Java – how does the competitive condition in toctou work?

Java

The following code should be vulnerable to toctou attacks:

public Period(final Date start,final Date end) {
    if (start.compare(end) > 0) {
       throw new IllegalArgumentException("");
    }

    this.start = start;
    this.end = end;      // Class period has 2 private final member 
                         // variables Date start & end.

 }

What I don't understand is how this competitive condition will work? Suppose there are two threads T1 and T2. T1 has a set of valid parameters, which should be checked. T2 is a hacker who wants to set invalid values in the class

If two threads are competing and this code is a key part of us, T1 runs through check and sleeps Now, when T2 starts running, will it pass the check again (and fail)?

Solution

The problem is that the date is variable, so another thread can change the end date: end setTime(0); Check start After (easier way to write about your illness)

So it looks like:

> T1:start. After (end) = > returns false, everything looks good > T2: end setTime(0); => Sneaky thread 2 change date > T1: this start = start; this. end = end; // Boom = > your class invariant is no longer valid

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>