Last active
August 29, 2015 14:28
-
-
Save jsyeo/2c10ccc640215e8d51ba to your computer and use it in GitHub Desktop.
Implement Generic Interface
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class Main { | |
| public static void main(String[] args) { | |
| MyInterface i = new MyImplementer(); | |
| i.foo(1); | |
| /* | |
| Since we actually call the vulnerable method, the call chain that we expect is: | |
| Main.main(String[] args): 5 | |
| -> MyImplementer.foo(Integer): 36 | |
| -> MyImplementer.vulnerableMethod() | |
| But what we are getting is this: | |
| Main.main(String[] args): 5 | |
| -> MyImplementer.foo(Object): 27 | |
| -> MyImplementer.foo(Integer): 36 | |
| -> MyImplementer.vulnerableMethod() | |
| */ | |
| } | |
| } | |
| /* | |
| * This is our vulnerable class | |
| */ | |
| class MyImplementer implements MyInterface<Integer> { | |
| /* | |
| After type erasure, the compiler will insert a bridge method that looks like this: | |
| public void foo(Object o) { | |
| foo( (Integer) o ); | |
| } | |
| */ | |
| @Override | |
| public void foo(Integer i) { | |
| vulnerableMethod(); | |
| } | |
| private void vulnerableMethod() { | |
| throw new UnknownError(); | |
| } | |
| } | |
| interface MyInterface<T> { | |
| void foo(T t); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment