[9591] in bugtraq
Re: Applets listening on Sockets in Java
daemon@ATHENA.MIT.EDU (Tim Wright)
Mon Feb 15 14:43:16 1999
Date: Mon, 15 Feb 1999 13:16:05 -0500
Reply-To: Tim Wright <wright@QUCIS.QUEENSU.CA>
From: Tim Wright <wright@QUCIS.QUEENSU.CA>
X-To: Lincoln Stein <lstein@cshl.org>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199902131902.OAA16703@formaggio.cshl.org>
On Sat, 13 Feb 1999, Lincoln Stein wrote:
> Tim Wright writes:
> > <alx@acm.org> and I recently explored the "security hole" in Java
> > where an applet can listen on a port, and accept connections from any
> > machine, rather than just the machine from which the applet was
> > down-loaded.
> >
> > The code which was posted to BugTraq does appear to exhibit this
> > behavior. However, on closer inspection the posted code only created a
> > class to listen on a socket, and did not call the method to accept
> > connections from that socket. It turns out that the SecurityException is
> > (correctly) thrown during the accept method call.
>
> That's with connection-oriented sockets. What about UDP sockets?
just tested, code attached.
UDP sockets throw an IOException rather than a SecurityExecption, but they
do exhibit correct behaviour in that incoming packets from unauthorized
places are not accepted.
Tim
http://stl.qucis.queensu.ca/~wright
No society has lasted forever, so why do we assume that our
society will?
// Server code
import java.applet.*;
import java.awt.*;
import java.io.*;
import java.net.*;
/**
* This type was created in VisualAge.
*/
public class SocketListener extends Applet {
/**
* This method was created in VisualAge.
*/
public void init() {
DatagramSocket ss;
try {
ss = new DatagramSocket(7000);
} catch (IOException ioe) {
System.err.println("error, cannot create socket");
return;
}
System.err.println("created server socket");
while (true) {
try {
System.err.println("waiting for connection");
DatagramPacket s=new DatagramPacket(" ".getBytes(),10);
ss.receive(s);
System.err.println("accepted connection from "+s.getAddress());
System.err.println("read:"+ s.getData());
} catch (IOException ioe) {
System.err.println("IO exception thrown");
}
}
}
}
// Client Code
import java.applet.*;
import java.awt.*;
import java.io.*;
import java.net.*;
/**
* This type was created in VisualAge.
*/
public class SocketConnector {
public SocketConnector() {
super();
}
public static void main(java.lang.String[] args) {
try {
String message="hi there";
DatagramPacket dp=new
DatagramPacket(message.getBytes(),message.length());
dp.setPort(7000);
dp.setAddress(InetAddress.getAllByName(args[0])[0]);
(new DatagramSocket()).send(dp);
}
catch (Exception e) {
System.err.println("exception occured");
e.printStackTrace();
}
}
}
