diff options
author | asaha <none@none> | 2014-10-23 12:36:55 -0700 |
---|---|---|
committer | asaha <none@none> | 2014-10-23 12:36:55 -0700 |
commit | 8e1a18e7e5b00421da547655f82a0f187b478292 (patch) | |
tree | 7b8062227a7bff5f2c14ce350785e8cf1862dff1 | |
parent | e759501299cefa66c07e4b67120be892c3139814 (diff) | |
parent | 8735fa5d41a99f5da8cb956b18dd11036458413b (diff) |
Merge
28 files changed, 356 insertions, 122 deletions
@@ -312,6 +312,8 @@ be30cb2a3088f2b7b334b499f7eddbd5312312a7 jdk8u20-b23 dfb9f24d56b51e5a2ca26e77fc69a2464d51a4d3 jdk8u20-b24 dfb9f24d56b51e5a2ca26e77fc69a2464d51a4d3 jdk8u20-b25 dd229c5f57bff4e75a70908294a13072b9a48385 jdk8u20-b26 +684a13a7d2ccc91d2ad709ecad1fddbcc992ee5a jdk8u20-b31 +eb459e6ac74a7db7b49393e470d04b6d854dfa89 jdk8u20-b32 abca9f6f1a10e9f91b2538bbe7870f54f550d986 jdk8u25-b00 7d0627679c9fdeaaaa9fe15c7cc11af0763621ec jdk8u25-b01 b0277ec994b751ebb761814675352506cd56bcd6 jdk8u25-b02 @@ -334,6 +336,13 @@ f07bc5dab84c67f5d1dccbab318ee1c5485c852d jdk8u25-b16 d067890f970f3a712f870f6311d20f3359b6eaf0 jdk8u25-b16 67b22a82345bfa1ae1492679bdf3c4d54f4eacde jdk8u25-b17 a4e88eaf15ea0569f3275a807a976fe0e04a086c jdk8u25-b18 +556c79ef8a1d2fa38f79b3d3e102e80e0b0c9731 jdk8u25-b31 +f935349e2c065487c745bc41f81ddc7869bd2d2d jdk8u31-b00 +caebf6158e9d522df41a2c89a1602e5013bac401 jdk8u31-b01 +b1cef4d76664564732004cf3aedb0cbaa1972683 jdk8u31-b02 +649c7ba692012fd93c532fea133cf14785674387 jdk8u31-b03 +ab6aa5ee3897ebfe4a04722a594fb2cecd6f3bef jdk8u31-b04 +1e79baf89075967bddc64921d2680d8c1123f654 jdk8u31-b05 e6ed015afbbf3459ba3297e270b4f3170e989c80 jdk8u40-b00 6e223d48080ef40f4ec11ecbcd19b4a20813b9eb jdk8u40-b01 4797cd0713b44b009525f1276d571ade7e24f3f5 jdk8u40-b02 diff --git a/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java b/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java index 48b501094..b22ebf958 100644 --- a/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java +++ b/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java @@ -1067,16 +1067,9 @@ public class WindowsFileChooserUI extends BasicFileChooserUI { directories.clear(); - File[] baseFolders; - if (useShellFolder) { - baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() { - public File[] run() { - return (File[]) ShellFolder.get("fileChooserComboBoxFolders"); - } - }); - } else { - baseFolders = fsv.getRoots(); - } + File[] baseFolders = (useShellFolder) + ? (File[]) ShellFolder.get("fileChooserComboBoxFolders") + : fsv.getRoots(); directories.addAll(Arrays.asList(baseFolders)); // Get the canonical (full) path. This has the side diff --git a/src/share/classes/com/sun/jndi/ldap/BerDecoder.java b/src/share/classes/com/sun/jndi/ldap/BerDecoder.java index 103ce4714..9feefb47f 100644 --- a/src/share/classes/com/sun/jndi/ldap/BerDecoder.java +++ b/src/share/classes/com/sun/jndi/ldap/BerDecoder.java @@ -95,6 +95,9 @@ public final class BerDecoder extends Ber { for( int i = 0; i < lengthbyte; i++) { retval = (retval << 8) + (buf[offset++] & 0xff); } + if (retval < 0) { + throw new DecodeException("Invalid length bytes"); + } return retval; } else { return lengthbyte; diff --git a/src/share/classes/java/lang/ClassLoader.java b/src/share/classes/java/lang/ClassLoader.java index 875f5ec8e..8bde2f62f 100644 --- a/src/share/classes/java/lang/ClassLoader.java +++ b/src/share/classes/java/lang/ClassLoader.java @@ -1365,7 +1365,10 @@ public abstract class ClassLoader { return null; SecurityManager sm = System.getSecurityManager(); if (sm != null) { - checkClassLoaderPermission(this, Reflection.getCallerClass()); + // Check access to the parent class loader + // If the caller's class loader is same as this class loader, + // permission check is performed. + checkClassLoaderPermission(parent, Reflection.getCallerClass()); } return parent; } @@ -1508,6 +1511,11 @@ public abstract class ClassLoader { return caller.getClassLoader0(); } + /* + * Checks RuntimePermission("getClassLoader") permission + * if caller's class loader is not null and caller's class loader + * is not the same as or an ancestor of the given cl argument. + */ static void checkClassLoaderPermission(ClassLoader cl, Class<?> caller) { SecurityManager sm = System.getSecurityManager(); if (sm != null) { diff --git a/src/share/classes/java/net/MulticastSocket.java b/src/share/classes/java/net/MulticastSocket.java index 1d42dfe6e..40013f7fb 100644 --- a/src/share/classes/java/net/MulticastSocket.java +++ b/src/share/classes/java/net/MulticastSocket.