When I added the code to use PropertyUtils.getProperty in determining the root cause, I noticed it can cause an infinite loop.
// Extra aggressive rootCause finding do { try { rootCauseCheck = (Throwable)PropertyUtils.getProperty (rootCause, "rootCause"); if (rootCauseCheck!=null) rootCause = rootCauseCheck;
} catch (...) { rootCauseCheck = null; } } while (rootCauseCheck != null);
------------------------------------------ If we have a malicious user who does this: { ... ServletException e = new ServletException(); throw new ServletException(e); }
We can get a non-recursive infinite loop in the error handling logic.
Is this a cause for concern? I would guess so in shared environments but this is not a problem in tightly controlled (enterprise/private) environments.
Comments?
Yes, well, I had seen that flaw in the code. However, if there's a "malicious" user out there, he can just add while (true) { doSomethingStupid(); } in his code ;-) So I chose not to care about it.
Anyway, +1 to add a max recursion int (there are a few places that use this type of code).
Remy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
