diff options
| author | robm <none@none> | 2014-07-17 18:05:58 +0100 |
|---|---|---|
| committer | robm <none@none> | 2014-07-17 18:05:58 +0100 |
| commit | 24f2dc8fa2121cf211e4e26e1f56c928322f773f (patch) | |
| tree | 0fd55b96942d23e804c9c2fd505b38f6a7b33717 /src | |
| parent | ddac2db224a9e51a39e146753f2afc6706fc0c9e (diff) | |
| parent | b4d3f6ca8053b68fc41e5bf8c2592eb833226f10 (diff) | |
Merge
Diffstat (limited to 'src')
26 files changed, 569 insertions, 431 deletions
diff --git a/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java b/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java index a69c501d2..536e23156 100644 --- a/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java +++ b/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,22 +34,14 @@ import javax.security.auth.Subject; import javax.management.remote.SubjectDelegationPermission; -import com.sun.jmx.remote.util.CacheMap; -import java.util.ArrayList; -import java.util.Collection; +import java.util.*; public class SubjectDelegator { - private static final int PRINCIPALS_CACHE_SIZE = 10; - private static final int ACC_CACHE_SIZE = 10; - - private CacheMap<Subject, Principal[]> principalsCache; - private CacheMap<Subject, AccessControlContext> accCache; - /* Return the AccessControlContext appropriate to execute an operation on behalf of the delegatedSubject. If the authenticatedAccessControlContext does not have permission to delegate to that subject, throw SecurityException. */ - public synchronized AccessControlContext + public AccessControlContext delegatedContext(AccessControlContext authenticatedACC, Subject delegatedSubject, boolean removeCallerContext) @@ -58,56 +50,14 @@ public class SubjectDelegator { if (System.getSecurityManager() != null && authenticatedACC == null) { throw new SecurityException("Illegal AccessControlContext: null"); } - if (principalsCache == null || accCache == null) { - principalsCache = - new CacheMap<>(PRINCIPALS_CACHE_SIZE); - accCache = - new CacheMap<>(ACC_CACHE_SIZE); - } - - // Retrieve the principals for the given - // delegated subject from the cache - // - Principal[] delegatedPrincipals = principalsCache.get(delegatedSubject); - - // Convert the set of principals stored in the - // delegated subject into an array of principals - // and store it in the cache - // - if (delegatedPrincipals == null) { - delegatedPrincipals = - delegatedSubject.getPrincipals().toArray(new Principal[0]); - principalsCache.put(delegatedSubject, delegatedPrincipals); - } - - // Retrieve the access control context for the - // given delegated subject from the cache - // - AccessControlContext delegatedACC = accCache.get(delegatedSubject); - - // Build the access control context to be used - // when executing code as the delegated subject - // and store it in the cache - // - if (delegatedACC == null) { - if (removeCallerContext) { - delegatedACC = - JMXSubjectDomainCombiner.getDomainCombinerContext( - delegatedSubject); - } else { - delegatedACC = - JMXSubjectDomainCombiner.getContext(delegatedSubject); - } - accCache.put(delegatedSubject, delegatedACC); - } // Check if the subject delegation permission allows the // authenticated subject to assume the identity of each // principal in the delegated subject // - final Principal[] dp = delegatedPrincipals; - final Collection<Permission> permissions = new ArrayList<>(dp.length); - for(Principal p : dp) { + Collection<Principal> ps = getSubjectPrincipals(delegatedSubject); + final Collection<Permission> permissions = new ArrayList<>(ps.size()); + for(Principal p : ps) { final String pname = p.getClass().getName() + "." + p.getName(); permissions.add(new SubjectDelegationPermission(pname)); } @@ -122,7 +72,15 @@ public class SubjectDelegator { }; AccessController.doPrivileged(action, authenticatedACC); - return delegatedACC; + return getDelegatedAcc(delegatedSubject, removeCallerContext); + } + + private AccessControlContext getDelegatedAcc(Subject delegatedSubject, boolean removeCallerContext) { + if (removeCallerContext) { + return JMXSubjectDomainCombiner.getDomainCombinerContext(delegatedSubject); + } else { + return JMXSubjectDomainCombiner.getContext(delegatedSubject); + } } /** @@ -137,11 +95,9 @@ public class SubjectDelegator { public static synchronized boolean checkRemoveCallerContext(Subject subject) { try { - final Principal[] dp = - subject.getPrincipals().toArray(new Principal[0]); - for (int i = 0 ; i < dp.length ; i++) { + for (Principal p : getSubjectPrincipals(subject)) { final String pname = - dp[i].getClass().getName() + "." + dp[i].getName(); + p.getClass().getName() + "." + p.getName(); final Permission sdp = new SubjectDelegationPermission(pname); AccessController.checkPermission(sdp); @@ -151,4 +107,19 @@ public class SubjectDelegator { } return true; } + + /** + * Retrieves the {@linkplain Subject} principals + * @param subject The subject + * @return If the {@code Subject} is immutable it will return the principals directly. + * If the {@code Subject} is mutable it will create an unmodifiable copy. + */ + private static Collection<Principal> getSubjectPrincipals(Subject subject) { + if (subject.isReadOnly()) { + return subject.getPrincipals(); + } + + List<Principal> principals = Arrays.asList(subject.getPrincipals().toArray(new Principal[0])); + return Collections.unmodifiableList(principals); + } } diff --git a/src/share/classes/com/sun/jmx/remote/util/CacheMap.java b/src/share/classes/com/sun/jmx/remote/util/CacheMap.java deleted file mode 100644 index ae21d074c..000000000 --- a/src/share/classes/com/sun/jmx/remote/util/CacheMap.java +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.jmx.remote.util; - -import java.lang.ref.SoftReference; -import java.util.Iterator; -import java.util.LinkedList; -import java.util.List; -import java.util.WeakHashMap; - -import com.sun.jmx.mbeanserver.Util; - -/** - * <p>Like WeakHashMap, except that the keys of the <em>n</em> most - * recently-accessed entries are kept as {@link SoftReference soft - * references}. Accessing an element means creating it, or retrieving - * it with {@link #get(Object) get}. Because these entries are kept - * with soft references, they will tend to remain even if their keys - * are not referenced elsewhere. But if memory is short, they will - * be removed.