You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@harmony.apache.org by Boris Kuznetsov <bo...@gmail.com> on 2006/09/04 15:10:23 UTC
[classlib][security] Exception compatibility
Usually Harmony behavior is compared with RI behavior. But in security
area RI behavior depends on provider. With different providers RI
behave differently.
For example, RI passes incorrect method arguments to provider. In such
cases provider may throw exception (e.g. DigestException or
IllegalArgumentException) or some RuntimeException (e.g.
ArrayIndexOutOfBoundsException) may be thrown during the execution.
Here is example.
There are number of methods with arguments like (byte[] buf, int
offset, int len). RI doesn't check if offset and len are negative but
Harmony does, so we have difference in behavior (see Harmony-1120,
1148): on combination RI + provider application gets provider specific
exception, but on Harmony + provider - IllegalArgumentException (as in
other invalid parameters cases).
So we have two options:
1. Fix Harmony (remove negative parameters checks)
2. Don't fix. Throw IllegalArgumentException for invalid parameters.
Document as non-bug difference from RI.
Note, specification doesn't describe implementation behavior for
invalid arguments, but RI also throws IllegalArgumentException if
ofsset+len > buf.length. So throwing of IllegalArgumentException in
Harmony can't break any application.
I suggest option 2.
Thoughts?
Thanks,
Boris
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org
Re: [classlib][security] Exception compatibility
Posted by Andrew Zhang <zh...@gmail.com>.
On 9/4/06, Boris Kuznetsov <bo...@gmail.com> wrote:
>
> Usually Harmony behavior is compared with RI behavior. But in security
> area RI behavior depends on provider. With different providers RI
> behave differently.
>
> For example, RI passes incorrect method arguments to provider. In such
> cases provider may throw exception (e.g. DigestException or
> IllegalArgumentException) or some RuntimeException (e.g.
> ArrayIndexOutOfBoundsException) may be thrown during the execution.
> Here is example.
>
> There are number of methods with arguments like (byte[] buf, int
> offset, int len). RI doesn't check if offset and len are negative but
> Harmony does, so we have difference in behavior (see Harmony-1120,
> 1148): on combination RI + provider application gets provider specific
> exception, but on Harmony + provider - IllegalArgumentException (as in
> other invalid parameters cases).
>
> So we have two options:
> 1. Fix Harmony (remove negative parameters checks)
> 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> Document as non-bug difference from RI.
>
> Note, specification doesn't describe implementation behavior for
> invalid arguments, but RI also throws IllegalArgumentException if
> ofsset+len > buf.length. So throwing of IllegalArgumentException in
> Harmony can't break any application.
>
> I suggest option 2.
I like option1. Why not just pass all parameters to provider as RI, and let
the provider determine the behaviour?
Thoughts?
>
> Thanks,
> Boris
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>
--
Andrew Zhang
China Software Development Lab, IBM
Re: [classlib][security] Exception compatibility
Posted by Mikhail Loenko <ml...@gmail.com>.
let's talk about it on a different thread
2006/9/5, Denis Kishenko <dk...@gmail.com>:
> By the way, people what do you think about HARMONY-1110?
>
> Problem is we have to reproduce behavior of pattern parser without
> specification. There is only one example in Java doc which doesn't
> allow understand when pattern is incorrect.
>
> 2006/9/5, Denis Kishenko <dk...@gmail.com>:
> > Boris thank you for your question. I asked myself the same question
> > and choose the same answer as you. Unfortunately as people wrote above
> > we were wrong and they are reasonable.
> >
> > I have already written patch for HARMONY-1120 to follow RI behavior.
> >
> > 2006/9/5, Stepan Mishura <st...@gmail.com>:
> > > On 9/4/06, Boris Kuznetsov wrote:
> > > >
> > > > Usually Harmony behavior is compared with RI behavior. But in security
> > > > area RI behavior depends on provider. With different providers RI
> > > > behave differently.
