[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cp-patches] FYI: Patch java.lang.ClassLoader
From: |
Jeroen Frijters |
Subject: |
RE: [cp-patches] FYI: Patch java.lang.ClassLoader |
Date: |
Mon, 11 Oct 2004 16:58:56 +0200 |
Jeroen Frijters wrote:
> Archie Cobbs wrote:
> > Jeroen Frijters wrote:
> > > I committed the attached patch to implement the
> > > SecurityManager.checkPackageDefinition() security check.
> >
> > Just checking.. can this be subverted by the same trick mentioned
> > before, i.e., using '/' instead of '.' in the class name?
>
> Not if the VM does its job. VMClassLoader.defineClass() is supposed to
> check that the class file name matches the name in the class
> definition.
Oops. That reminds me, the name can be null at this point, so the call
to checkPackageDefinition should be inside the VM :-(
I reverted my previous patch.
Regards,
Jeroen
2004-10-11 Jeroen Frijters <address@hidden>
* java/lang/ClassLoader.java
(defineClass(String,byte[],int,int,ProtectionDomain)):
Reverted previous commit.
UndoClassLoader.patch
Description: UndoClassLoader.patch