Loading...

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 1.4.0
Affects Version/s: 1.3.0
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
beta
CPU:

generic
OS:

generic

Name: tb29552 Date: 12/08/99

java version "1.2.2"
Classic VM (build JDK-1.2.2-W, native threads, symcjit)

Also observed in:

java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-Q)
Java HotSpot(TM) Client VM (build 1.3-P, interpreted mode)

This is a re-submission of 4181502 with a complete set of sources to
reproduce the problem.

A StackOverFlowerror occurs with JDK 1.2.2 on Windows NT 4.0, JDK 1.2.2 with
Hotspot on Solaris, but not with JDK 1.2.1 on Windows NT, and not with JDK
1.2.2 without Hotspot on Solaris. The error also occurs with JDK 1.3 Beta on
Windows NT.

Here's a complete set of source code to reproduce the error:
-------------------------------------------------------------------
script.policy:

grant codeBase "script:/-" {
permission java.security.AllPermission;
};
grant codeBase "file:/-" {
permission java.security.AllPermission;
};
-------------------------------------------------------------------
AdapterMain.java:

public class AdapterMain {
    public static void main(String[] args) {}
}
-------------------------------------------------------------------
protocol/script/Handler.java:

package protocol.script;

import java.net.URL;
import java.net.URLStreamHandler;
import java.net.URLConnection;
import java.io.IOException;

/**
* This class is used to fool the URL class into thinking that a
* script protocol actually exists. It is necessary to create a
* bogus script protocol in order to load the script security
* permissions from the policy file.
*/
public class Handler extends URLStreamHandler {
  public synchronized URLConnection openConnection(URL u)
    throws IOException
  {
    throw new IllegalStateException("attempted to open script connection");
  }
}

-------------------------------------------------------------------
protocol/script/Factory.java:

package protocol.script;

import java.net.URLStreamHandlerFactory;
import java.net.URLStreamHandler;

/**
* This class is used to fool the URL class into thinking that a
* script protocol actually exists. It is necessary to create a
* bogus script protocol in order to load the script security
* permissions from the policy file.
*/
public class Factory implements URLStreamHandlerFactory {
  public URLStreamHandler createURLStreamHandler(String protocol) {
      if (protocol.equals("script"))
return new Handler();
      else
return null;
  }
}
-------------------------------------------------------------------
NT environemnt:

set CLASSPATH=.
set JAVA_HOME=d:\jdk1.2.2
set PATH=%JAVA_HOME%\bin;%PATH%
-------------------------------------------------------------------
Command line:

d:\jdk1.2.2\bin\java -Djava.security.manager -
Djava.security.policy=script.policy -Djava.protocol.handler.pkgs=protocol
AdapterMain
-------------------------------------------------------------------

Make sure script.policy is found in the CLASSPATH (current directory).
Otherwise, it will be silently ignored, and the bug does not trigger.

Here's the stack dump:

java.lang.StackOverflowError

... many repeating lines deleted ...
        at java.net.URL.<init>(URL.java:496)
        at java.net.URL.<init>(URL.java:364)
        at java.net.URL.<init>(URL.java:308)
        at sun.security.provider.PolicyFile.getCodeSource(PolicyFile.java:586)
        at sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:608)
        at sun.security.provider.PolicyFile.init(PolicyFile.java:528)
        at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:334)
        at sun.security.provider.PolicyFile.access$0(PolicyFile.java:296)
        at sun.security.provider.PolicyFile$1.run(PolicyFile.java:236)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.provider.PolicyFile.init(PolicyFile.java:234)
        at sun.security.provider.PolicyFile.<init>(PolicyFile.java:124)
        at java.lang.Class.newInstance0(Native Method)
        at java.lang.Class.newInstance(Class.java:241)
        at java.security.Policy.getPolicyNoCheck(Policy.java:153)
        at java.security.SecureClassLoader.getPermissions(SecureClassLoader.java
:121)
        at java.net.URLClassLoader.getPermissions(URLClassLoader.java:386)
        at sun.misc.Launcher$AppClassLoader.getPermissions(Launcher.java:294)
        at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader
.java:145)
        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:10
1)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
        at java.net.URLClassLoader.access$1(URLClassLoader.java:216)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:191)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:290)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
        at java.net.URL.getURLStreamHandler(URL.java:924)
        at java.net.URL.<init>(URL.java:496)
       at java.net.URL.<init>(URL.java:364)
       at java.net.URL.<init>(URL.java:308)
       at sun.security.provider.PolicyFile.getCodeSource(PolicyFile.java:586)
       at sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:608)
       at sun.security.provider.PolicyFile.init(PolicyFile.java:528)
       at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:334)
       at sun.security.provider.PolicyFile.access$0(PolicyFile.java:296)
       at sun.security.provider.PolicyFile$1.run(PolicyFile.java:236)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.security.provider.PolicyFile.init(PolicyFile.java:234)
       at sun.security.provider.PolicyFile.<init>(PolicyFile.java:124)
       at java.lang.Class.newInstance0(Native Method)
       at java.lang.Class.newInstance(Class.java:241)
       at java.security.Policy.getPolicyNoCheck(Policy.java:153)
       at java.security.SecureClassLoader.getPermissions(SecureClassLoader.java
121)
       at java.net.URLClassLoader.getPermissions(URLClassLoader.java:386)
       at sun.misc.Launcher$AppClassLoader.getPermissions(Launcher.java:294)
       at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader
java:145)
       at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:10
)
       at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
       at java.net.URLClassLoader.access$1(URLClassLoader.java:216)
       at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(URLClassLoader.java:191)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:290)
       at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
(Review ID: 98703)
======================================================================

Details

Description

Attachments

Activity

People

Dates