RFR(S): 8038233 : Fix unsafe strcpy in Java_sun_tools_attach_{Aix, Bsd, Linux}VirtualMachine_connect()
Volker Simonis
volker.simonis at gmail.com
Thu Mar 27 18:08:51 UTC 2014
Hi,
a security audit for the PPC64/AIX port revealed an unsecure useage of
'strcpy' in Java_sun_tools_attach_AixVirtualMachine_connect(). Because
the same coding is also used in the Linux and BSD implementations, the
following change fixes them all together:
http://cr.openjdk.java.net/~simonis/webrevs/8038233/
https://bugs.openjdk.java.net/browse/JDK-8038233
Compiled and tested (with the com/sun/jdi, com/sun/tools/attach,
com/sun/management and sun/management JTreg tests) on Linux, MacOS X
and AIX.
Please notice that this fix is also intended for backporting tu 8u.
Thank you and best regards,
Volker
More information about the serviceability-dev
mailing list