Bug in java.security.SecureClassLoader?

classpath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug in java.security.SecureClassLoader?

From:	Philip Fong
Subject:	Bug in java.security.SecureClassLoader?
Date:	Tue, 6 Aug 2002 13:09:03 -0700 (PDT)

Hi

The behavior of java.security.SecureClassLoader seems to differ from
that specified in Java 1.3.1 API spec.  According to the API spec,
method defineClass(String, byte[], int, int, CodeSource) may
optionally ignore the CodeSource argument if it is null.  In the
0.04 release, a null CodeSource will cause a NullPointerException
inside getPermissions.  I checked with the cvs just now, and
it looks like the problem has not been solved.  Attached is
a small patch that fix this.  Is this the right way of doing
it?

Also, the fix also remove the catching of ClassFormatError.  That
error is raised if the classfile is corrupted, and IMHO such a serious
error should propagate upward to the caller.  Am I understanding
correctly?

Philip

--
Philip W. L. Fong            address@hidden
The Aegis VM Project         http://aegisvm.sourceforge.net

The Aegis VM Project is an on-going effort to implement a lightweight,
secure JVM.  It will eventually feature a modular architecture, Proof
Linking, that supports pluggable verification modules.

patch
Description: patch

[Prev in Thread]

Current Thread

[Next in Thread]

Bug in java.security.SecureClassLoader?, Philip Fong <=
- Re: Bug in java.security.SecureClassLoader?, Mark Wielaard, 2002/08/13

Prev by Date: [PATCH] doc cleanups to jni/java-io
Next by Date: SableVM 1.0.1
Previous by thread: [PATCH] doc cleanups to jni/java-io
Next by thread: Re: Bug in java.security.SecureClassLoader?
Index(es):
- Date
- Thread