harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Harley (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (HARMONY-204) java.util.jar.JarFile should throw Security Exception when getInputStream from a jar file in which the content of main attributes in manifest has been tampered
Date Tue, 04 Apr 2006 12:08:44 GMT
     [ http://issues.apache.org/jira/browse/HARMONY-204?page=all ]
     
George Harley resolved HARMONY-204:
-----------------------------------

    Resolution: Fixed

Hi Richard, 

Updated patch fixes the exceptions seen yesterday, thanks. New tests pass against both the
latest Harmony and the 5.0 RI.  

Changes committed in SVN revision 391283. Please could you verify that these have been applied
as expected. 

Many thanks, 
George

> java.util.jar.JarFile should throw Security Exception when getInputStream from a jar
file in which the content of main attributes in manifest has been tampered
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>          Key: HARMONY-204
>          URL: http://issues.apache.org/jira/browse/HARMONY-204
>      Project: Harmony
>         Type: Bug

>   Components: Classlib
>     Reporter: Richard Liang
>     Assignee: George Harley
>  Attachments: Modified_Manifest_MainAttributes.jar, harmony204.updated.zip, harmony204.zip
>
> According to the new feature in JAR File Specification for java 5.0, .SF signature file
which verifies the manifest has a new algorithm-Digest-Manifest-Main-Attributes entry which
verifies the main attributes of the manifest. If the main attributes are tampered, harmony
will not throw security exception while RI 5.0 will.
> The followging test case will demonstrate this issue.
> public void test_JarFile_Modified_Manifest_EntryAttributes()
> 			throws IOException {
> 		JarFile jarFile = null;
>               String path = URLDecoder.decode(this.getClass().getResource(".").getPath(),
> 				"UTF-8");              
> 		String fileName = path + "/Modified_Manifest_EntryAttributes.jar";
> 		jarFile = new JarFile(fileName, true);
> 		JarEntry jarEntry = jarFile.getJarEntry("META-INF/MANIFEST.MF");
> 		try {
> 			jarFile.getInputStream(jarEntry);
> 			fail("should throw Security Excetpion");
> 		} catch (SecurityException e) {
> 			// desired
> 		}		
> 	}

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message