Path: csiph.com!x330-a1.tempe.blueboxinc.net!feeder1.hal-mli.net!nx01.iad01.newshosting.com!newshosting.com!news-out.readnews.com!transit3.readnews.com!news-out.news.tds.net!newsreading01.news.tds.net!86597e80!not-for-mail From: "kester83" Subject: some security issues... Message-ID: <1192523533.706892.256430@e9g2000prf.googlegroups.com> X-Comment-To: comp.lang.java.security Newsgroups: comp.lang.java.security Content-Type: text/plain; charset=IBM437 Content-Transfer-Encoding: 8bit X-Gateway: time.synchro.net [Synchronet 3.15a-Win32 NewsLink 1.92] Lines: 47 Date: Wed, 27 Apr 2011 16:07:44 GMT NNTP-Posting-Host: 96.60.20.240 X-Complaints-To: news@tds.net X-Trace: newsreading01.news.tds.net 1303920464 96.60.20.240 (Wed, 27 Apr 2011 11:07:44 CDT) NNTP-Posting-Date: Wed, 27 Apr 2011 11:07:44 CDT Organization: TDS.net Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.security:29 To: comp.lang.java.security hi problem1: below is a java file that i have and after applying a security check on the return reference, i have this security risk involved :"The method returns the reference Object type directly." the suggested solution was to "Return a copy of the reference Object." Can any one help me to see what i can do to remove this secutiry risk? public class InventoryList{ public static InventoryList merge(InventoryList a, InventoryList b){ if (a == null){ return b;} else if (b == null){ return a; } else { InventoryList c = new InventoryList(); c.count = a.count + b.count; c.head = a.head; c.tail = b.tail; a.tail.next = b.head; return c; } } } problem 2: i've been told to do work on the security check for "buffers overflow". the only example i was given is below int data[] = new data[10]; data[10] = 100; can anyone explain to me how this checking of buffers overflow works and perhaps and example to how it can be solved? will really appreciate any help i can get :) --- * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet! --- Synchronet 3.15a-Win32 NewsLink 1.92 Time Warp of the Future BBS - telnet://time.synchro.net:24