MessageUtils JVM crash (original) (raw)

Alan Bateman Alan.Bateman at Sun.COM
Wed Jun 17 08:11:28 UTC 2009

• Previous message: MessageUtils JVM crash
• Next message: MessageUtils JVM crash
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Marc Schoenefeld wrote:

Hi,

originally I wrote a fuzzing tool to test all native functions in jdk131 , then gave a list of the results to the Sun representatives at RSA conference 2003. Unfortunately I never received any reaction to this bug report, nor were the bugs fixed. So I put the bugs in a drawer, but used the chance to write a fix for OpenJDK. Setting the parameter to null could allow an attacker to conduct denial of service attacks: - http://www.blackhat.com/presentations/win-usa-03/bh-win-03-schoenfeld.pdf or - http://seclists.org/bugtraq/2003/Sep/0270.html I wasn't at the RSA conference in 2003 so it wasn't me :-) It may be that the attacks involved calling sun.* APIs directly, something that you can't do if there is a security manager. The XSLT issue is more significant and I'm pretty sure that specific issue was fixed a few years ago.

As regards sun.misc.MessageUtils, I don't see any problem fixing this. I notice the return from NewStringUTF isn't checked. Unfortunately this (very old) code is also missing checks for the calls to GetStringChars and malloc. Also, I assume that the additional \0 isn't needed.

-Alan.

• Previous message: MessageUtils JVM crash
• Next message: MessageUtils JVM crash
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the core-libs-dev mailing list