[Bug classpath/25469] New: ServerSocket security checks incorrect

bug-classpath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug classpath/25469] New: ServerSocket security checks incorrect

From:	tromey at gcc dot gnu dot org
Subject:	[Bug classpath/25469] New: ServerSocket security checks incorrect
Date:	17 Dec 2005 23:44:15 -0000

Right now ServerSocket.accept does this:

    SecurityManager sm = System.getSecurityManager();
    if (sm != null)
      sm.checkAccept(impl.getInetAddress().getHostAddress(),
                     impl.getLocalPort());

This is wrong.  The check must use the remote host and port,
not the local one (which is not even set yet, at least in
classpath).

Instead the check should occur in implAccept or in the native
code.


-- 
           Summary: ServerSocket security checks incorrect
           Product: classpath
           Version: 0.20
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: classpath
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: tromey at gcc dot gnu dot org
OtherBugsDependingO 13603
             nThis:


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25469

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug classpath/25469] New: ServerSocket security checks incorrect, tromey at gcc dot gnu dot org <=

Prev by Date: [Bug libgcj/25434] Class org.omg.CORBA.UserException is missing
Next by Date: [Bug swing/25473] New: JFilerChooser doesn't work with an accessory set
Previous by thread: [Bug classpath/25434] New: Class org.omg.CORBA.UserException is missing
Next by thread: [Bug swing/25473] New: JFilerChooser doesn't work with an accessory set
Index(es):
- Date
- Thread