[rfc][icedtea-web] Fix NPE on Applet launch due to missing AppletStub
Adam Domurad
adomurad at redhat.com
Wed Aug 7 07:36:14 PDT 2013
On 08/06/2013 05:12 PM, Jacob Wisor wrote:
> Hello there!
>
>> @@ -716,6 +717,7 @@ public class Launcher {
>> String appletName = file.getApplet().getMainClass();
>> Class appletClass = loader.loadClass(appletName);
>> Applet applet = (Applet) appletClass.newInstance();
>> + applet.setStub((AppletStub)cont);
>
> You may want to catch a possible SecurityException in case the AppletStub has already been set. Malicious code may attach to the JVM process executing the Launcher and try either to replace the AppletStub or render the Launcher effectively inoperable by intentionally causing an unhandled SecurityException every time a specific applet or any applet is run and hence terminate the attacked JVM.
>
I don't think so. setAppletStub is a public final method that we can
always make use of, since we will have necessary permissions here.
There is nothing malicious about trying to set your own AppletStub
before we do.
Regards,
-Adam
> Regards,
> Jacob
>
>> // Finish setting up appletInstance.
>> appletInstance.setApplet(applet);
>> appletInstance.getAppletEnvironment().setApplet(applet);
>
> "Adam Domurad"<adomurad at xxxxxxxxxx> wrote:
>> Hi all. There is a problem that sometimes a showStatus() on an applet
>> results in an NPE on applet load, due to a missing AppletStub. This
>> patch sets it to NetxPanel (the container) as soon as possible.
>>
>> This helps stabilize a test case I'm working on.
>>
>> Cheers,
>> -Adam
More information about the distro-pkg-dev
mailing list