Re: AbstractILFactory bug?

2017-02-06 Thread Peter
Hmm well spotted, better report that one :) Cheers, Peter. Sent from my Samsung device.     Include original message Original message From: "Michał Kłeczek (XPro Sp. z o. o.)" Sent: 06/02/2017 07:51:20 pm To: dev@river.apache.org Subject: Re: AbstractILFactory bug? I'

Re: AbstractILFactory bug?

2017-02-06 Thread Michał Kłeczek (XPro Sp. z o. o.)
ctILFactory. Cheers, Peter. Sent from my Samsung device. Include original message Original message From: "Michał Kłeczek (XPro Sp. z o. o.)" Sent: 06/02/2017 05:06:32 pm To: dev@river.apache.org Subject: AbstractILFactory bug? I have just found this piece of code in Abstract

Re: AbstractILFactory bug?

2017-02-06 Thread Michał Kłeczek (XPro Sp. z o. o.)
not checking it would allow an attacker to bypass the check using AbstractILFactory. Cheers, Peter. Sent from my Samsung device. Include original message Original message From: "Michał Kłeczek (XPro Sp. z o. o.)" Sent: 06/02/2017 05:06:32 pm To: dev@river.apache.org S

Re: AbstractILFactory bug?

2017-02-06 Thread Peter
evice.     Include original message Original message From: "Michał Kłeczek (XPro Sp. z o. o.)" Sent: 06/02/2017 05:06:32 pm To: dev@river.apache.org Subject: AbstractILFactory bug? I have just found this piece of code in AbstractILFactory: Class[] interfaces = getProxyInterfaces(impl);

AbstractILFactory bug?

2017-02-05 Thread Michał Kłeczek (XPro Sp. z o. o.)
I have just found this piece of code in AbstractILFactory: Class[] interfaces = getProxyInterfaces(impl); ... for (int i = 0; i < interfaces.length; i++) { Util.checkPackageAccess(interfaces[i].getClass()); } So we check "java.lang" package access. A bug? Thanks, Michal