Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8018864 | 7u45 | Dan Xu | P3 | Closed | Fixed | b01 |
JDK-8016355 | 7u40 | Dan Xu | P3 | Closed | Fixed | b30 |
JDK-8042948 | 6u85 | Ivan Gerasimov | P3 | Resolved | Fixed | b01 |
Description
FULL PRODUCT VERSION :
java version " 1.7.0_07 "
Java(TM) SE Runtime Environment (build 1.7.0_07-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
java.io.File.createTempFile() can enter into an infinite loop if passed bad
arguments. Rather than entering an infinite loop, it should throw an
Exception to indicate that bad arguments had been passed.
This potentially could result in a denial of service - suppose some program
provides a way to vary the arguments passed to createTempFile() -
admittedly not good practice, and possibly a securtiy issue in itself - but suppose
such a program existed, one could cause it to enter an infinite loop by
providing bad arguments.
createTempFile() should check its arguments for directory separators
(i.e. / or \)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Compile the program provided below with javac
2) Run the program with java
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
createTempFile() should throw an exception to indicate bad arguments were passed
ACTUAL -
Enters an infinite loop and never returns
ERROR MESSAGES/STACK TRACES THAT OCCUR :
No error message
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
public class BugRepo {
public static void main(String[] args) throws Exception {
java.io.File.createTempFile( " ///../// " , " ///..///.. " );
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
If one is concerned about this, wrap File.createTempFile() in a wrapper
which checks the validity of its arguments.
java version " 1.7.0_07 "
Java(TM) SE Runtime Environment (build 1.7.0_07-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
java.io.File.createTempFile() can enter into an infinite loop if passed bad
arguments. Rather than entering an infinite loop, it should throw an
Exception to indicate that bad arguments had been passed.
This potentially could result in a denial of service - suppose some program
provides a way to vary the arguments passed to createTempFile() -
admittedly not good practice, and possibly a securtiy issue in itself - but suppose
such a program existed, one could cause it to enter an infinite loop by
providing bad arguments.
createTempFile() should check its arguments for directory separators
(i.e. / or \)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Compile the program provided below with javac
2) Run the program with java
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
createTempFile() should throw an exception to indicate bad arguments were passed
ACTUAL -
Enters an infinite loop and never returns
ERROR MESSAGES/STACK TRACES THAT OCCUR :
No error message
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
public class BugRepo {
public static void main(String[] args) throws Exception {
java.io.File.createTempFile( " ///../// " , " ///..///.. " );
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
If one is concerned about this, wrap File.createTempFile() in a wrapper
which checks the validity of its arguments.
Attachments
Issue Links
- backported by
-
JDK-8042948 java.io.File.createTempFile enters infinite loop when passed invalid data
- Resolved
-
JDK-8016355 java.io.File.createTempFile enters infinite loop when passed invalid data
- Closed
-
JDK-8018864 java.io.File.createTempFile enters infinite loop when passed invalid data
- Closed