Marc Schoenefeld wrote:
Hi,
originally I wrote a fuzzing tool to test all native functions in jdk131
, then gave a list of the results to the Sun representatives at RSA
conference 2003.
Unfortunately I never received any reaction to this bug report, nor were
the bugs fixed. So I put the bugs in a drawer, but used the chance to
write a fix
for OpenJDK.
Setting the parameter to null could allow an attacker to conduct denial
of service attacks:
-
http://www.blackhat.com/presentations/win-usa-03/bh-win-03-schoenfeld.pdf
or
- http://seclists.org/bugtraq/2003/Sep/0270.html
I wasn't at the RSA conference in 2003 so it wasn't me :-) It may be
that the attacks involved calling sun.* APIs directly, something that
you can't do if there is a security manager. The XSLT issue is more
significant and I'm pretty sure that specific issue was fixed a few
years ago.
As regards sun.misc.MessageUtils, I don't see any problem fixing this. I
notice the return from NewStringUTF isn't checked. Unfortunately this
(very old) code is also missing checks for the calls to GetStringChars
and malloc. Also, I assume that the additional \0 isn't needed.
-Alan.