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -569,7 +569,7 @@ class MulticastSocket extends DatagramSocket { public NetworkInterface getNetworkInterface() throws SocketException { NetworkInterface ni = (NetworkInterface)getImpl().getOption(SocketOptions.IP_MULTICAST_IF2); - if (ni.getIndex() == 0) { + if ((ni.getIndex() == 0) || (ni.getIndex() == -1)) { InetAddress[] addrs = new InetAddress[1]; addrs[0] = InetAddress.anyLocalAddress(); return new NetworkInterface(addrs[0].getHostName(), 0, addrs); diff --git a/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java b/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java index 677d1f88c..ddc70c91c 100644 --- a/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java +++ b/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java @@ -941,16 +941,9 @@ public class MetalFileChooserUI extends BasicFileChooserUI { directories.clear(); - File[] baseFolders; - if (useShellFolder) { - baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() { - public File[] run() { - return (File[]) ShellFolder.get("fileChooserComboBoxFolders"); - } - }); - } else { - baseFolders = fsv.getRoots(); - } + File[] baseFolders = (useShellFolder) + ? (File[]) ShellFolder.get("fileChooserComboBoxFolders") + : fsv.getRoots(); directories.addAll(Arrays.asList(baseFolders)); // Get the canonical (full) path. This has the side diff --git a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index 7e02ea496..31fdad864 100644 --- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -336,6 +336,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { /* try auth without calling Authenticator. Used for transparent NTLM authentication */ private boolean tryTransparentNTLMServer = true; private boolean tryTransparentNTLMProxy = true; + private boolean useProxyResponseCode = false; /* Used by Windows specific code */ private Object authObj; @@ -2243,6 +2244,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection { if (tryTransparentNTLMProxy) { tryTransparentNTLMProxy = NTLMAuthenticationProxy.supportsTransparentAuth; + /* If the platform supports transparent authentication + * then normally it's ok to do transparent auth to a proxy + * because we generally trust proxies (chosen by the user) + * But not in the case of 305 response where the server + * chose it. */ + if (tryTransparentNTLMProxy && useProxyResponseCode) { + tryTransparentNTLMProxy = false; + } } a = null; if (tryTransparentNTLMProxy) { @@ -2614,6 +2623,10 @@ public class HttpURLConnection extends java.net.HttpURLConnection { requests.set(0, method + " " + getRequestURI()+" " + httpVersion, null); connected = true; + // need to remember this in case NTLM proxy authentication gets + // used. We can't use transparent authentication when user + // doesn't know about proxy. + useProxyResponseCode = true; } else { // maintain previous headers, just change the name // of the file we're getting diff --git a/src/share/classes/sun/rmi/transport/Transport.java b/src/share/classes/sun/rmi/transport/Transport.java index 217c93682..2fa3f502f 100644 --- a/src/share/classes/sun/rmi/transport/Transport.java +++ b/src/share/classes/sun/rmi/transport/Transport.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,10 @@ import java.rmi.server.RemoteCall; import java.rmi.server.RemoteServer; import java.rmi.server.ServerNotActiveException; import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.Permissions; +import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import sun.rmi.runtime.Log; import sun.rmi.server.Dispatcher; import sun.rmi.server.UnicastServerRef; @@ -68,6 +72,15 @@ public abstract class Transport { /** ObjID for DGCImpl */ private static final ObjID dgcID = new ObjID(ObjID.DGC_ID); + /** AccessControlContext for setting context ClassLoader */ + private static final AccessControlContext SETCCL_ACC; + static { + Permissions perms = new Permissions(); + perms.add(new RuntimePermission("setContextClassLoader")); + ProtectionDomain[] pd = { new ProtectionDomain(null, perms) }; + SETCCL_ACC = new AccessControlContext(pd); + } + /** * Returns a <I>Channel</I> that generates connections to the * endpoint <I>ep</I>. A Channel is an object that creates and @@ -117,6 +130,16 @@ public abstract class Transport { protected abstract void checkAcceptPermission(AccessControlContext acc); /** + * Sets the context class loader for the current thread. + */ + private static void setContextClassLoader(ClassLoader ccl) { + AccessController.doPrivileged((PrivilegedAction<Void>)() -> { + Thread.currentThread().setContextClassLoader(ccl); + return null; + }, SETCCL_ACC); + } + + /** * Service an incoming remote call. When a message arrives on the * connection indicating the beginning of a remote call, the * threads are required to call the <I>serviceCall</I> method of @@ -164,11 +187,10 @@ public abstract class Transport { target.getAccessControlContext(); ClassLoader ccl = target.getContextClassLoader(); - Thread t = Thread.currentThread(); - ClassLoader savedCcl = t.getContextClassLoader(); + ClassLoader savedCcl = Thread.currentThread().getContextClassLoader(); try { - t.setContextClassLoader(ccl); + setContextClassLoader(ccl); currentTransport.set(this); try { java.security.AccessController.doPrivileged( @@ -183,7 +205,7 @@ public abstract class Transport { throw (IOException) pae.getException(); } } finally { - t.setContextClassLoader(savedCcl); + setContextClassLoader(savedCcl); currentTransport.set(null); } diff --git a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java index 24655c2f0..a6b8c3ae5 100644 --- a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java +++ b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -49,6 +49,9 @@ import java.rmi.server.ServerNotActiveException; import java.rmi.server.UID; import java.security.AccessControlContext; import java.security.AccessController; +import java.security.Permissions; +import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.util.ArrayList; import java.util.LinkedList; import java.util.List; @@ -123,6 +126,14 @@ public class TCPTransport extends Transport { private static final ThreadLocal<ConnectionHandler> threadConnectionHandler = new ThreadLocal<>(); + /** an AccessControlContext with no permissions */ + private static final AccessControlContext NOPERMS_ACC; + static { + Permissions perms = new Permissions(); + ProtectionDomain[] pd = { new ProtectionDomain(null, perms) }; + NOPERMS_ACC = new AccessControlContext(pd); + } + /** endpoints for this transport */ private final LinkedList<TCPEndpoint> epList; /** number of objects exported on this transport */ @@ -662,16 +673,19 @@ public class TCPTransport extends Transport { } public void run() { - Thread t = Thread.currentThread(); - String name = t.getName(); - try { - t.setName("RMI TCP Connection(" + - connectionCount.incrementAndGet() + - ")-" + remoteHost); - run0(); - } finally { - t.setName(name); - } + AccessController.doPrivileged((PrivilegedAction<Void>)() -> { + Thread t = Thread.currentThread(); + String name = t.getName(); + try { + t.setName("RMI TCP Connection(" + + connectionCount.incrementAndGet() + + ")-" + remoteHost); + run0(); + } finally { + t.setName(name); + } + return null; + }, NOPERMS_ACC); } private void run0() { diff --git a/src/share/classes/sun/security/ssl/ClientHandshaker.java b/src/share/classes/sun/security/ssl/ClientHandshaker.java index 5108528f2..5e253a782 100644 --- a/src/share/classes/sun/security/ssl/ClientHandshaker.java +++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java @@ -345,6 +345,13 @@ final class ClientHandshaker extends Handshaker { break; case HandshakeMessage.ht_finished: + // A ChangeCipherSpec record must have been received prior to + // reception of the Finished message (RFC 5246, 7.4.9). + if (!receivedChangeCipherSpec()) { + fatalSE(Alerts.alert_handshake_failure, + "Received Finished message before ChangeCipherSpec"); + } + this.serverFinished( new Finished(protocolVersion, input, cipherSuite)); break; diff --git a/src/share/classes/sun/security/ssl/Handshaker.java b/src/share/classes/sun/security/ssl/Handshaker.java index 80c2a518c..e2e706378 100644 --- a/src/share/classes/sun/security/ssl/Handshaker.java +++ b/src/share/classes/sun/security/ssl/Handshaker.java @@ -66,27 +66,27 @@ abstract class Handshaker { ProtocolVersion protocolVersion; // the currently active protocol version during a renegotiation - ProtocolVersion activeProtocolVersion; + ProtocolVersion activeProtocolVersion; // security parameters for secure renegotiation. - boolean secureRenegotiation; - byte[] clientVerifyData; - byte[] serverVerifyData; + boolean secureRenegotiation; + byte[] clientVerifyData; + byte[] serverVerifyData; // Is it an initial negotiation or a renegotiation? - boolean isInitialHandshake; + boolean isInitialHandshake; // List of enabled protocols - private ProtocolList enabledProtocols; + private ProtocolList enabledProtocols; // List of enabled CipherSuites - private CipherSuiteList enabledCipherSuites; + private CipherSuiteList enabledCipherSuites; // The endpoint identification protocol - String identificationProtocol; + String identificationProtocol; // The cryptographic algorithm constraints - private AlgorithmConstraints algorithmConstraints = null; + private AlgorithmConstraints algorithmConstraints = null; // Local supported signature and algorithms Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs; @@ -95,15 +95,13 @@ abstract class Handshaker { Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs; /* - - /* * List of active protocols * * Active protocols is a subset of enabled protocols, and will * contain only those protocols that have vaild cipher suites * enabled. */ - private ProtocolList activeProtocols; + private ProtocolList activeProtocols; /* * List of active cipher suites @@ -111,39 +109,41 @@ abstract class Handshaker { * Active cipher suites is a subset of enabled cipher suites, and will * contain only those cipher suites available for the active protocols. */ - private CipherSuiteList activeCipherSuites; + private CipherSuiteList activeCipherSuites; // The server name indication and matchers - List<SNIServerName> serverNames = - Collections.<SNIServerName>emptyList(); - Collection<SNIMatcher> sniMatchers = - Collections.<SNIMatcher>emptyList(); + List<SNIServerName> serverNames = Collections.<SNIServerName>emptyList(); + Collection<SNIMatcher> sniMatchers = Collections.<SNIMatcher>emptyList(); - private boolean isClient; - private boolean needCertVerify; + private boolean isClient; + private boolean needCertVerify; - SSLSocketImpl conn = null; - SSLEngineImpl engine = null; + SSLSocketImpl conn = null; + SSLEngineImpl engine = null; - HandshakeHash handshakeHash; - HandshakeInStream input; - HandshakeOutStream output; - int state; - SSLContextImpl sslContext; - RandomCookie clnt_random, svr_random; - SSLSessionImpl session; + HandshakeHash handshakeHash; + HandshakeInStream input; + HandshakeOutStream output; + int state; + SSLContextImpl sslContext; + RandomCookie clnt_random, svr_random; + SSLSessionImpl session; // current CipherSuite. Never null, initially SSL_NULL_WITH_NULL_NULL - CipherSuite cipherSuite; + CipherSuite cipherSuite; // current key exchange. Never null, initially K_NULL - KeyExchange keyExchange; + KeyExchange keyExchange; - /* True if this session is being resumed (fast handshake) */ - boolean resumingSession; + // True if this session is being resumed (fast handshake) + boolean resumingSession; - /* True if it's OK to start a new SSL session */ - boolean enableNewSession; + // True if it's OK to start a new SSL session + boolean enableNewSession; + + // True if session keys have been calculated and the caller may receive + // and process a ChangeCipherSpec message + private boolean sessKeysCalculated; // Whether local cipher suites preference should be honored during // handshaking? @@ -176,7 +176,7 @@ abstract class Handshaker { // here instead of using this lock. Consider changing. private Object thrownLock = new Object(); - /* Class and subclass dynamic debugging support */ + // Class and subclass dynamic debugging support static final Debug debug = Debug.getInstance("ssl"); // By default, disable the unsafe legacy session renegotiation @@ -253,6 +253,7 @@ abstract class Handshaker { this.serverVerifyData = serverVerifyData; enableNewSession = true; invalidated = false; + sessKeysCalculated = false; setCipherSuite(CipherSuite.C_NULL); setEnabledProtocols(enabledProtocols); @@ -359,6 +360,14 @@ abstract class Handshaker { } } + final boolean receivedChangeCipherSpec() { + if (conn != null) { + return conn.receivedChangeCipherSpec(); + } else { + return engine.receivedChangeCipherSpec(); + } + } + String getEndpointIdentificationAlgorithmSE() { SSLParameters paras; if (conn != null) { @@ -1224,6 +1233,10 @@ abstract class Handshaker { throw new ProviderException(e); } + // Mark a flag that allows outside entities (like SSLSocket/SSLEngine) + // determine if a ChangeCipherSpec message could be processed. + sessKeysCalculated = true; + // // Dump the connection keys as they're generated. // @@ -1278,6 +1291,15 @@ abstract class Handshaker { } } + /** + * Return whether or not the Handshaker has derived session keys for + * this handshake. This is used for determining readiness to process + * an incoming ChangeCipherSpec message. + */ + boolean sessionKeysCalculated() { + return sessKeysCalculated; + } + private static void printHex(HexDumpEncoder dump, byte[] bytes) { if (bytes == null) { System.out.println("(key bytes not available)"); diff --git a/src/share/classes/sun/security/ssl/SSLEngineImpl.java b/src/share/classes/sun/security/ssl/SSLEngineImpl.java index 7a71a0eca..e021d8ee2 100644 --- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java +++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -212,6 +212,11 @@ final public class SSLEngineImpl extends SSLEngine { static final byte clauth_required = 2; /* + * Flag indicating that the engine has received a ChangeCipherSpec message. + */ + private boolean receivedCCS; + + /* * Flag indicating if the next record we receive MUST be a Finished * message. Temporarily set during the handshake to ensure that * a change cipher spec message is followed by a finished message. @@ -372,6 +377,7 @@ final public class SSLEngineImpl extends SSLEngine { */ roleIsServer = true; connectionState = cs_START; + receivedCCS = false; // default server name indication serverNames = @@ -1021,6 +1027,7 @@ final public class SSLEngineImpl extends SSLEngine { if (handshaker.invalidated) { handshaker = null; + receivedCCS = false; // if state is cs_RENEGOTIATE, revert it to cs_DATA if (connectionState == cs_RENEGOTIATE) { connectionState = cs_DATA; @@ -1039,6 +1046,7 @@ final public class SSLEngineImpl extends SSLEngine { } handshaker = null; connectionState = cs_DATA; + receivedCCS = false; // No handshakeListeners here. That's a // SSLSocket thing. @@ -1078,13 +1086,25 @@ final public class SSLEngineImpl extends SSLEngine { case Record.ct_change_cipher_spec: if ((connectionState != cs_HANDSHAKE && connectionState != cs_RENEGOTIATE) - || inputRecord.available() != 1 + || !handshaker.sessionKeysCalculated() + || receivedCCS) { + // For the CCS message arriving in the wrong state + fatal(Alerts.alert_unexpected_message, + "illegal change cipher spec msg, conn state = " + + connectionState + ", handshake state = " + + handshaker.state); + } else if (inputRecord.available() != 1 || inputRecord.read() != 1) { + // For structural/content issues with the CCS fatal(Alerts.alert_unexpected_message, - "illegal change cipher spec msg, state = " - + connectionState); + "Malformed change cipher spec msg"); } + // Once we've received CCS, update the flag. + // If the remote endpoint sends it again in this handshake + // we won't process it. + receivedCCS = true; + // // The first message after a change_cipher_spec // record MUST be a "Finished" handshake record, @@ -2120,6 +2140,14 @@ final public class SSLEngineImpl extends SSLEngine { } } + /* + * Returns a boolean indicating whether the ChangeCipherSpec message + * has been received for this handshake. + */ + boolean receivedChangeCipherSpec() { + return receivedCCS; + } + /** * Returns a printable representation of this end of the connection. */ diff --git a/src/share/classes/sun/security/ssl/SSLSocketImpl.java b/src/share/classes/sun/security/ssl/SSLSocketImpl.java index 395a36608..7b91f3e01 100644 --- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java +++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -172,6 +172,12 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { private volatile int connectionState; /* + * Flag indicating that the engine's handshaker has done the necessary + * steps so the engine may process a ChangeCipherSpec message. + */ + private boolean receivedCCS; + + /* * Flag indicating if the next record we receive MUST be a Finished * message. Temporarily set during the handshake to ensure that * a change cipher spec message is followed by a finished message. @@ -587,6 +593,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { */ roleIsServer = isServer; connectionState = cs_START; + receivedCCS = false; /* * default read and write side cipher and MAC support @@ -1045,6 +1052,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { if (handshaker.invalidated) { handshaker = null; + receivedCCS = false; // if state is cs_RENEGOTIATE, revert it to cs_DATA if (connectionState == cs_RENEGOTIATE) { connectionState = cs_DATA; @@ -1060,6 +1068,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { handshakeSession = null; handshaker = null; connectionState = cs_DATA; + receivedCCS = false; // // Tell folk about handshake completion, but do @@ -1107,13 +1116,24 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { case Record.ct_change_cipher_spec: if ((connectionState != cs_HANDSHAKE && connectionState != cs_RENEGOTIATE) - || r.available() != 1 - || r.read() != 1) { + || !handshaker.sessionKeysCalculated() + || receivedCCS) { + // For the CCS message arriving in the wrong state fatal(Alerts.alert_unexpected_message, - "illegal change cipher spec msg, state = " - + connectionState); + "illegal change cipher spec msg, conn state = " + + connectionState + ", handshake state = " + + handshaker.state); + } else if (r.available() != 1 || r.read() != 1) { + // For structural/content issues with the CCS + fatal(Alerts.alert_unexpected_message, + "Malformed change cipher spec msg"); } + // Once we've received CCS, update the flag. + // If the remote endpoint sends it again in this handshake + // we won't process it. + receivedCCS = true; + // // The first message after a change_cipher_spec // record MUST be a "Finished" handshake record, @@ -2550,6 +2570,14 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { } } + /* + * Returns a boolean indicating whether the ChangeCipherSpec message + * has been received for this handshake. + */ + boolean receivedChangeCipherSpec() { + return receivedCCS; + } + // // We allocate a separate thread to deliver handshake completion // events. This ensures that the notifications don't block the diff --git a/src/share/classes/sun/security/ssl/ServerHandshaker.java b/src/share/classes/sun/security/ssl/ServerHandshaker.java index 85c1b4d56..37babc748 100644 --- a/src/share/classes/sun/security/ssl/ServerHandshaker.java +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java @@ -287,6 +287,13 @@ final class ServerHandshaker extends Handshaker { break; case HandshakeMessage.ht_finished: + // A ChangeCipherSpec record must have been received prior to + // reception of the Finished message (RFC 5246, 7.4.9). + if (!receivedChangeCipherSpec()) { + fatalSE(Alerts.alert_handshake_failure, + "Received Finished message before ChangeCipherSpec"); + } + this.clientFinished( new Finished(protocolVersion, input, cipherSuite)); break; diff --git a/src/share/classes/sun/security/util/DerIndefLenConverter.java b/src/share/classes/sun/security/util/DerIndefLenConverter.java index 66351374e..cbd5ecc00 100644 --- a/src/share/classes/sun/security/util/DerIndefLenConverter.java +++ b/src/share/classes/sun/security/util/DerIndefLenConverter.java @@ -156,12 +156,18 @@ class DerIndefLenConverter { } if (isLongForm(lenByte)) { lenByte &= LEN_MASK; - if (lenByte > 4) + if (lenByte > 4) { throw new IOException("Too much data"); - if ((dataSize - dataPos) < (lenByte + 1)) + } + if ((dataSize - dataPos) < (lenByte + 1)) { throw new IOException("Too little data"); - for (int i = 0; i < lenByte; i++) + } + for (int i = 0; i < lenByte; i++) { curLen = (curLen << 8) + (data[dataPos++] & 0xff); + } + if (curLen < 0) { + throw new IOException("Invalid length bytes"); + } } else { curLen = (lenByte & LEN_MASK); } @@ -188,10 +194,15 @@ class DerIndefLenConverter { } if (isLongForm(lenByte)) { lenByte &= LEN_MASK; - for (int i = 0; i < lenByte; i++) + for (int i = 0; i < lenByte; i++) { curLen = (curLen << 8) + (data[dataPos++] & 0xff); - } else + } + if (curLen < 0) { + throw new IOException("Invalid length bytes"); + } + } else { curLen = (lenByte & LEN_MASK); + } writeLength(curLen); writeValue(curLen); } diff --git a/src/share/classes/sun/security/util/DerInputStream.java b/src/share/classes/sun/security/util/DerInputStream.java index e0f77ee79..fc4aee847 100644 --- a/src/share/classes/sun/security/util/DerInputStream.java +++ b/src/share/classes/sun/security/util/DerInputStream.java @@ -566,6 +566,10 @@ public class DerInputStream { value <<= 8; value += 0x0ff & in.read(); } + if (value < 0) { + throw new IOException("DerInputStream.getLength(): " + + "Invalid length bytes"); + } } return value; } diff --git a/src/share/classes/sun/swing/WindowsPlacesBar.java b/src/share/classes/sun/swing/WindowsPlacesBar.java index 8b033ca3e..2a693294c 100644 --- a/src/share/classes/sun/swing/WindowsPlacesBar.java +++ b/src/share/classes/sun/swing/WindowsPlacesBar.java @@ -81,11 +81,7 @@ public class WindowsPlacesBar extends JToolBar setBackground(bgColor); FileSystemView fsv = fc.getFileSystemView(); - files = AccessController.doPrivileged(new PrivilegedAction<File[]>() { - public File[] run() { - return (File[]) ShellFolder.get("fileChooserShortcutPanelFolders"); - } - }); + files = (File[]) ShellFolder.get("fileChooserShortcutPanelFolders"); buttons = new JToggleButton[files.length]; buttonGroup = new ButtonGroup(); diff --git a/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java b/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java index 37792070d..047952cd6 100644 --- a/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java +++ b/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java @@ -769,16 +769,9 @@ public class SynthFileChooserUIImpl extends SynthFileChooserUI { fireIntervalRemoved(this, 0, oldSize); } - File[] baseFolders; - if (useShellFolder) { - baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() { - public File[] run() { - return (File[]) ShellFolder.get("fileChooserComboBoxFolders"); - } - }); - } else { - baseFolders = fsv.getRoots(); - } + File[] baseFolders = (useShellFolder) + ? (File[]) ShellFolder.get("fileChooserComboBoxFolders") + : fsv.getRoots(); directories.addAll(Arrays.asList(baseFolders)); // Get the canonical (full) path. This has the side diff --git a/src/share/lib/security/java.security-aix b/src/share/lib/security/java.security-aix index d31a1e370..bb71a15a4 100644 --- a/src/share/lib/security/java.security-aix +++ b/src/share/lib/security/java.security-aix @@ -210,8 +210,8 @@ package.access=sun.,\ org.jcp.xml.dsig.internal.,\ jdk.internal.,\ jdk.nashorn.internal.,\ - jdk.nashorn.tools. - + jdk.nashorn.tools.,\ + com.sun.activation.registries. # # List of comma-separated packages that start with or equal this string @@ -257,8 +257,8 @@ package.definition=sun.,\ org.jcp.xml.dsig.internal.,\ jdk.internal.,\ jdk.nashorn.internal.,\ - jdk.nashorn.tools. - + jdk.nashorn.tools.,\ + com.sun.activation.registries. # # Determines whether this properties file can be appended to diff --git a/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp b/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp index e985b81cb..cbee0ba70 100644 --- a/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp +++ b/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp @@ -583,6 +583,8 @@ le_uint32 ChainingContextualSubstitutionFormat2Subtable::process(const LETableRe LEReferenceTo<ChainSubClassRuleTable> chainSubClassRuleTable(chainSubClassSetTable, success, chainSubClassRuleTableOffset); le_uint16 backtrackGlyphCount = SWAPW(chainSubClassRuleTable->backtrackGlyphCount); + LEReferenceToArrayOf<le_uint16> backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount); + if( LE_FAILURE(success) ) { return 0; } le_uint16 inputGlyphCount = SWAPW(chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount]) - 1; LEReferenceToArrayOf<le_uint16> inputClassArray(base, success, &chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount + 1],inputGlyphCount+2); // +2 for the lookaheadGlyphCount count le_uint16 lookaheadGlyphCount = SWAPW(inputClassArray.getObject(inputGlyphCount, success)); @@ -599,8 +601,6 @@ le_uint32 ChainingContextualSubstitutionFormat2Subtable::process(const LETableRe } tempIterator.prev(); - LEReferenceToArrayOf<le_uint16> backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount); - if( LE_FAILURE(success) ) { return 0; } if (! matchGlyphClasses(backtrackClassArray, backtrackGlyphCount, &tempIterator, backtrackClassDefinitionTable, success, TRUE)) { continue; diff --git a/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp b/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp index 63583289f..f2c9f95ac 100644 --- a/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp +++ b/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp @@ -45,6 +45,9 @@ le_uint32 CursiveAttachmentSubtable::process(const LEReferenceTo<CursiveAttachme le_int32 coverageIndex = getGlyphCoverage(base, glyphID, success); le_uint16 eeCount = SWAPW(entryExitCount); + LEReferenceToArrayOf<EntryExitRecord> + entryExitRecordsArrayRef(base, success, entryExitRecords, coverageIndex); + if (coverageIndex < 0 || coverageIndex >= eeCount || LE_FAILURE(success)) { glyphIterator->setCursiveGlyph(); return 0; diff --git a/src/share/native/sun/font/layout/Features.cpp b/src/share/native/sun/font/layout/Features.cpp index b44ae2e8e..6c6bcc8b3 100644 --- a/src/share/native/sun/font/layout/Features.cpp +++ b/src/share/native/sun/font/layout/Features.cpp @@ -40,6 +40,9 @@ U_NAMESPACE_BEGIN LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const { + LEReferenceToArrayOf<FeatureRecord> + featureRecordArrayRef(base, success, featureRecordArray, featureIndex); + if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) { return LEReferenceTo<FeatureTable>(); } diff --git a/src/share/native/sun/font/layout/LETableReference.h b/src/share/native/sun/font/layout/LETableReference.h index ea12c18cb..6afd3c1c1 100644 --- a/src/share/native/sun/font/layout/LETableReference.h +++ b/src/share/native/sun/font/layout/LETableReference.h @@ -470,7 +470,12 @@ _TRTRACE("INFO: new RTAO") #endif const T& getObject(le_uint32 i, LEErrorCode &success) const { - return *getAlias(i,success); + const T *ret = getAlias(i, success); + if (LE_FAILURE(success) || ret==NULL) { + return *(new T(0)); + } else { + return *ret; + } } /** diff --git a/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp b/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp index 9e7120eb6..8e0e7cdd2 100644 --- a/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp +++ b/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp @@ -64,6 +64,9 @@ le_uint32 LigatureSubstitutionSubtable::process(const LETableReference &base, Gl LEReferenceTo<LigatureTable> ligTable(ligSetTable, success, ligTableOffset); if(LE_FAILURE(success)) { return 0; } le_uint16 compCount = SWAPW(ligTable->compCount) - 1; + LEReferenceToArrayOf<TTGlyphID> + componentArrayRef(base, success, ligTable->componentArray, compCount); + if (LE_FAILURE(success)) { return 0; } le_int32 startPosition = glyphIterator->getCurrStreamPosition(); TTGlyphID ligGlyph = SWAPW(ligTable->ligGlyph); le_uint16 comp; diff --git a/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp b/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp index 5ff16fe48..5ed9a3a53 100644 --- a/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp +++ b/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp @@ -61,6 +61,8 @@ le_uint32 MultipleSubstitutionSubtable::process(const LETableReference &base, Gl le_int32 coverageIndex = getGlyphCoverage(base, glyph, success); le_uint16 seqCount = SWAPW(sequenceCount); + LEReferenceToArrayOf<Offset> + sequenceTableOffsetArrayRef(base, success, sequenceTableOffsetArray, seqCount); if (LE_FAILURE(success)) { return 0; diff --git a/src/solaris/native/java/net/NetworkInterface.c b/src/solaris/native/java/net/NetworkInterface.c index 7ee0c38c6..09ab89c2f 100644 --- a/src/solaris/native/java/net/NetworkInterface.c +++ b/src/solaris/native/java/net/NetworkInterface.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -570,9 +570,14 @@ JNIEXPORT jint JNICALL Java_java_net_NetworkInterface_getMTU0(JNIEnv *env, jclas jboolean isCopy; int ret = -1; int sock; - const char* name_utf; + const char* name_utf = NULL; - name_utf = (*env)->GetStringUTFChars(env, name, &isCopy); + if (name != NULL) { + name_utf = (*env)->GetStringUTFChars(env, name, &isCopy); + } else { + JNU_ThrowNullPointerException(env, "network interface name is NULL"); + return ret; + } if (name_utf == NULL) { if (!(*env)->ExceptionCheck(env)) JNU_ThrowOutOfMemoryError(env, NULL); @@ -600,7 +605,12 @@ static int getFlags0(JNIEnv *env, jstring name) { const char* name_utf; int flags = 0; - name_utf = (*env)->GetStringUTFChars(env, name, &isCopy); + if (name != NULL) { + name_utf = (*env)->GetStringUTFChars(env, name, &isCopy); + } else { + JNU_ThrowNullPointerException(env, "network interface name is NULL"); + return -1; + } if (name_utf == NULL) { if (!(*env)->ExceptionCheck(env)) JNU_ThrowOutOfMemoryError(env, NULL); @@ -1474,7 +1484,12 @@ static int getMTU(JNIEnv *env, int sock, const char *ifname) { struct ifreq if2; memset((char *) &if2, 0, sizeof(if2)); - strcpy(if2.ifr_name, ifname); + if (ifname != NULL) { + strcpy(if2.ifr_name, ifname); + } else { + JNU_ThrowNullPointerException(env, "network interface name is NULL"); + return -1; + } if (ioctl(sock, SIOCGIFMTU, (char *)&if2) < 0) { NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException", "IOCTL SIOCGIFMTU failed"); diff --git a/src/solaris/native/java/net/PlainDatagramSocketImpl.c b/src/solaris/native/java/net/PlainDatagramSocketImpl.c index 86c3a7040..0a8a3a4d8 100644 --- a/src/solaris/native/java/net/PlainDatagramSocketImpl.c +++ b/src/solaris/native/java/net/PlainDatagramSocketImpl.