hg: jdk7/tl/jdk: 6852607: MessageUtils JVM crash

2009-06-25 Thread langel
Changeset: 5a3a5388756c Author:langel Date: 2009-06-25 17:01 -0400 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/5a3a5388756c 6852607: MessageUtils JVM crash Summary: Fixes crash by checking null field Reviewed-by: alanb ! src/share/native/sun/misc/MessageUtils.c

Re: MessageUtils JVM crash

2009-06-18 Thread Lillian Angel
Alan Bateman wrote: Marc Schoenefeld wrote: : Even if there is a security manager, you need still to make sure that no privileged code (having access rights to sun.*) forwards tainted data to the vulnerable sun.* functions. Until 2007 you could use the sun.misc.MessageUtils.toStderr bug to reli

Re: MessageUtils JVM crash

2009-06-18 Thread Alan Bateman
Marc Schoenefeld wrote: : Even if there is a security manager, you need still to make sure that no privileged code (having access rights to sun.*) forwards tainted data to the vulnerable sun.* functions. Until 2007 you could use the sun.misc.MessageUtils.toStderr bug to reliably crash OpenOff

Re: MessageUtils JVM crash

2009-06-17 Thread Marc Schoenefeld
Hi Alan, Alan Bateman wrote: > I wasn't at the RSA conference in 2003 so it wasn't me :-) It may > be that the attacks involved calling sun.* APIs directly, something > that you can't do if there is a security manager. The XSLT issue is > more significant and I'm pretty sure that specific issu

Re: MessageUtils JVM crash

2009-06-17 Thread Alan Bateman
Marc Schoenefeld wrote: Hi, originally I wrote a fuzzing tool to test all native functions in jdk131 , then gave a list of the results to the Sun representatives at RSA conference 2003. Unfortunately I never received any reaction to this bug report, nor were the bugs fixed. So I put the bugs in

Re: MessageUtils JVM crash

2009-06-16 Thread Marc Schoenefeld
Hi, originally I wrote a fuzzing tool to test all native functions in jdk131 , then gave a list of the results to the Sun representatives at RSA conference 2003. Unfortunately I never received any reaction to this bug report, nor were the bugs fixed. So I put the bugs in a drawer, but used the cha

Re: MessageUtils JVM crash

2009-06-16 Thread Lillian Angel
Alan Bateman wrote: Lillian Angel wrote: Hi, I opened a bug report about a JVM crash. Test case and patch are attached. https://bugs.openjdk.java.net/show_bug.cgi?id=100074 Cheers, Lillian Out of curiosity, how did you run into this? Just wondering if there is somewhere in the JDK that do

Re: MessageUtils JVM crash

2009-06-16 Thread Alan Bateman
Lillian Angel wrote: Hi, I opened a bug report about a JVM crash. Test case and patch are attached. https://bugs.openjdk.java.net/show_bug.cgi?id=100074 Cheers, Lillian Out of curiosity, how did you run into this? Just wondering if there is somewhere in the JDK that does call it with null

MessageUtils JVM crash

2009-06-16 Thread Lillian Angel
Hi, I opened a bug report about a JVM crash. Test case and patch are attached. https://bugs.openjdk.java.net/show_bug.cgi?id=100074 Cheers, Lillian