> > > >
> > > > For example, RI passes incorrect method arguments to provider. In such
> > > > cases provider may throw exception (e.g. DigestException or
> > > > IllegalArgumentException) or some RuntimeException (e.g.
> > > > ArrayIndexOutOfBoundsException) may be thrown during the execution.
> > > > Here is example.
> > > >
> > > > There are number of methods with arguments like (byte[] buf, int
> > > > offset, int len). RI doesn't check if offset and len are negative but
> > > > Harmony does, so we have difference in behavior (see Harmony-1120,
> > > > 1148): on combination RI + provider application gets provider specific
> > > > exception, but on Harmony + provider - IllegalArgumentException (as in
> > > > other invalid parameters cases).
> > > >
> > > > So we have two options:
> > > > 1. Fix Harmony (remove negative parameters checks)
> > > > 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> > > > Document as non-bug difference from RI.
> > >
> > >
> > > Hi, Boris.
> > >
> > > We agreed to be exceptions-compatible with RI so we would have chosen the
> > > first option. But I think that the first option is not suitable. I'll try to
> > > explain why. I have a look at MessageDigest.java and mentioned JIRAs: so
> > > there are 4 cases when parameters are invalid and an implementation has to
> > > check if:
> > > 1) buf - is null
> > > 2) offset < 0
> > > 3) len < 0
> > > 4) offset + len > buf's len
> > >
> > > The first option means that we have to remove 2 and 3 checks. And leave 1
> > > and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is
> > > only valid if offset and len params are correct. IMO chosing the first
> > > option is copying inconsistent behaviour. So I vote for the second option.
> > >
> > > Thanks,
> > > Stepan.
> > >
> > > Note, specification doesn't describe implementation behavior for
> > > > invalid arguments, but RI also throws IllegalArgumentException if
> > > > ofsset+len > buf.length. So throwing of IllegalArgumentException in
> > > > Harmony can't break any application.
> > > >
> > > > I suggest option 2.
> > > > Thoughts?
> > > >
> > > > Thanks,
> > > > Boris
> > > >
> > > > ------------------------------------------------------
> > > Terms of use : http://incubator.apache.org/harmony/mailing.html
> > > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> > > For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> > >
> > >
> >
> >
> > --
> > Denis M. Kishenko
> > Intel Middleware Products Division
> >
>
>
> --
> Denis M. Kishenko
> Intel Middleware Products Division
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org
Re: [classlib][security] Exception compatibility
Posted by Denis Kishenko <dk...@gmail.com>.
By the way, people what do you think about HARMONY-1110?
Problem is we have to reproduce behavior of pattern parser without
specification. There is only one example in Java doc which doesn't
allow understand when pattern is incorrect.
2006/9/5, Denis Kishenko <dk...@gmail.com>:
> Boris thank you for your question. I asked myself the same question
> and choose the same answer as you. Unfortunately as people wrote above
> we were wrong and they are reasonable.
>
> I have already written patch for HARMONY-1120 to follow RI behavior.
>
> 2006/9/5, Stepan Mishura <st...@gmail.com>:
> > On 9/4/06, Boris Kuznetsov wrote:
> > >
> > > Usually Harmony behavior is compared with RI behavior. But in security
> > > area RI behavior depends on provider. With different providers RI
> > > behave differently.
> > >
> > > For example, RI passes incorrect method arguments to provider. In such
> > > cases provider may throw exception (e.g. DigestException or
> > > IllegalArgumentException) or some RuntimeException (e.g.
> > > ArrayIndexOutOfBoundsException) may be thrown during the execution.
> > > Here is example.
> > >
> > > There are number of methods with arguments like (byte[] buf, int
> > > offset, int len). RI doesn't check if offset and len are negative but
> > > Harmony does, so we have difference in behavior (see Harmony-1120,
> > > 1148): on combination RI + provider application gets provider specific
> > > exception, but on Harmony + provider - IllegalArgumentException (as in
> > > other invalid parameters cases).
> > >
> > > So we have two options:
> > > 1. Fix Harmony (remove negative parameters checks)
> > > 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> > > Document as non-bug difference from RI.
> >
> >
> > Hi, Boris.
> >
> > We agreed to be exceptions-compatible with RI so we would have chosen the
> > first option. But I think that the first option is not suitable. I'll try to
> > explain why. I have a look at MessageDigest.java and mentioned JIRAs: so
> > there are 4 cases when parameters are invalid and an implementation has to
> > check if:
> > 1) buf - is null
> > 2) offset < 0
> > 3) len < 0
> > 4) offset + len > buf's len
> >
> > The first option means that we have to remove 2 and 3 checks. And leave 1
> > and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is
> > only valid if offset and len params are correct. IMO chosing the first
> > option is copying inconsistent behaviour. So I vote for the second option.
> >
> > Thanks,
> > Stepan.
> >
> > Note, specification doesn't describe implementation behavior for
> > > invalid arguments, but RI also throws IllegalArgumentException if
> > > ofsset+len > buf.length. So throwing of IllegalArgumentException in
> > > Harmony can't break any application.
> > >
> > > I suggest option 2.
> > > Thoughts?
> > >
> > > Thanks,
> > > Boris
> > >
> > > ------------------------------------------------------
> > Terms of use : http://incubator.apache.org/harmony/mailing.html
> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> >
> >
>
>
> --
> Denis M. Kishenko
> Intel Middleware Products Division
>
--
Denis M. Kishenko
Intel Middleware Products Division
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org
Re: [classlib][security] Exception compatibility
Posted by Denis Kishenko <dk...@gmail.com>.
Boris thank you for your question. I asked myself the same question
and choose the same answer as you. Unfortunately as people wrote above
we were wrong and they are reasonable.
I have already written patch for HARMONY-1120 to follow RI behavior.
2006/9/5, Stepan Mishura <st...@gmail.com>:
> On 9/4/06, Boris Kuznetsov wrote:
> >
> > Usually Harmony behavior is compared with RI behavior. But in security
> > area RI behavior depends on provider. With different providers RI
> > behave differently.
> >
> > For example, RI passes incorrect method arguments to provider. In such
> > cases provider may throw exception (e.g. DigestException or
> > IllegalArgumentException) or some RuntimeException (e.g.
> > ArrayIndexOutOfBoundsException) may be thrown during the execution.
> > Here is example.
> >
> > There are number of methods with arguments like (byte[] buf, int
> > offset, int len). RI doesn't check if offset and len are negative but
> > Harmony does, so we have difference in behavior (see Harmony-1120,
> > 1148): on combination RI + provider application gets provider specific
> > exception, but on Harmony + provider - IllegalArgumentException (as in
> > other invalid parameters cases).
> >
> > So we have two options:
> > 1. Fix Harmony (remove negative parameters checks)
> > 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> > Document as non-bug difference from RI.
>
>
> Hi, Boris.
>
> We agreed to be exceptions-compatible with RI so we would have chosen the
> first option. But I think that the first option is not suitable. I'll try to
> explain why. I have a look at MessageDigest.java and mentioned JIRAs: so
> there are 4 cases when parameters are invalid and an implementation has to
> check if:
> 1) buf - is null
> 2) offset < 0
> 3) len < 0
> 4) offset + len > buf's len
>
> The first option means that we have to remove 2 and 3 checks. And leave 1
> and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is
> only valid if offset and len params are correct. IMO chosing the first
> option is copying inconsistent behaviour. So I vote for the second option.
>
> Thanks,
> Stepan.
>
> Note, specification doesn't describe implementation behavior for
> > invalid arguments, but RI also throws IllegalArgumentException if
> > ofsset+len > buf.length. So throwing of IllegalArgumentException in
> > Harmony can't break any application.
> >
> > I suggest option 2.
> > Thoughts?
> >
> > Thanks,
> > Boris
> >
> > ------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>
--
Denis M. Kishenko
Intel Middleware Products Division
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org
Re: [classlib][security] Exception compatibility
Posted by Stepan Mishura <st...@gmail.com>.
On 9/4/06, Boris Kuznetsov wrote:
>
> Usually Harmony behavior is compared with RI behavior. But in security
> area RI behavior depends on provider. With different providers RI
> behave differently.
>
> For example, RI passes incorrect method arguments to provider. In such
> cases provider may throw exception (e.g. DigestException or
> IllegalArgumentException) or some RuntimeException (e.g.
> ArrayIndexOutOfBoundsException) may be thrown during the execution.
> Here is example.
>
> There are number of methods with arguments like (byte[] buf, int
> offset, int len). RI doesn't check if offset and len are negative but
> Harmony does, so we have difference in behavior (see Harmony-1120,
> 1148): on combination RI + provider application gets provider specific
> exception, but on Harmony + provider - IllegalArgumentException (as in
> other invalid parameters cases).
>
> So we have two options:
> 1. Fix Harmony (remove negative parameters checks)
> 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> Document as non-bug difference from RI.
Hi, Boris.
We agreed to be exceptions-compatible with RI so we would have chosen the
first option. But I think that the first option is not suitable. I'll try to
explain why. I have a look at MessageDigest.java and mentioned JIRAs: so
there are 4 cases when parameters are invalid and an implementation has to
check if:
1) buf - is null
2) offset < 0
3) len < 0
4) offset + len > buf's len
The first option means that we have to remove 2 and 3 checks. And leave 1
and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is
only valid if offset and len params are correct. IMO chosing the first
option is copying inconsistent behaviour. So I vote for the second option.
Thanks,
Stepan.
Note, specification doesn't describe implementation behavior for
> invalid arguments, but RI also throws IllegalArgumentException if
> ofsset+len > buf.length. So throwing of IllegalArgumentException in
> Harmony can't break any application.
>
> I suggest option 2.
> Thoughts?
>
> Thanks,
> Boris
>
> ------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org
Re: [classlib][security] Exception compatibility
Posted by Boris Kuznetsov <bo...@gmail.com>.
BC provider throws the same exceptions as SUN provider
(at least for standard digest alg. names: SHA, MD2, MD5, SHA-256,
SHA-384, SHA-512).
But what about other third party providers?
On 9/5/06, Mikhail Loenko <ml...@gmail.com> wrote:
> IMHO we should look from the perspective of migrating the apps.
>
> So let's try to make behavior of "Harmony + BC provider" close
> to "Sun + Sun's provider"
>
> If without the checks the combination Harmony+BC works similar to
> Sun+Sun's provider, then let's remove the checks. Otherwise let's
> keep it to make the behavior at least logical.
>
> Thanks,
> Mikhail
>
>
> 2006/9/4, Boris Kuznetsov <bo...@gmail.com>:
> > Usually Harmony behavior is compared with RI behavior. But in security
> > area RI behavior depends on provider. With different providers RI
> > behave differently.
> >
> > For example, RI passes incorrect method arguments to provider. In such
> > cases provider may throw exception (e.g. DigestException or
> > IllegalArgumentException) or some RuntimeException (e.g.
> > ArrayIndexOutOfBoundsException) may be thrown during the execution.
> > Here is example.
> >
> > There are number of methods with arguments like (byte[] buf, int
> > offset, int len). RI doesn't check if offset and len are negative but
> > Harmony does, so we have difference in behavior (see Harmony-1120,
> > 1148): on combination RI + provider application gets provider specific
> > exception, but on Harmony + provider - IllegalArgumentException (as in
> > other invalid parameters cases).
> >
> > So we have two options:
> > 1. Fix Harmony (remove negative parameters checks)
> > 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> > Document as non-bug difference from RI.
> >
> > Note, specification doesn't describe implementation behavior for
> > invalid arguments, but RI also throws IllegalArgumentException if
> > ofsset+len > buf.length. So throwing of IllegalArgumentException in
> > Harmony can't break any application.
> >
> > I suggest option 2.
> > Thoughts?
> >
> > Thanks,
> > Boris
> >
> > ---------------------------------------------------------------------
> > Terms of use : http://incubator.apache.org/harmony/mailing.html
> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>
--
Best regards,
Boris Kuznetsov
Intel Middleware Products Division
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org
Re: [classlib][security] Exception compatibility
Posted by Mikhail Loenko <ml...@gmail.com>.
IMHO we should look from the perspective of migrating the apps.
So let's try to make behavior of "Harmony + BC provider" close
to "Sun + Sun's provider"
If without the checks the combination Harmony+BC works similar to
Sun+Sun's provider, then let's remove the checks. Otherwise let's
keep it to make the behavior at least logical.
Thanks,
Mikhail
2006/9/4, Boris Kuznetsov <bo...@gmail.com>:
> Usually Harmony behavior is compared with RI behavior. But in security
> area RI behavior depends on provider. With different providers RI
> behave differently.
>
> For example, RI passes incorrect method arguments to provider. In such
> cases provider may throw exception (e.g. DigestException or
> IllegalArgumentException) or some RuntimeException (e.g.
> ArrayIndexOutOfBoundsException) may be thrown during the execution.
> Here is example.
>
> There are number of methods with arguments like (byte[] buf, int
> offset, int len). RI doesn't check if offset and len are negative but
> Harmony does, so we have difference in behavior (see Harmony-1120,
> 1148): on combination RI + provider application gets provider specific
> exception, but on Harmony + provider - IllegalArgumentException (as in
> other invalid parameters cases).
>
> So we have two options:
> 1. Fix Harmony (remove negative parameters checks)
> 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> Document as non-bug difference from RI.
>
> Note, specification doesn't describe implementation behavior for
> invalid arguments, but RI also throws IllegalArgumentException if
> ofsset+len > buf.length. So throwing of IllegalArgumentException in
> Harmony can't break any application.
>
> I suggest option 2.
> Thoughts?
>
> Thanks,
> Boris
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org
Re: [classlib][security] Exception compatibility
Posted by Richard Liang <ri...@gmail.com>.
On 9/4/06, Boris Kuznetsov <bo...@gmail.com> wrote:
> Usually Harmony behavior is compared with RI behavior. But in security
> area RI behavior depends on provider. With different providers RI
> behave differently.
>
> For example, RI passes incorrect method arguments to provider. In such
> cases provider may throw exception (e.g. DigestException or
> IllegalArgumentException) or some RuntimeException (e.g.
> ArrayIndexOutOfBoundsException) may be thrown during the execution.
> Here is example.
>
> There are number of methods with arguments like (byte[] buf, int
> offset, int len). RI doesn't check if offset and len are negative but
> Harmony does, so we have difference in behavior (see Harmony-1120,
> 1148): on combination RI + provider application gets provider specific
> exception, but on Harmony + provider - IllegalArgumentException (as in
> other invalid parameters cases).
>
> So we have two options:
> 1. Fix Harmony (remove negative parameters checks)
> 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> Document as non-bug difference from RI.
>
> Note, specification doesn't describe implementation behavior for
> invalid arguments, but RI also throws IllegalArgumentException if
> ofsset+len > buf.length. So throwing of IllegalArgumentException in
> Harmony can't break any application.
>
> I suggest option 2.
> Thoughts?
According to our "Compatibility guidelines"[1], I suggest we follow RI
for this issue, because the spec does not describe the behavior
clearly and it seems that RI's behavior is not so illogical ;-)
[1] http://incubator.apache.org/harmony/subcomponents/classlibrary/compat.html
Best regards,
Richard
>
> Thanks,
> Boris
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>
--
Richard Liang
China Software Development Lab, IBM
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org