Project

General

Profile

Actions

Bug #13014

closed

StackOverflowError during policy generation in JavascriptEngine - debian 9.5 with jdk 1.8.0_181

Added by Marco Kirchhoff over 6 years ago. Updated about 6 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Medium
Priority:
57
Name check:
Fix check:
Regression:

Description

After upgrading from 4.2.7 to 4.3.3 policy generation fails with a StackOverflowError.

I determined that the exception is caused by "com.normation.rudder.services.policies.JsEngine$SandboxSecurityManager.checkPermission" calling itself recursively while trying to check for the permission to load a missing class (which appears to be "FilePermission").


Files

stacktrace.txt (63.1 KB) stacktrace.txt Marco Kirchhoff, 2018-07-20 13:36

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity"ReleasedVincent MEMBRÉActions
Actions

Also available in: Atom PDF