Bug ID: JDK-8031466 LdapCtx does not check if java.naming.ldap.factory.socket refers to a SocketFactory

Oracle Technology Network
Java
Java SE
Community
Bug Database

JDK-8031466 : LdapCtx does not check if java.naming.ldap.factory.socket refers to a SocketFactory

Type: Bug
Component: core-libs
Sub-Component: javax.naming
Affected Version: 8

Priority: P4
Status: Closed
Resolution: Duplicate

Submitted: 2014-01-10
Updated: 2025-01-17
Resolved: 2025-01-17

Related Reports

Duplicate :

JDK-8048175 - Remove redundant use of reflection on core classes from JNDI

Description

com.sun.jndi.ldap.LdapCtx accepts a user customizable socket factory setting through the "java.naming.ldap.factory.socket" environment property. This property should be assigned a class name which extends SocketFactory. However, this is not always checked, and the user can simply provide a non SocketFactory class as long as it includes the correct method names.

Comments

The JDK-8048175 change removed redundant use of reflection from the Connection class in Java 9, and as a part of this change only named socket factory classes extending SocketFactory are accepted.

17-01-2025