Add method type checking

Gary Benson gbenson@redhat.com
Fri Mar 23 13:23:00 GMT 2007 

Hi all,

This commit adds checks during method lookups that ensure that the
argument types and the return type of the found method match those
expected by the calling method.  This defeats the attacks detailed
in
http://www.cis.upenn.edu/~bcpierce/courses/629/papers/Saraswat-javabug.html.

Cheers,
Gary
-------------- next part --------------
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 123155)
+++ ChangeLog	(working copy)
@@ -1,3 +1,9 @@
+2007-03-23  Gary Benson  <gbenson@redhat.com>
+
+	* link.cc (_Jv_Linker::resolve_method_entry):
+	Ensure that the argument types and the return type of the
+	found method match those expected by the calling method.
+
 2007-03-22  David Daney  <ddaney@avtrex.com>
 
 	PR libgcj/31228
Index: link.cc
===================================================================
--- link.cc	(revision 123155)
+++ link.cc	(working copy)
@@ -343,14 +343,6 @@
   
 
  end_of_method_search:
-
-  // FIXME: if (cls->loader != klass->loader), then we
-  // must actually check that the types of arguments
-  // correspond.  That is, for each argument type, and
-  // the return type, doing _Jv_FindClassFromSignature
-  // with either loader should produce the same result,
-  // i.e., exactly the same jclass object. JVMS 5.4.3.3    
-    
   if (the_method == 0)
     {
       java::lang::StringBuffer *sb = new java::lang::StringBuffer();
@@ -364,6 +356,40 @@
       throw new java::lang::NoSuchMethodError (sb->toString());
     }
 
+  // if (found_class->loader != klass->loader), then we
+  // must actually check that the types of arguments
+  // correspond.  That is, for each argument type, and
+  // the return type, doing _Jv_FindClassFromSignature
+  // with either loader should produce the same result,
+  // i.e., exactly the same jclass object. JVMS 5.4.3.3
+  if (found_class->loader != klass->loader)
+    {
+      JArray<jclass> *found_args, *klass_args;
+      jclass found_return, klass_return;
+
+      _Jv_GetTypesFromSignature (the_method,
+				 found_class,
+				 &found_args,
+				 &found_return);
+      _Jv_GetTypesFromSignature (the_method,
+				 klass,
+				 &klass_args,
+				 &klass_return);
+
+      jclass *found_arg = elements (found_args);
+      jclass *klass_arg = elements (klass_args);
+
+      for (int i = 0; i < found_args->length; i++)
+	{
+	  if (*(found_arg++) != *(klass_arg++))
+	    throw new java::lang::LinkageError (JvNewStringLatin1 
+	      ("argument type mismatch with different loaders"));
+	}
+      if (found_return != klass_return)
+	throw new java::lang::LinkageError (JvNewStringLatin1
+	  ("return type mismatch with different loaders"));
+    }
+  
   return the_method;
 }

More information about the Java-patches mailing list