Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64465

Race condition on setSecurityRealm

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:
    • Released As:
      2.272

      Description

      If Jenkins#setSecurityRealm is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

      Jenkins#setSecurityRealm calls filter.reset(), HudsonFilter#reset is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

      The effect of this race condition is the wrong auth filter being registered.

        Attachments

          Activity

          amuniz Antonio Muñiz created issue -
          amuniz Antonio Muñiz made changes -
          Field Original Value New Value
          Description If `Jenkins#setSecurityRealm` is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

          `Jenkins#setSecurityRealm` calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], `HudsonFilter#reset` is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

          The effect of this race condition is the wrong auth filter being registered.
          If {{Jenkins#setSecurityRealm}} is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

          `Jenkins#setSecurityRealm` calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], `HudsonFilter#reset` is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

          The effect of this race condition is the wrong auth filter being registered.
          amuniz Antonio Muñiz made changes -
          Description If {{Jenkins#setSecurityRealm}} is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

          `Jenkins#setSecurityRealm` calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], `HudsonFilter#reset` is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

          The effect of this race condition is the wrong auth filter being registered.
          If {{Jenkins#setSecurityRealm}} is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

          {{Jenkins#setSecurityRealm}} calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], {{HudsonFilter#reset}} is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

          The effect of this race condition is the wrong auth filter being registered.
          amuniz Antonio Muñiz made changes -
          Assignee Antonio Muñiz [ amuniz ]
          amuniz Antonio Muñiz made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          markewaite Mark Waite made changes -
          Released As 2.272
          Resolution Fixed [ 1 ]
          Status In Progress [ 3 ] Resolved [ 5 ]
          markewaite Mark Waite made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            Assignee:
            amuniz Antonio Muñiz
            Reporter:
            amuniz Antonio Muñiz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: