zlib & java

From: Darren Reed (avalonat_private)
Date: Tue Mar 12 2002 - 07:29:25 PST

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow"

Previous message: Neil W Rickert: "Re: security problem fixed in zlib 1.1.4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Back in Java 1.1, zlibc was visibly part of the source tree for java.
More recent versions of Java seem to make the java.util.zip from .java
files but use a JNI (Java Native Interface) for the actual implementation.
e.g. there's a class called:
java.util.zip.GZIPIntupStream

Does anyone know what the implications of this are?  The real issue here
appears to be what sort of memory management (malloc/free) java uses for
the JNI code.  (I've neither had the time to test or look more deeply
into this.)  If a native malloc/free is being used (as opposed to the
standard java object management), is the sandbox at risk here?

Well, aside from meaning we need a new jar for java.util.zip if the zlib
code there is buggy :)

Darren

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow"
Previous message: Neil W Rickert: "Re: security problem fixed in zlib 1.1.4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 11:26:10 PST