</p> - */ -public class CacheMap<K, V> extends WeakHashMap<K, V> { - /** - * <p>Create a <code>CacheMap</code> that can keep up to - * <code>nSoftReferences</code> as soft references.</p> - * - * @param nSoftReferences Maximum number of keys to keep as soft - * references. Access times for {@link #get(Object) get} and - * {@link #put(Object, Object) put} have a component that scales - * linearly with <code>nSoftReferences</code>, so this value - * should not be too great. - * - * @throws IllegalArgumentException if - * <code>nSoftReferences</code> is negative. - */ - public CacheMap(int nSoftReferences) { - if (nSoftReferences < 0) { - throw new IllegalArgumentException("nSoftReferences = " + - nSoftReferences); - } - this.nSoftReferences = nSoftReferences; - } - - public V put(K key, V value) { - cache(key); - return super.put(key, value); - } - - public V get(Object key) { - cache(Util.<K>cast(key)); - return super.get(key); - } - - /* We don't override remove(Object) or try to do something with - the map's iterators to detect removal. So we may keep useless - entries in the soft reference list for keys that have since - been removed. The assumption is that entries are added to the - cache but never removed. But the behavior is not wrong if - they are in fact removed -- the caching is just less - performant. */ - - private void cache(K key) { - Iterator<SoftReference<K>> it = cache.iterator(); - while (it.hasNext()) { - SoftReference<K> sref = it.next(); - K key1 = sref.get(); - if (key1 == null) - it.remove(); - else if (key.equals(key1)) { - // Move this element to the head of the LRU list - it.remove(); - cache.add(0, sref); - return; - } - } - - int size = cache.size(); - if (size == nSoftReferences) { - if (size == 0) - return; // degenerate case, equivalent to WeakHashMap - it.remove(); - } - - cache.add(0, new SoftReference<K>(key)); - } - - /* List of soft references for the most-recently referenced keys. - The list is in most-recently-used order, i.e. the first element - is the most-recently referenced key. There are never more than - nSoftReferences elements of this list. - - If we didn't care about J2SE 1.3 compatibility, we could use - LinkedHashSet in conjunction with a subclass of SoftReference - whose equals and hashCode reflect the referent. */ - private final LinkedList<SoftReference<K>> cache = - new LinkedList<SoftReference<K>>(); - private final int nSoftReferences; -} diff --git a/src/share/classes/com/sun/security/sasl/CramMD5Base.java b/src/share/classes/com/sun/security/sasl/CramMD5Base.java index 5d0309c60..559b0bc50 100644 --- a/src/share/classes/com/sun/security/sasl/CramMD5Base.java +++ b/src/share/classes/com/sun/security/sasl/CramMD5Base.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,6 +32,7 @@ import javax.security.sasl.Sasl; import java.security.NoSuchAlgorithmException; import java.security.MessageDigest; +import java.util.Arrays; import java.util.logging.Logger; /** @@ -159,7 +160,7 @@ abstract class CramMD5Base { MessageDigest md5 = MessageDigest.getInstance("MD5"); /* digest the key if longer than 64 bytes */ - if (key.length > 64) { + if (key.length > MD5_BLOCKSIZE) { key = md5.digest(key); } @@ -169,13 +170,9 @@ abstract class CramMD5Base { int i; /* store key in pads */ - for (i = 0; i < MD5_BLOCKSIZE; i++) { - for ( ; i < key.length; i++) { - ipad[i] = key[i]; - opad[i] = key[i]; - } - ipad[i] = 0x00; - opad[i] = 0x00; + for (i = 0; i < key.length; i++) { + ipad[i] = key[i]; + opad[i] = key[i]; } /* XOR key with pads */ @@ -207,6 +204,11 @@ abstract class CramMD5Base { } } + Arrays.fill(ipad, (byte)0); + Arrays.fill(opad, (byte)0); + ipad = null; + opad = null; + return (digestString.toString()); } diff --git a/src/share/classes/java/lang/ProcessBuilder.java b/src/share/classes/java/lang/ProcessBuilder.java index efa30fd46..fc58abc34 100644 --- a/src/share/classes/java/lang/ProcessBuilder.java +++ b/src/share/classes/java/lang/ProcessBuilder.java @@ -1019,6 +1019,12 @@ public final class ProcessBuilder String dir = directory == null ? null : directory.toString(); + for (int i = 1; i < cmdarray.length; i++) { + if (cmdarray[i].indexOf('\u0000') >= 0) { + throw new IOException("invalid null character in command"); + } + } + try { return ProcessImpl.start(cmdarray, environment, diff --git a/src/share/classes/java/lang/invoke/MethodHandles.java b/src/share/classes/java/lang/invoke/MethodHandles.java index cdc764dee..09103d534 100644 --- a/src/share/classes/java/lang/invoke/MethodHandles.java +++ b/src/share/classes/java/lang/invoke/MethodHandles.java @@ -39,7 +39,9 @@ import sun.reflect.misc.ReflectUtil; import sun.security.util.SecurityConstants; import static java.lang.invoke.MethodHandleStatics.*; import static java.lang.invoke.MethodHandleNatives.Constants.*; + import java.util.concurrent.ConcurrentHashMap; + import sun.security.util.SecurityConstants; /** @@ -1504,6 +1506,10 @@ return mh1; // that is *not* the bytecode behavior. mods ^= Modifier.PROTECTED | Modifier.PUBLIC; } + if (Modifier.isProtected(mods) && refKind == REF_newInvokeSpecial) { + // cannot "new" a protected ctor in a different package + mods ^= Modifier.PROTECTED; + } if (Modifier.isFinal(mods) && MethodHandleNatives.refKindIsSetter(refKind)) throw m.makeAccessException("unexpected set of a final field", this); diff --git a/src/share/classes/java/lang/reflect/Proxy.java b/src/share/classes/java/lang/reflect/Proxy.java index 20e62b642..7b80e4595 100644 --- a/src/share/classes/java/lang/reflect/Proxy.java +++ b/src/share/classes/java/lang/reflect/Proxy.java @@ -362,12 +362,13 @@ public class Proxy implements java.io.Serializable { Class<?>... interfaces) throws IllegalArgumentException { - SecurityManager sm = System.getSecurityManager(); + final Class<?>[] intfs = interfaces.clone(); + final SecurityManager sm = System.getSecurityManager(); if (sm != null) { - checkProxyAccess(Reflection.getCallerClass(), loader, interfaces); + checkProxyAccess(Reflection.getCallerClass(), loader, intfs); } - return getProxyClass0(loader, interfaces); + return getProxyClass0(loader, intfs); } /* @@ -706,15 +707,16 @@ public class Proxy implements java.io.Serializable { { Objects.requireNonNull(h); + final Class<?>[] intfs = interfaces.clone(); final SecurityManager sm = System.getSecurityManager(); if (sm != null) { - checkProxyAccess(Reflection.getCallerClass(), loader, interfaces); + checkProxyAccess(Reflection.getCallerClass(), loader, intfs); } /* * Look up or generate the designated proxy class. */ - Class<?> cl = getProxyClass0(loader, interfaces); + Class<?> cl = getProxyClass0(loader, intfs); /* * Invoke its constructor with the designated invocation handler. diff --git a/src/share/classes/java/security/Provider.java b/src/share/classes/java/security/Provider.java index 7e3def8f5..1eadb0e62 100644 --- a/src/share/classes/java/security/Provider.java +++ b/src/share/classes/java/security/Provider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1372,7 +1372,7 @@ public abstract class Provider extends Properties { * <p>This class defines the methods {@link #supportsParameter * supportsParameter()} and {@link #newInstance newInstance()} * which are used by the Java security framework when it searches for - * suitable services and instantes them. The valid arguments to those + * suitable services and instantiates them. The valid arguments to those * methods depend on the type of service. For the service types defined * within Java SE, see the * <a href="../../../technotes/guides/security/crypto/CryptoSpec.html"> @@ -1562,7 +1562,7 @@ public abstract class Provider extends Properties { * * @throws InvalidParameterException if the value of * constructorParameter is invalid for this type of service. - * @throws NoSuchAlgorithmException if instantation failed for + * @throws NoSuchAlgorithmException if instantiation failed for * any other reason. */ public Object newInstance(Object constructorParameter) @@ -1590,7 +1590,9 @@ public abstract class Provider extends Properties { + " engines"); } Class<?> clazz = getImplClass(); - return clazz.newInstance(); + Class<?>[] empty = {}; + Constructor<?> con = clazz.getConstructor(empty); + return con.newInstance(); } else { Class<?> paramClass = cap.getConstructorParameterClass(); if (constructorParameter != null) { @@ -1633,13 +1635,18 @@ public abstract class Provider extends Properties { } else { clazz = cl.loadClass(className); } + if (!Modifier.isPublic(clazz.getModifiers())) { + throw new NoSuchAlgorithmException + ("class configured for " + type + " (provider: " + + provider.getName() + ") is not public."); + } classRef = new WeakReference<Class<?>>(clazz); } return clazz; } catch (ClassNotFoundException e) { throw new NoSuchAlgorithmException - ("class configured for " + type + "(provider: " + - provider.getName() + ")" + "cannot be found.", e); + ("class configured for " + type + " (provider: " + + provider.getName() + ") cannot be found.", e); } } @@ -1652,15 +1659,21 @@ public abstract class Provider extends Properties { throws Exception { Class<?> clazz = getImplClass(); if (constructorParameter == null) { - Object o = clazz.newInstance(); - return o; + // create instance with public no-arg constructor if it exists + try { + Class<?>[] empty = {}; + Constructor<?> con = clazz.getConstructor(empty); + return con.newInstance(); + } catch (NoSuchMethodException e) { + throw new NoSuchAlgorithmException("No public no-arg " + + "constructor found in class " + className); + } } Class<?> argClass = constructorParameter.getClass(); Constructor[] cons = clazz.getConstructors(); // find first public constructor that can take the // argument as parameter - for (int i = 0; i < cons.length; i++) { - Constructor<?> con = cons[i]; + for (Constructor<?> con : cons) { Class<?>[] paramTypes = con.getParameterTypes(); if (paramTypes.length != 1) { continue; @@ -1668,10 +1681,9 @@ public abstract class Provider extends Properties { if (paramTypes[0].isAssignableFrom(argClass) == false) { continue; } - Object o = con.newInstance(new Object[] {constructorParameter}); - return o; + return con.newInstance(constructorParameter); } - throw new NoSuchAlgorithmException("No constructor matching " + throw new NoSuchAlgorithmException("No public constructor matching " + argClass.getName() + " found in class " + className); } diff --git a/src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java b/src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java index f0a084001..4408ff3b1 100644 --- a/src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java +++ b/src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java @@ -334,6 +334,8 @@ public abstract class AtomicReferenceFieldUpdater<T,V> { if (vclass != fieldClass) throw new ClassCastException(); + if (vclass.isPrimitive()) + throw new IllegalArgumentException("Must be reference type"); if (!Modifier.isVolatile(modifiers)) throw new IllegalArgumentException("Must be volatile type"); diff --git a/src/share/classes/javax/swing/filechooser/FileSystemView.java b/src/share/classes/javax/swing/filechooser/FileSystemView.java index f62d69c0e..b1d9d1fcd 100644 --- a/src/share/classes/javax/swing/filechooser/FileSystemView.java +++ b/src/share/classes/javax/swing/filechooser/FileSystemView.java @@ -718,7 +718,8 @@ class WindowsFileSystemView extends FileSystemView { * @return the Desktop folder. */ public File getHomeDirectory() { - return getRoots()[0]; + File[] roots = getRoots(); + return (roots.length == 0) ? null : roots[0]; } /** diff --git a/src/share/classes/sun/awt/AppContext.java b/src/share/classes/sun/awt/AppContext.java index 5959e54de..fbee5079c 100644 --- a/src/share/classes/sun/awt/AppContext.java +++ b/src/share/classes/sun/awt/AppContext.java @@ -331,6 +331,20 @@ public final class AppContext { while (context == null) { threadGroup = threadGroup.getParent(); if (threadGroup == null) { + // We've got up to the root thread group and did not find an AppContext + // Try to get it from the security manager + SecurityManager securityManager = System.getSecurityManager(); + if (securityManager != null) { + ThreadGroup smThreadGroup = securityManager.getThreadGroup(); + if (smThreadGroup != null) { + /* + * If we get this far then it's likely that + * the ThreadGroup does not actually belong + * to the applet, so do not cache it. + */ + return threadGroup2appContext.get(smThreadGroup); + } + } return null; } context = threadGroup2appContext.get(threadGroup); diff --git a/src/share/classes/sun/security/ec/ECKeyPairGenerator.java b/src/share/classes/sun/security/ec/ECKeyPairGenerator.java index 5bfb6a79a..bd9724812 100644 --- a/src/share/classes/sun/security/ec/ECKeyPairGenerator.java +++ b/src/share/classes/sun/security/ec/ECKeyPairGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -125,19 +125,18 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi { try { - long[] handles = generateECKeyPair(keySize, encodedParams, seed); + Object[] keyBytes = generateECKeyPair(keySize, encodedParams, seed); // The 'params' object supplied above is equivalent to the native // one so there is no need to fetch it. - - // handles[0] points to the native private key - BigInteger s = new BigInteger(1, getEncodedBytes(handles[0])); + // keyBytes[0] is the encoding of the native private key + BigInteger s = new BigInteger(1, (byte[])keyBytes[0]); PrivateKey privateKey = new ECPrivateKeyImpl(s, (ECParameterSpec)params); - // handles[1] points to the native public key - ECPoint w = ECUtil.decodePoint(getEncodedBytes(handles[1]), + // keyBytes[1] is the encoding of the native public key + ECPoint w = ECUtil.decodePoint((byte[])keyBytes[1], ((ECParameterSpec)params).getCurve()); PublicKey publicKey = new ECPublicKeyImpl(w, (ECParameterSpec)params); @@ -162,14 +161,9 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi { } /* - * Generates the keypair and returns a 2-element array of handles. - * The first handle points to the private key, the second to the public key. + * Generates the keypair and returns a 2-element array of encoding bytes. + * The first one is for the private key, the second for the public key. */ - private static native long[] generateECKeyPair(int keySize, + private static native Object[] generateECKeyPair(int keySize, byte[] encodedParams, byte[] seed) throws GeneralSecurityException; - - /* - * Extracts the encoded key data using the supplied handle. - */ - private static native byte[] getEncodedBytes(long handle); } diff --git a/src/share/classes/sun/security/rsa/RSACore.java b/src/share/classes/sun/security/rsa/RSACore.java index c34f6a4b2..81b4e3f98 100644 --- a/src/share/classes/sun/security/rsa/RSACore.java +++ b/src/share/classes/sun/security/rsa/RSACore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,6 +50,15 @@ import sun.security.jca.JCAUtil; */ public final class RSACore { + // globally enable/disable use of blinding + private final static boolean ENABLE_BLINDING = true; + + // cache for blinding parameters. Map<BigInteger, BlindingParameters> + // use a weak hashmap so that cached values are automatically cleared + // when the modulus is GC'ed + private final static Map<BigInteger, BlindingParameters> + blindingCache = new WeakHashMap<>(); + private RSACore() { // empty } @@ -100,12 +109,12 @@ public final class RSACore { if (key instanceof RSAPrivateCrtKey) { return crtCrypt(msg, (RSAPrivateCrtKey)key); } else { - return crypt(msg, key.getModulus(), key.getPrivateExponent()); + return priCrypt(msg, key.getModulus(), key.getPrivateExponent()); } } /** - * RSA public key ops and non-CRT private key ops. Simple modPow(). + * RSA public key ops. Simple modPow(). */ private static byte[] crypt(byte[] msg, BigInteger n, BigInteger exp) throws BadPaddingException { @@ -115,22 +124,29 @@ public final class RSACore { } /** + * RSA non-CRT private key operations. + */ + private static byte[] priCrypt(byte[] msg, BigInteger n, BigInteger exp) + throws BadPaddingException { + + BigInteger c = parseMsg(msg, n); + BlindingRandomPair brp = null; + BigInteger m; + if (ENABLE_BLINDING) { + brp = getBlindingRandomPair(null, exp, n); + c = c.multiply(brp.u).mod(n); + m = c.modPow(exp, n); + m = m.multiply(brp.v).mod(n); + } else { + m = c.modPow(exp, n); + } + + return toByteArray(m, getByteLength(n)); + } + + /** * RSA private key operations with CRT. Algorithm and variable naming * are taken from PKCS#1 v2.1, section 5.1.2. - * - * The only difference is the addition of blinding to twart timing attacks. - * This is described in the RSA Bulletin#2 (Jan 96) among other places. - * This means instead of implementing RSA as - * m = c ^ d mod n (or RSA in CRT variant) - * we do - * r = random(0, n-1) - * c' = c * r^e mod n - * m' = c' ^ d mod n (or RSA in CRT variant) - * m = m' * r^-1 mod n (where r^-1 is the modular inverse of r mod n) - * This works because r^(e*d) * r^-1 = r * r^-1 = 1 (all mod n) - * - * We do not generate new blinding parameters for each operation but reuse - * them BLINDING_MAX_REUSE times (see definition below). */ private static byte[] crtCrypt(byte[] msg, RSAPrivateCrtKey key) throws BadPaddingException { @@ -141,13 +157,13 @@ public final class RSACore { BigInteger dP = key.getPrimeExponentP(); BigInteger dQ = key.getPrimeExponentQ(); BigInteger qInv = key.getCrtCoefficient(); + BigInteger e = key.getPublicExponent(); + BigInteger d = key.getPrivateExponent(); - BlindingParameters params; + BlindingRandomPair brp; if (ENABLE_BLINDING) { - params = getBlindingParameters(key); - c = c.multiply(params.re).mod(n); - } else { - params = null; + brp = getBlindingRandomPair(e, d, n); + c = c.multiply(brp.u).mod(n); } // m1 = c ^ dP mod p @@ -165,8 +181,8 @@ public final class RSACore { // m = m2 + q * h BigInteger m = h.multiply(q).add(m2); - if (params != null) { - m = m.multiply(params.rInv).mod(n); + if (ENABLE_BLINDING) { + m = m.multiply(brp.v).mod(n); } return toByteArray(m, getByteLength(n)); @@ -208,82 +224,217 @@ public final class RSACore { return t; } - // globally enable/disable use of blinding - private final static boolean ENABLE_BLINDING = true; - - // maximum number of times that we will use a set of blinding parameters - // value suggested by Paul Kocher (quoted by NSS) - private final static int BLINDING_MAX_REUSE = 50; + /** + * Parameters (u,v) for RSA Blinding. This is described in the RSA + * Bulletin#2 (Jan 96) and other places: + * + * ftp://ftp.rsa.com/pub/pdfs/bull-2.pdf + * + * The standard RSA Blinding decryption requires the public key exponent + * (e) and modulus (n), and converts ciphertext (c) to plaintext (p). + * + * Before the modular exponentiation operation, the input message should + * be multiplied by (u (mod n)), and afterward the result is corrected + * by multiplying with (v (mod n)). The system should reject messages + * equal to (0 (mod n)). That is: + * + * 1. Generate r between 0 and n-1, relatively prime to n. + * 2. Compute x = (c*u) mod n + * 3. Compute y = (x^d) mod n + * 4. Compute p = (y*v) mod n + * + * The Java APIs allows for either standard RSAPrivateKey or + * RSAPrivateCrtKey RSA keys. + * + * If the public exponent is available to us (e.g. RSAPrivateCrtKey), + * choose a random r, then let (u, v): + * + * u = r ^ e mod n + * v = r ^ (-1) mod n + * + * The proof follows: + * + * p = (((c * u) ^ d mod n) * v) mod n + * = ((c ^ d) * (u ^ d) * v) mod n + * = ((c ^ d) * (r ^ e) ^ d) * (r ^ (-1))) mod n + * = ((c ^ d) * (r ^ (e * d)) * (r ^ (-1))) mod n + * = ((c ^ d) * (r ^ 1) * (r ^ (-1))) mod n (see below) + * = (c ^ d) mod n + * + * because in RSA cryptosystem, d is the multiplicative inverse of e: + * + * (r^(e * d)) mod n + * = (r ^ 1) mod n + * = r mod n + * + * However, if the public exponent is not available (e.g. RSAPrivateKey), + * we mitigate the timing issue by using a similar random number blinding + * approach using the private key: + * + * u = r + * v = ((r ^ (-1)) ^ d) mod n + * + * This returns the same plaintext because: + * + * p = (((c * u) ^ d mod n) * v) mod n + * = ((c ^ d) * (u ^ d) * v) mod n + * = ((c ^ d) * (u ^ d) * ((u ^ (-1)) ^d)) mod n + * = (c ^ d) mod n + * + * Computing inverses mod n and random number generation is slow, so + * it is often not practical to generate a new random (u, v) pair for + * each new exponentiation. The calculation of parameters might even be + * subject to timing attacks. However, (u, v) pairs should not be + * reused since they themselves might be compromised by timing attacks, + * leaving the private exponent vulnerable. An efficient solution to + * this problem is update u and v before each modular exponentiation + * step by computing: + * + * u = u ^ 2 + * v = v ^ 2 + * + * The total performance cost is small. + */ + private final static class BlindingRandomPair { + final BigInteger u; + final BigInteger v; - // cache for blinding parameters. Map<BigInteger, BlindingParameters> - // use a weak hashmap so that cached values are automatically cleared - // when the modulus is GC'ed - private final static Map<BigInteger, BlindingParameters> blindingCache = - new WeakHashMap<>(); + BlindingRandomPair(BigInteger u, BigInteger v) { + this.u = u; + this.v = v; + } + } /** * Set of blinding parameters for a given RSA key. * * The RSA modulus is usually unique, so we index by modulus in - * blindingCache. However, to protect against the unlikely case of two - * keys sharing the same modulus, we also store the public exponent. - * This means we cannot cache blinding parameters for multiple keys that - * share the same modulus, but since sharing moduli is fundamentally broken - * an insecure, this does not matter. + * {@code blindingCache}. However, to protect against the unlikely + * case of two keys sharing the same modulus, we also store the public + * or the private exponent. This means we cannot cache blinding + * parameters for multiple keys that share the same modulus, but + * since sharing moduli is fundamentally broken and insecure, this + * does not matter. */ - private static final class BlindingParameters { - // e (RSA public exponent) - final BigInteger e; - // r ^ e mod n - final BigInteger re; - // inverse of r mod n - final BigInteger rInv; - // how many more times this parameter object can be used - private volatile int remainingUses; - BlindingParameters(BigInteger e, BigInteger re, BigInteger rInv) { + private final static class BlindingParameters { + private final static BigInteger BIG_TWO = BigInteger.valueOf(2L); + + // RSA public exponent + private final BigInteger e; + + // hash code of RSA private exponent + private final BigInteger d; + + // r ^ e mod n (CRT), or r mod n (Non-CRT) + private BigInteger u; + + // r ^ (-1) mod n (CRT) , or ((r ^ (-1)) ^ d) mod n (Non-CRT) + private BigInteger v; + + // e: the public exponent + // d: the private exponent + // n: the modulus + BlindingParameters(BigInteger e, BigInteger d, BigInteger n) { + this.u = null; + this.v = null; this.e = e; - this.re = re; - this.rInv = rInv; - // initialize remaining uses, subtract current use now - remainingUses = BLINDING_MAX_REUSE - 1; + this.d = d; + + int len = n.bitLength(); + SecureRandom random = JCAUtil.getSecureRandom(); + u = new BigInteger(len, random).mod(n); + // Although the possibility is very much limited that u is zero + // or is not relatively prime to n, we still want to be careful + // about the special value. + // + // Secure random generation is expensive, try to use BigInteger.ONE + // this time if this new generated random number is zero or is not + // relatively prime to n. Next time, new generated secure random + // number will be used instead. + if (u.equals(BigInteger.ZERO)) { + u = BigInteger.ONE; // use 1 this time + } + + try { + // The call to BigInteger.modInverse() checks that u is + // relatively prime to n. Otherwise, ArithmeticException is + // thrown. + v = u.modInverse(n); + } catch (ArithmeticException ae) { + // if u is not relatively prime to n, use 1 this time + u = BigInteger.ONE; + v = BigInteger.ONE; + } + + if (e != null) { + u = u.modPow(e, n); // e: the public exponent + // u: random ^ e + // v: random ^ (-1) + } else { + v = v.modPow(d, n); // d: the private exponent + // u: random + // v: random ^ (-d) + } } - boolean valid(BigInteger e) { - int k = remainingUses--; - return (k > 0) && this.e.equals(e); + + // return null if need to reset the parameters + BlindingRandomPair getBlindingRandomPair( + BigInteger e, BigInteger d, BigInteger n) { + + if ((this.e != null && this.e.equals(e)) || + (this.d != null && this.d.equals(d))) { + + BlindingRandomPair brp = null; + synchronized (this) { + if (!u.equals(BigInteger.ZERO) && + !v.equals(BigInteger.ZERO)) { + + brp = new BlindingRandomPair(u, v); + if (u.compareTo(BigInteger.ONE) <= 0 || + v.compareTo(BigInteger.ONE) <= 0) { + + // need to reset the random pair next time + u = BigInteger.ZERO; + v = BigInteger.ZERO; + } else { + u = u.modPow(BIG_TWO, n); + v = v.modPow(BIG_TWO, n); + } + } // Otherwise, need to reset the random pair. + } + return brp; + } + + return null; } } - /** - * Return valid RSA blinding parameters for the given private key. - * Use cached parameters if available. If not, generate new parameters - * and cache. - */ - private static BlindingParameters getBlindingParameters - (RSAPrivateCrtKey key) { - BigInteger modulus = key.getModulus(); - BigInteger e = key.getPublicExponent(); - BlindingParameters params; - // we release the lock between get() and put() - // that means threads might concurrently generate new blinding - // parameters for the same modulus. this is only a slight waste - // of cycles and seems preferable in terms of scalability - // to locking out all threads while generating new parameters + private static BlindingRandomPair getBlindingRandomPair( + BigInteger e, BigInteger d, BigInteger n) { + + BlindingParameters bps = null; synchronized (blindingCache) { - params = blindingCache.get(modulus); + bps = blindingCache.get(n); } - if ((params != null) && params.valid(e)) { - return params; + + if (bps == null) { + bps = new BlindingParameters(e, d, n); + synchronized (blindingCache) { + blindingCache.putIfAbsent(n, bps); + } } - int len = modulus.bitLength(); - SecureRandom random = JCAUtil.getSecureRandom(); - BigInteger r = new BigInteger(len, random).mod(modulus); - BigInteger re = r.modPow(e, modulus); - BigInteger rInv = r.modInverse(modulus); - params = new BlindingParameters(e, re, rInv); - synchronized (blindingCache) { - blindingCache.put(modulus, params); + + BlindingRandomPair brp = bps.getBlindingRandomPair(e, d, n); + if (brp == null) { + // need to reset the blinding parameters + bps = new BlindingParameters(e, d, n); + synchronized (blindingCache) { + blindingCache.replace(n, bps); + } + brp = bps.getBlindingRandomPair(e, d, n); } - return params; + + return brp; } } diff --git a/src/share/classes/sun/security/util/KeyUtil.java b/src/share/classes/sun/security/util/KeyUtil.java index 9c881b803..661e3b973 100644 --- a/src/share/classes/sun/security/util/KeyUtil.java +++ b/src/share/classes/sun/security/util/KeyUtil.java @@ -272,7 +272,16 @@ public final class KeyUtil { "Diffie-Hellman public key is too large"); } - // Don't bother to check against the y^q mod p if safe primes are used. + // y^q mod p == 1? + // Unable to perform this check as q is unknown in this circumstance. + + // p is expected to be prime. However, it is too expensive to check + // that p is prime. Instead, in order to mitigate the impact of + // non-prime values, we check that y is not a factor of p. + BigInteger r = p.remainder(y); + if (r.equals(BigInteger.ZERO)) { + throw new InvalidKeyException("Invalid Diffie-Hellman parameters"); + } } /** diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux index d31a1e370..bb71a15a4 100644 --- a/src/share/lib/security/java.security-linux +++ b/src/share/lib/security/java.security-linux @@ -210,8 +210,8 @@ package.access=sun.,\ org.jcp.xml.dsig.internal.,\ jdk.internal.,\ jdk.nashorn.internal.,\ - jdk.nashorn.tools. - + jdk.nashorn.tools.,\ + com.sun.activation.registries. # # List of comma-separated packages that start with or equal this string @@ -257,8 +257,8 @@ package.definition=sun.,\ org.jcp.xml.dsig.internal.,\ jdk.internal.,\ jdk.nashorn.internal.,\ - jdk.nashorn.tools. - + jdk.nashorn.tools.,\ + com.sun.activation.registries. # # Determines whether this properties file can be appended to diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx index 78ef91340..78eeb8e1d 100644 --- a/src/share/lib/security/java.security-macosx +++ b/src/share/lib/security/java.security-macosx @@ -212,6 +212,7 @@ package.access=sun.,\ jdk.internal.,\ jdk.nashorn.internal.,\ jdk.nashorn.tools.,\ + com.sun.activation.registries.,\ apple. # @@ -259,6 +260,7 @@ package.definition=sun.,\ jdk.internal.,\ jdk.nashorn.internal.,\ jdk.nashorn.tools.,\ + com.sun.activation.registries.,\ apple. # diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris index 7de2ad429..e153e1585 100644 --- a/src/share/lib/security/java.security-solaris +++ b/src/share/lib/security/java.security-solaris @@ -212,7 +212,8 @@ package.access=sun.,\ org.jcp.xml.dsig.internal.,\ jdk.internal.,\ jdk.nashorn.internal.,\ - jdk.nashorn.tools. + jdk.nashorn.tools.,\ + com.sun.activation.registries. # # List of comma-separated packages that start with or equal this string @@ -258,7 +259,8 @@ package.definition=sun.,\ org.jcp.xml.dsig.internal.,\ jdk.internal.,\ jdk.nashorn.internal.,\ - jdk.nashorn.tools. + jdk.nashorn.tools.,\ + com.sun.activation.registries. # # Determines whether this properties file can be appended to diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows index f19a0cf70..e10b953e9 100644 --- a/src/share/lib/security/java.security-windows +++ b/src/share/lib/security/java.security-windows @@ -212,6 +212,7 @@ package.access=sun.,\ jdk.internal.,\ jdk.nashorn.internal.,\ jdk.nashorn.tools.,\ + com.sun.activation.registries.,\ com.sun.java.accessibility. # @@ -259,6 +260,7 @@ package.definition=sun.,\ jdk.internal.,\ jdk.nashorn.internal.,\ jdk.nashorn.tools.,\ + com.sun.activation.registries.,\ com.sun.java.accessibility. # diff --git a/src/share/native/com/sun/java/util/jar/pack/defines.h b/src/share/native/com/sun/java/util/jar/pack/defines.h index 644b9ca9a..3d98dd114 100644 --- a/src/share/native/com/sun/java/util/jar/pack/defines.h +++ b/src/share/native/com/sun/java/util/jar/pack/defines.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -79,6 +79,7 @@ extern int assert_failed(const char*); #define ERROR_RESOURCE "Cannot extract resource file" #define ERROR_OVERFLOW "Internal buffer overflow" #define ERROR_INTERNAL "Internal error" +#define ERROR_INIT "cannot init class members" #define LOGFILE_STDOUT "-" #define LOGFILE_STDERR "" diff --git a/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/src/share/native/com/sun/java/util/jar/pack/jni.cpp index 26c683f0a..e9109cbec 100644 --- a/src/share/native/com/sun/java/util/jar/pack/jni.cpp +++ b/src/share/native/com/sun/java/util/jar/pack/jni.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -56,6 +56,45 @@ static char* dbg = null; #define THROW_IOE(x) JNU_ThrowIOException(env,x) +#define CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(CERVTI_exception, CERVTI_message) \ + do { \ + if ((env)->ExceptionOccurred()) { \ + THROW_IOE(CERVTI_message); \ + return; \ + } \ + if ((CERVTI_exception) == NULL) { \ + THROW_IOE(CERVTI_message); \ + return; \ + } \ + } while (JNI_FALSE) + + +#define CHECK_EXCEPTION_RETURN_VALUE(CERL_exception, CERL_return_value) \ + do { \ + if ((env)->ExceptionOccurred()) { \ + return CERL_return_value; \ + } \ + if ((CERL_exception) == NULL) { \ + return CERL_return_value; \ + } \ + } while (JNI_FALSE) + + +// If these useful macros aren't defined in jni_util.h then define them here +#ifndef CHECK_NULL_RETURN +#define CHECK_NULL_RETURN(x, y) \ + do { \ + if ((x) == NULL) return (y); \ + } while (JNI_FALSE) +#endif + +#ifndef CHECK_EXCEPTION_RETURN +#define CHECK_EXCEPTION_RETURN(env, y) \ + do { \ + if ((*env)->ExceptionCheck(env)) return (y); \ + } while (JNI_FALSE) +#endif + static jlong read_input_via_jni(unpacker* self, void* buf, jlong minlen, jlong maxlen); @@ -92,9 +131,11 @@ static unpacker* get_unpacker() { vm->GetEnv(&envRaw, JNI_VERSION_1_1); JNIEnv* env = (JNIEnv*) envRaw; //fprintf(stderr, "get_unpacker() env=%p\n", env); - if (env == null) - return null; + CHECK_NULL_RETURN(env, NULL); jobject pObj = env->CallStaticObjectMethod(NIclazz, currentInstMID); + // We should check upon the known non-null variable because here we want to check + // only for pending exceptions. If pObj is null we'll deal with it later. + CHECK_EXCEPTION_RETURN_VALUE(env, NULL); //fprintf(stderr, "get_unpacker0() pObj=%p\n", pObj); if (pObj != null) { // Got pObj and env; now do it the easy way. @@ -137,20 +178,20 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_initIDs(JNIEnv *env, jclass clazz) while( dbg != null) { sleep(10); } #endif NIclazz = (jclass) env->NewGlobalRef(clazz); + unpackerPtrFID = env->GetFieldID(clazz, "unpackerPtr", "J"); + CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(unpackerPtrFID, ERROR_INIT); + currentInstMID = env->GetStaticMethodID(clazz, "currentInstance", "()Ljava/lang/Object;"); + CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(currentInstMID, ERROR_INIT); + readInputMID = env->GetMethodID(clazz, "readInputFn", "(Ljava/nio/ByteBuffer;J)J"); - getUnpackerPtrMID = env->GetMethodID(clazz, "getUnpackerPtr", "()J"); + CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(readInputMID, ERROR_INIT); - if (unpackerPtrFID == null || - currentInstMID == null || - readInputMID == null || - NIclazz == null || - getUnpackerPtrMID == null) { - THROW_IOE("cannot init class members"); - } + getUnpackerPtrMID = env->GetMethodID(clazz, "getUnpackerPtr", "()J"); + CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(getUnpackerPtrMID, ERROR_INIT); } JNIEXPORT jlong JNICALL @@ -160,9 +201,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_start(JNIEnv *env, jobject pObj, // valid object pointers and env is intact, if not now is good time to bail. unpacker* uPtr = get_unpacker(); //fprintf(stderr, "start(%p) uPtr=%p initializing\n", pObj, uPtr); - if (uPtr == null) { - return -1; - } + CHECK_EXCEPTION_RETURN_VALUE(uPtr, -1); // redirect our io to the default log file or whatever. uPtr->redirect_stdio(); @@ -200,6 +239,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getNextFile(JNIEnv *env, jobject pO jobjectArray pParts) { unpacker* uPtr = get_unpacker(env, pObj); + CHECK_EXCEPTION_RETURN_VALUE(uPtr, false); unpacker::file* filep = uPtr->get_next_file(); if (uPtr->aborting()) { @@ -207,32 +247,38 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getNextFile(JNIEnv *env, jobject pO return false; } - if (filep == null) { - return false; // end of the sequence - } + CHECK_NULL_RETURN(filep, false); assert(filep == &uPtr->cur_file); int pidx = 0, iidx = 0; jintArray pIntParts = (jintArray) env->GetObjectArrayElement(pParts, pidx++); + CHECK_EXCEPTION_RETURN_VALUE(pIntParts, false); jint* intParts = env->GetIntArrayElements(pIntParts, null); intParts[iidx++] = (jint)( (julong)filep->size >> 32 ); intParts[iidx++] = (jint)( (julong)filep->size >> 0 ); intParts[iidx++] = filep->modtime; intParts[iidx++] = filep->deflate_hint() ? 