[rfc][icedtea-web] Fix NPE on Applet launch due to missing AppletStub

Jiri Vanek jvanek at redhat.com
Wed Sep 4 01:13:49 PDT 2013


On 09/03/2013 04:33 PM, Jiri Vanek wrote:
> On 08/07/2013 04:36 PM, Adam Domurad wrote:
>> On 08/06/2013 05:12 PM, Jacob Wisor wrote:
>>> Hello there!
>>>
>>>> @@ -716,6 +717,7 @@ public class Launcher {
>>>> String appletName = file.getApplet().getMainClass();
>>>> Class appletClass = loader.loadClass(appletName);
>>>> Applet applet = (Applet) appletClass.newInstance();
>>>> + applet.setStub((AppletStub)cont);
>>>
>>> You may want to catch a possible SecurityException in case the AppletStub has already been set.
>>> Malicious code may attach to the JVM process executing the Launcher and try either to replace the
>>> AppletStub or render the Launcher effectively inoperable by intentionally causing an unhandled
>>> SecurityException every time a specific applet or any applet is run and hence terminate the
>>> attacked JVM.
>>>
>>
>> I don't think so. setAppletStub is a public final method that we can always make use of, since we
>> will have necessary permissions here.
>> There is nothing malicious about trying to set your own AppletStub before we do.
>>
>> Regards,
>> -Adam
>>
>>> Regards,
>>> Jacob
>>>
>>>> // Finish setting up appletInstance.
>>>> appletInstance.setApplet(applet);
>>>> appletInstance.getAppletEnvironment().setApplet(applet);
>>>
>>> "Adam Domurad"<adomurad at xxxxxxxxxx> wrote:
>>>> Hi all. There is a problem that sometimes a showStatus() on an applet
>>>> results in an NPE on applet load, due to a missing AppletStub. This
>>>> patch sets it to NetxPanel (the container) as soon as possible.
>>>>
>>>> This helps stabilize a test case I'm working on.
>>>>
>>>> Cheers,
>>>> -Adam
>>
>
>
> I'm o  with it as it is. I'm not sure if Adam is able of push anymore, if not, I will push at the
> end of the week.

Confirmed :(

I'm going to push this.;




More information about the distro-pkg-dev mailing list