Skip to content

X509Certificate objects have uninitialized native field #23869

New issue
New issue
Open
Open
X509Certificate objects have uninitialized native field#23869
Assignees
whesse
Labels
P3A lower priority bug or feature requestarea-vmUse area-vm for VM related issues, including code coverage, and the AOT and JIT backends.library-iotype-enhancementA request for a change that isn't a bug
@whesse

Description

@whesse
whesse
opened on Jul 20, 2015

The private constructor X509Certificate._() creates an object with an uninitialized native field, and the member functions of that object dereference that field. This is safe because the only function that calls that constructor also initializes the native field. Even if we initialized it to NULL in the constructor, the methods will still have a null dereference. We could check the field against NULL in every method , and throw an exception, but this should never happen. The only way it could happen is for someone to use mirrors to access the private constructor, and make the object.

To avoid a security problem, we can initialize the field to NULL, but this requires a new native function.

@kustermann @sgjesse @whesse

Metadata

Metadata

Assignees

Labels

P3A lower priority bug or feature requestarea-vmUse area-vm for VM related issues, including code coverage, and the AOT and JIT backends.library-iotype-enhancementA request for a change that isn't a bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions