[PATCH] full bytecode verification

Edouard G. Parmelan kaffe@rufus.w3.org
Fri, 3 Aug 2001 19:00:22 +0200


On Fri, Aug 03, 2001 at 03:10:00AM +0300, sluncho@mirizma.org wrote:

> The current Kaffe bytecode verification code can verify only the
> basic Java types. It does not properly handle reference types and
> arrays of references. The lack of full bytecode verification
> allows an attacker to circumvent all Java security.
> 
> Attached is a patch that adds full bytecode verification to Kaffe.
> The patch applies cleanly to the CVS code from Aug 03, 2001 and
> can be easily applied to Kaffe 1.0.6 manualy (one hunk fails
> because of whitespace)
> 
> It was written by Dr. Joel Jones <jjones@uiuc.edu> for Kaffe 0.9.2
> and ported to the 1.0.6 and the latest CVS version by me.
> 
> The patch has been tested on Linux/i386 and Solaris/Sparc.
> 
> We would appreciate any feedback and additional testing results.

On On Fri, Jun 04, 1999 at 08:33:56AM +0200, Matthias Urlichs reports
that ``Unknown classes generate errors even when the class is never
needed''

> If a class conditionally requires another class which is unknown, Java
> should cause an exception only when that class is actually required,
> not when loading the class.
> 
> This is important when running applets which conditionally use classes
> for specific browsers.
>
> How-To-Repeat:
> 
> ====================== HelloWorldApp.java
> import test.foo;
> class HelloWorldApp {
>       public static void main (String args[]) {
>               test.foo xxx = new test.foo();
>               System.out.println("Hello World!");
>               xxx.foof();
>       }
> }
> ====================== test/foo.java
> package test;
> import test.bar;
> public class foo 
> {
> 
>     public foo()
>     { x_foof = false; }
>       public void foof() {
>               if (x_foof) {
>                       System.out.println("do Bar");
>                       test.bar baa = new test.bar(); x_foof =
>                       baa.baab();
>               } else
>                       System.out.println("no Bar needed");
>       }
> 
>     boolean x_foof;
> }
> ====================== test/bar.java
> 
> package test;
> public class bar
> {
>       public bar() {}
>       public boolean baab() { return true; }
> }
> ======================
> 
> Compile all three, then remove test/bar.class.
> 
> Expected output:
> Hello World!
> no Bar needed
> 
> Actual output:
> Hello World!
> java.lang.NoClassDefFoundError: test/bar

This was fixed (I don't remember when).

I think your verifier patch will break it again :-(
-- 
Edouard G. Parmelan
http://egp.free.fr