Minor com.sun.jndi.dns cleanup
Florian Weimer
fweimer at redhat.com
Mon Feb 17 16:22:36 UTC 2014
On 02/17/2014 04:43 PM, Florian Weimer wrote:
> This patch removes an unnecessary allocation from DnsClient and adds
> explicit detection for DNS label compression loops in ResourceRecord.
> Previously, the code relied on a StackOverflowError for exiting the
> parsing loop.
Mailman ate the attachment, so I put it up here:
<http://fweimer.fedorapeople.org/openjdk/jndi-dns-loop/>
Note that other implementations fixed this as CVE-2000-0333 a long time
ago, but due to the lack of tail call optimization and reliable stack
overflow detection, this is currently not a security vulnerability in
OpenJDK (not even an endless loop).
--
Florian Weimer / Red Hat Product Security Team
More information about the core-libs-dev
mailing list