RFR(S): 8038233 : Fix unsafe strcpy in Java_sun_tools_attach_{Aix, Bsd, Linux}VirtualMachine_connect() (original) (raw)

Volker Simonis volker.simonis at gmail.com
Thu Mar 27 18:08:51 UTC 2014

• Previous message: RFR (JAXP): 8035437: Xerces Update: xml/serialize/DOMSerializerImpl
• Next message: RFR(S): 8038233 : Fix unsafe strcpy in Java_sun_tools_attach_{Aix, Bsd, Linux}VirtualMachine_connect()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

a security audit for the PPC64/AIX port revealed an unsecure useage of 'strcpy' in Java_sun_tools_attach_AixVirtualMachine_connect(). Because the same coding is also used in the Linux and BSD implementations, the following change fixes them all together:

http://cr.openjdk.java.net/~simonis/webrevs/8038233/ https://bugs.openjdk.java.net/browse/JDK-8038233

Compiled and tested (with the com/sun/jdi, com/sun/tools/attach, com/sun/management and sun/management JTreg tests) on Linux, MacOS X and AIX.

Please notice that this fix is also intended for backporting tu 8u.

Thank you and best regards, Volker

• Previous message: RFR (JAXP): 8035437: Xerces Update: xml/serialize/DOMSerializerImpl
• Next message: RFR(S): 8038233 : Fix unsafe strcpy in Java_sun_tools_attach_{Aix, Bsd, Linux}VirtualMachine_connect()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the core-libs-dev mailing list