On 17/02/2014 16:22, Florian Weimer wrote:
Mailman ate the attachment, so I put it up here:
<http://fweimer.fedorapeople.org/openjdk/jndi-dns-loop/>
Note that other implementations fixed this as CVE-2000-0333 a long
time ago, but due to the lack of tail call optimization and reliable
stack overflow detection, this is currently not a security
vulnerability in OpenJDK (not even an endless loop).
This looks good to me. I just wonder if InvalidNameException is the
right NamingException for this case. Would CommunicationException with
an IOException as cause be more suitable?
For the test then we need to add a @bug line with a bug for this (I'll
create a bug). A the test is a negative test then maybe ParsingErrors
might be be a better name.
-Alan.
