The bytecode verifier is an internal component of the JVM and is responsible for detecting non-confirming Java code. It performs tasks such as ensuring that the class file is in proper format, illegal type casts are not performed and preventing operand stack overflows or underflows.
Noncompliant Code Example
In the noncompliant code snippet shown below, two classes, Ssn
and SsnVerify
are defined. If at some later time, the programmer changes the access modifier of the ssn
field from public
to private
, a possibility exists that only the modified Ssn
class is recompiled but the SsnVerify
class is overlooked. As a result, SsnVerify
can now illegally access the private ssn
field of the Ssn
class.
package ssnvault.values; public class Ssn { public String ssn = "001 01 0001"; } package ssnvault.values; public class SsnVerify { public static void main(String[] args) { Ssn number = new Ssn(); System.out.println("Please enter last four digits of your SSN:"); //perform verification } }
Compliant Solution
It is vital to re-compile both Ssn
and SsnVerify
classes so that the bytecode verifier can be applied to detect the non-conforming code.
Alternatively, to force bytecode verification when the unmodified class is loaded, the -verify
flag can be specified on the java
command line.
The verification process is automatically initiated unless the -noverify
flag is specified at command line. On Java 2 systems, classes loaded by the primordial class loader (that loads classes from the boot class path) are not required to perform bytecode verification.
Risk Assessment
If the bytecode verifier is not applied to all code then code could be loaded into a java system that does not conform to the Java Language Specification. This code could bypass checks that are normally expected to be performed by Java code, thereby compromising security.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
SEC36-J |
medium |
probable |
high |
P?? |
L?? |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Oaks 01]] The Bytecode Verifier
[[Pistoia 04]] Section 7.3, The Class File Verifier