[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cp-patches] Patch: remove bogus ServerSocket security check
From: |
Mark Wielaard |
Subject: |
Re: [cp-patches] Patch: remove bogus ServerSocket security check |
Date: |
Sat, 31 Dec 2005 12:42:50 +0100 |
Hi Anthony,
On Mon, 2005-12-26 at 19:05 -0800, Anthony Green wrote:
> This patch removes a bogus security check from ServerSocket.accept(),
> and replaces it with a request to implement a proper check. Once
> applied I will file a bug report for our records.
>
> 2005-12-26 Anthony Green <address@hidden>
>
> * java/net/ServerSocket.java (accept): Remove bogus
> security check.
It is clear the current check is wrong since we check on the SocketImpl
of the ServerSocket and not the Socket that accept would return. But
wouldn't the correct security check just be to move this check just
after implAccept(socket) and then do the exact same check on the just
created socket?
Gary, do we have Mauve tests for this case already?
Cheers,
Mark
signature.asc
Description: This is a digitally signed message part