Minor com.sun.jndi.dns cleanup

Alan Bateman Alan.Bateman at oracle.com
Mon Feb 17 19:47:16 UTC 2014

On 17/02/2014 16:22, Florian Weimer wrote:
> Mailman ate the attachment, so I put it up here:
> <http://fweimer.fedorapeople.org/openjdk/jndi-dns-loop/>
> Note that other implementations fixed this as CVE-2000-0333 a long 
> time ago, but due to the lack of tail call optimization and reliable 
> stack overflow detection, this is currently not a security 
> vulnerability in OpenJDK (not even an endless loop).
This looks good to me.  I just wonder if InvalidNameException is the 
right NamingException for this case. Would CommunicationException with 
an IOException as cause be more suitable?

For the test then we need to add a @bug line with a bug for this (I'll 
create a bug).  A the test is a negative test then maybe ParsingErrors 
might be be a better name.


More information about the core-libs-dev mailing list