[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
The aliasing error (Now right)
- To: java-threads@xxxxxxxxx
- Subject: The aliasing error (Now right)
- From: Oyvind Teig <Oyvind.Teig@xxxxxxxxxxxx>
- Date: Tue, 4 Feb 1997 08:35:56 +0100
- Alternate-recipient: Allowed
- X400-mts-identifier: [/PRMD=autronica/ADMD=TELEMAX/C=NO/;2067 97/02/04 08:35]
- X400-originator: Oyvind.Teig@xxxxxxxxxxxx
- X400-received: by mta autrd in /PRMD=autronica/ADMD=TELEMAX/C=NO/; Relayed; Tue, 4 Feb 1997 08:35:56 +0100
- X400-recipients: non-disclosure:;
4. Feb.1997
The aliasing error
I have studied the aliasing error again, trying to find out more
by studying hashCodes. I thought, maybe the name clash showed up
on the hashCodes? As expected (in retrospect) it didn't. Or,
I don't know how to have it show up.
Code attached.
Has Peter Welch reported this aliasing error to the Java Security group
at Princeton? It doesn't seem to have been discoved by them! Is it possible
to find a security-hole through this mechanism?
* Hashtable (this wasn't right in first sending 5 minutes ago, sorry!):
* The whole point is that they're all different.
* obj2.X = 20527592
* obj2 = 20527608
* obj1.X = 20527584
* obj1 = 20527600
Cheers, > 0yvind Teig, Autronica, Trondheim, Norway <
Oyvind > Oyvind.Teig@xxxxxxxxxxxx <
> Tel.: +47 73 58 12 68 <
> Fax.: +47 73 91 93 20 <
import java.util.*;
//{{{ class MyInteger
class MyInteger
{
int y;
public MyInteger (int v)
{
y = v;
}
public int Get ()
{
return (this.y);
}
public void Set (int v)
{
this.y = v;
}
}
//}}}
//{{{ class Store_X
class Store_X
{
MyInteger X; // Proper object, not just "int"
public Store_X (int v)
{
X = new MyInteger (v);
}
public Store_X (MyInteger V)
{
X = V;
}
public int hashCode_X ()
{
return (X.hashCode());
}
public static void Alias (Store_X x1, Store_X x2)
{
// Works ok:
// x1.X.Set (x1.X.Get() + (x2.X.Get() - x2.X.Get()));
x1.X.Set (x1.X.Get() + x2.X.Get());
x1.X.Set (x1.X.Get() - x2.X.Get());
}
}
//}}}
//{{{ class Alias_error
class Strange_alias {
Strange_alias (int a, int b)
{
MyInteger A = new MyInteger (a); // Let's try to instanciate it on the outside
MyInteger B = new MyInteger (b); // -"-
Store_X obj1 = new Store_X (A); // Store_X (a); Works just the same
Store_X obj2 = new Store_X (B); // Store_X (b); -"-
System.out.println ("Initially: obj2=" + obj2.X.Get() + " obj1 = " + obj1.X.Get());
Store_X.Alias (obj1, obj2);
System.out.println ("Different objects: obj2=" + obj2.X.Get() + " obj1 = " + obj1.X.Get());
Store_X.Alias (obj1, obj1);
System.out.println ("Same objects: obj2=" + obj2.X.Get() + " obj1 = " + obj1.X.Get());
//{{{ Hastable
Hashtable ht = new Hashtable();
{
ht.put ("obj2 ", new Integer (obj2.hashCode()));
ht.put ("obj1 ", new Integer (obj1.hashCode()));
ht.put ("obj2.X ", new Integer (obj2.hashCode_X()));
//ht.put ("B ", new Integer (B.hashCode())); // Same as line above
ht.put ("obj1.X ", new Integer (obj1.hashCode_X()));
//ht.put ("A ", new Integer (A.hashCode())); // Same as line above
// Too messy:
// System.out.println (" Hashtable: " + ht.toString() + "\n");
System.out.println ("\nHashtable:");
Enumeration elements = ht.elements();
Enumeration keys = ht.keys();
while (elements.hasMoreElements())
{
System.out.println (" " + keys.nextElement() + " = " + elements.nextElement());
}
}
//}}}
}
}
//}}}
//{{{ class Alias_n with main
//{{{ Doc
/**
* Aliasing error in Java, study of hashCode (=physical address of object).
*
* The purpose of this program is to use the Java hashCode to exploit the
* aliasing error that P.Welch has pointed out.
* His example uses an int that is used in a simple formula: <B>x = x + (a - a)</B>
* to prove that the result is either <B>x</B> (correct) or <B>0</B> (wrong).
* A simple int has no hashCode.
* I have read that the hashCode is in fact the physical address of the object.
* Instead of an int, this program uses the class MyInteger, which does
* have a hashCode.
* The same aliasing error arises here as in Welch's original program.
* <B>The example below really shows that the aliasing error is a Java naming
* problem, the objects pointed to do have different hashCodes, as expected.
* In all cases, the aliasing error is present.</B>
* <PRE> </PRE>
* <B>Has Peter Welch reported this aliasing error to the Java Security group
* at Princeton? It doesn't seem to have been discoved by them! Is it possible
* to find a security-hole through this mechanism?</B>
* <PRE>
* Output dump (with Store_X method hashCode overridden):
* .
* Aliasing error in Java
* Study of hashCode (=physical address of object)
* Peter Welch, UKC (orig) and Oyvind Teig, Autronica (hashCode)
* 4.Feb.1997
* .
* Initially: obj2=2 obj1 = 1
* Different objects: obj2=2 obj1 = 1
* Same objects: obj2=2 obj1 = 0
* .
* Hashtable:
* obj2.X = 20527592
* obj2 = 20527608
* obj1.X = 20527584
* obj1 = 20527600
* </PRE>
*
* @author Peter Welch, UKC (orig) and Xyvind Teig, Autronica (hashCode)
* @version 1.0 -- 4.Feb.1997
*/
//}}}
public class Alias_n
{
public static void main (String argv [])
{
System.out.println ("\nAliasing error in Java");
System.out.println (" Study of hashCode (=physical address of object)");
System.out.println ("Peter Welch, UKC (orig) and Oyvind Teig, Autronica (hashCode)");
System.out.println ("4.Feb.1997\n");
Strange_alias test = new Strange_alias (1, 2);
}
}
//}}}