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1474,10 +1474,12 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) { static jmethodID ni_ctrID; static jfieldID ni_indexID; static jfieldID ni_addrsID; + static jfieldID ni_nameID; jobjectArray addrArray; jobject addr; jobject ni; + jobject ni_name; struct in_addr in; struct in_addr *inP = ∈ @@ -1527,6 +1529,8 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) { ni_addrsID = (*env)->GetFieldID(env, c, "addrs", "[Ljava/net/InetAddress;"); CHECK_NULL_RETURN(ni_addrsID, NULL); + ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;"); + CHECK_NULL_RETURN(ni_nameID, NULL); ni_class = (*env)->NewGlobalRef(env, c); CHECK_NULL_RETURN(ni_class, NULL); } @@ -1548,6 +1552,10 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) { CHECK_NULL_RETURN(addrArray, NULL); (*env)->SetObjectArrayElement(env, addrArray, 0, addr); (*env)->SetObjectField(env, ni, ni_addrsID, addrArray); + ni_name = (*env)->NewStringUTF(env, ""); + if (ni_name != NULL) { + (*env)->SetObjectField(env, ni, ni_nameID, ni_name); + } return ni; } @@ -1564,14 +1572,16 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) { static jfieldID ni_indexID; static jfieldID ni_addrsID; static jclass ia_class; + static jfieldID ni_nameID; static jmethodID ia_anyLocalAddressID; - int index; + int index = 0; int len = sizeof(index); jobjectArray addrArray; jobject addr; jobject ni; + jobject ni_name; if (JVM_GetSockOpt(fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, (char*)&index, &len) < 0) { @@ -1600,6 +1610,8 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) { "anyLocalAddress", "()Ljava/net/InetAddress;"); CHECK_NULL_RETURN(ia_anyLocalAddressID, NULL); + ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;"); + CHECK_NULL_RETURN(ni_nameID, NULL); ni_class = (*env)->NewGlobalRef(env, c); CHECK_NULL_RETURN(ni_class, NULL); } @@ -1660,6 +1672,10 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) { CHECK_NULL_RETURN(addrArray, NULL); (*env)->SetObjectArrayElement(env, addrArray, 0, addr); (*env)->SetObjectField(env, ni, ni_addrsID, addrArray); + ni_name = (*env)->NewStringUTF(env, ""); + if (ni_name != NULL) { + (*env)->SetObjectField(env, ni, ni_nameID, ni_name); + } return ni; } #endif diff --git a/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java b/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java index 41ba690f3..4d7da2de2 100644 --- a/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java +++ b/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java @@ -36,6 +36,7 @@ import java.security.PrivilegedAction; import java.util.*; import java.util.List; import java.util.concurrent.*; +import java.util.stream.Stream; import static sun.awt.shell.Win32ShellFolder2.*; import sun.awt.OSInfo; @@ -251,7 +252,7 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { if (file == null) { file = getDesktop(); } - return file; + return checkFile(file); } else if (key.equals("roots")) { // Should be "History" and "Desktop" ? if (roots == null) { @@ -262,11 +263,11 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { roots = (File[])super.get(key); } } - return roots; + return checkFiles(roots); } else if (key.equals("fileChooserComboBoxFolders")) { Win32ShellFolder2 desktop = getDesktop(); - if (desktop != null) { + if (desktop != null && checkFile(desktop) != null) { ArrayList<File> folders = new ArrayList<File>(); Win32ShellFolder2 drives = getDrives(); @@ -295,7 +296,7 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { } } } - return folders.toArray(new File[folders.size()]); + return checkFiles(folders); } else { return super.get(key); } @@ -332,7 +333,7 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { } } } - return folders.toArray(new File[folders.size()]); + return checkFiles(folders); } else if (key.startsWith("fileChooserIcon ")) { String name = key.substring(key.indexOf(" ") + 1); @@ -378,6 +379,41 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { return null; } + private File checkFile(File file) { + SecurityManager sm = System.getSecurityManager(); + return (sm == null || file == null) ? file : checkFile(file, sm); + } + + private File checkFile(File file, SecurityManager sm) { + try { + sm.checkRead(file.getPath()); + return file; + } catch (SecurityException se) { + return null; + } + } + + private File[] checkFiles(File[] files) { + SecurityManager sm = System.getSecurityManager(); + if (sm == null || files == null || files.length == 0) { + return files; + } + return checkFiles(Arrays.stream(files), sm); + } + + private File[] checkFiles(List<File> files) { + SecurityManager sm = System.getSecurityManager(); + if (sm == null || files.isEmpty()) { + return files.toArray(new File[files.size()]); + } + return checkFiles(files.stream(), sm); + } + + private File[] checkFiles(Stream<File> filesStream, SecurityManager sm) { + return filesStream.filter((file) -> checkFile(file, sm) != null) + .toArray(File[]::new); + } + /** * Does <code>dir</code> represent a "computer" such as a node on the network, or * "My Computer" on the desktop. |