However, if another thread mutates the JVM's System Properties, it can result in a ConcurrentModificationException as observed below:
> Caused by: java.util.ConcurrentModificationException
> at java.util.Hashtable$Enumerator.next(Hashtable.java:1256)
> at java.util.HashMap.putAllForCreate(HashMap.java:566)
> at java.util.HashMap.<init>(HashMap.java:310)
> at org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)