Re: Bug in java.security.SecureClassLoader?

classpath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in java.security.SecureClassLoader?

From:	Mark Wielaard
Subject:	Re: Bug in java.security.SecureClassLoader?
Date:	13 Aug 2002 23:31:44 +0200

Hi,

On Tue, 2002-08-06 at 22:09, Philip Fong wrote:
> The behavior of java.security.SecureClassLoader seems to differ from
> that specified in Java 1.3.1 API spec.  According to the API spec,
> method defineClass(String, byte[], int, int, CodeSource) may
> optionally ignore the CodeSource argument if it is null.  In the
> 0.04 release, a null CodeSource will cause a NullPointerException
> inside getPermissions.  I checked with the cvs just now, and
> it looks like the problem has not been solved.  Attached is
> a small patch that fix this.  Is this the right way of doing
> it?
> 
> Also, the fix also remove the catching of ClassFormatError.  That
> error is raised if the classfile is corrupted, and IMHO such a serious
> error should propagate upward to the caller.  Am I understanding
> correctly?

Yes. The old behavior was clearly broken.
I applied this patch to CVS.

2002-08-13  Philip Fong <address@hidden>

    * java/security/SecureClassLoader.java (SecureClassLoader): Only
    create ProtectionDomain when CodeSource is not null. Don't catch and
    ignore ClassFormatError.

Thanks,

Mark

[Prev in Thread]

Current Thread

[Next in Thread]

Bug in java.security.SecureClassLoader?, Philip Fong, 2002/08/06
- Re: Bug in java.security.SecureClassLoader?, Mark Wielaard <=

Prev by Date: Re: [PATCH] doc cleanups to jni/java-io
Next by Date: Re: [Classpath] Re: Bug(s) in java.lang.String
Previous by thread: Bug in java.security.SecureClassLoader?
Next by thread: SableVM 1.0.1
Index(es):
- Date
- Thread