1 : 0; env->ReleaseIntArrayElements(pIntParts, intParts, JNI_COMMIT); - - env->SetObjectArrayElement(pParts, pidx++, env->NewStringUTF(filep->name)); - + jstring filename = env->NewStringUTF(filep->name); + CHECK_EXCEPTION_RETURN_VALUE(filename, false); + env->SetObjectArrayElement(pParts, pidx++, filename); + CHECK_EXCEPTION_RETURN_VALUE(uPtr, false); jobject pDataBuf = null; - if (filep->data[0].len > 0) + if (filep->data[0].len > 0) { pDataBuf = env->NewDirectByteBuffer(filep->data[0].ptr, filep->data[0].len); + CHECK_EXCEPTION_RETURN_VALUE(pDataBuf, false); + } env->SetObjectArrayElement(pParts, pidx++, pDataBuf); + CHECK_EXCEPTION_RETURN_VALUE(uPtr, false); pDataBuf = null; - if (filep->data[1].len > 0) + if (filep->data[1].len > 0) { pDataBuf = env->NewDirectByteBuffer(filep->data[1].ptr, filep->data[1].len); + CHECK_EXCEPTION_RETURN_VALUE(pDataBuf, false); + } env->SetObjectArrayElement(pParts, pidx++, pDataBuf); + CHECK_EXCEPTION_RETURN_VALUE(uPtr, false); return true; } @@ -241,6 +287,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getNextFile(JNIEnv *env, jobject pO JNIEXPORT jobject JNICALL Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject pObj) { unpacker* uPtr = get_unpacker(env, pObj); + CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL); unpacker::file* filep = &uPtr->cur_file; if (uPtr->aborting()) { @@ -263,7 +310,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject JNIEXPORT jlong JNICALL Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) { unpacker* uPtr = get_unpacker(env, pObj, false); - if (uPtr == null) return 0; + CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL); size_t consumed = uPtr->input_consumed(); free_unpacker(env, pObj, uPtr); return consumed; @@ -274,7 +321,9 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj jstring pProp, jstring pValue) { unpacker* uPtr = get_unpacker(env, pObj); const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE); + CHECK_EXCEPTION_RETURN_VALUE(prop, false); const char* value = env->GetStringUTFChars(pValue, JNI_FALSE); + CHECK_EXCEPTION_RETURN_VALUE(value, false); jboolean retval = uPtr->set_option(prop, value); env->ReleaseStringUTFChars(pProp, prop); env->ReleaseStringUTFChars(pValue, value); @@ -286,9 +335,11 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getOption(JNIEnv *env, jobject pObj jstring pProp) { unpacker* uPtr = get_unpacker(env, pObj); + CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL); const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE); + CHECK_EXCEPTION_RETURN_VALUE(prop, NULL); const char* value = uPtr->get_option(prop); + CHECK_EXCEPTION_RETURN_VALUE(value, NULL); env->ReleaseStringUTFChars(pProp, prop); - if (value == null) return null; return env->NewStringUTF(value); } diff --git a/src/share/native/sun/awt/medialib/awt_ImagingLib.c b/src/share/native/sun/awt/medialib/awt_ImagingLib.c index 1ed87f7b5..472b5eed4 100644 --- a/src/share/native/sun/awt/medialib/awt_ImagingLib.c +++ b/src/share/native/sun/awt/medialib/awt_ImagingLib.c @@ -373,14 +373,14 @@ Java_sun_awt_image_ImagingLib_convolveBI(JNIEnv *env, jobject this, /* Parse the source image */ - if ((status = awt_parseImage(env, jsrc, &srcImageP, FALSE)) <= 0) { + if (awt_parseImage(env, jsrc, &srcImageP, FALSE) <= 0) { /* Can't handle any custom images */ free(dkern); return 0; } /* Parse the destination image */ - if ((status = awt_parseImage(env, jdst, &dstImageP, FALSE)) <= 0) { + if (awt_parseImage(env, jdst, &dstImageP, FALSE) <= 0) { /* Can't handle any custom images */ awt_freeParsedImage(srcImageP, TRUE); free(dkern); @@ -627,7 +627,7 @@ Java_sun_awt_image_ImagingLib_convolveRaster(JNIEnv *env, jobject this, } /* Parse the source raster */ - if ((status = awt_parseRaster(env, jsrc, srcRasterP)) <= 0) { + if (awt_parseRaster(env, jsrc, srcRasterP) <= 0) { /* Can't handle any custom rasters */ free(srcRasterP); free(dstRasterP); @@ -636,7 +636,7 @@ Java_sun_awt_image_ImagingLib_convolveRaster(JNIEnv *env, jobject this, } /* Parse the destination raster */ - if ((status = awt_parseRaster(env, jdst, dstRasterP)) <= 0) { + if (awt_parseRaster(env, jdst, dstRasterP) <= 0) { /* Can't handle any custom images */ awt_freeParsedRaster(srcRasterP, TRUE); free(dstRasterP); @@ -839,13 +839,13 @@ Java_sun_awt_image_ImagingLib_transformBI(JNIEnv *env, jobject this, (*env)->ReleasePrimitiveArrayCritical(env, jmatrix, matrix, JNI_ABORT); /* Parse the source image */ - if ((status = awt_parseImage(env, jsrc, &srcImageP, FALSE)) <= 0) { + if (awt_parseImage(env, jsrc, &srcImageP, FALSE) <= 0) { /* Can't handle any custom images */ return 0; } /* Parse the destination image */ - if ((status = awt_parseImage(env, jdst, &dstImageP, FALSE)) <= 0) { + if (awt_parseImage(env, jdst, &dstImageP, FALSE) <= 0) { /* Can't handle any custom images */ awt_freeParsedImage(srcImageP, TRUE); return 0; @@ -1059,7 +1059,7 @@ Java_sun_awt_image_ImagingLib_transformRaster(JNIEnv *env, jobject this, (*env)->ReleasePrimitiveArrayCritical(env, jmatrix, matrix, JNI_ABORT); /* Parse the source raster */ - if ((status = awt_parseRaster(env, jsrc, srcRasterP)) <= 0) { + if (awt_parseRaster(env, jsrc, srcRasterP) <= 0) { /* Can't handle any custom rasters */ free(srcRasterP); free(dstRasterP); @@ -1067,7 +1067,7 @@ Java_sun_awt_image_ImagingLib_transformRaster(JNIEnv *env, jobject this, } /* Parse the destination raster */ - if ((status = awt_parseRaster(env, jdst, dstRasterP)) <= 0) { + if (awt_parseRaster(env, jdst, dstRasterP) <= 0) { /* Can't handle any custom images */ awt_freeParsedRaster(srcRasterP, TRUE); free(dstRasterP); @@ -1306,13 +1306,13 @@ Java_sun_awt_image_ImagingLib_lookupByteBI(JNIEnv *env, jobject thisLib, if (s_timeIt) (*start_timer)(3600); /* Parse the source image */ - if ((status = awt_parseImage(env, jsrc, &srcImageP, FALSE)) <= 0) { + if (awt_parseImage(env, jsrc, &srcImageP, FALSE) <= 0) { /* Can't handle any custom images */ return 0; } /* Parse the destination image */ - if ((status = awt_parseImage(env, jdst, &dstImageP, FALSE)) <= 0) { + if (awt_parseImage(env, jdst, &dstImageP, FALSE) <= 0) { /* Can't handle any custom images */ awt_freeParsedImage(srcImageP, TRUE); return 0; @@ -1554,14 +1554,14 @@ Java_sun_awt_image_ImagingLib_lookupByteRaster(JNIEnv *env, } /* Parse the source raster - reject custom images */ - if ((status = awt_parseRaster(env, jsrc, srcRasterP)) <= 0) { + if (awt_parseRaster(env, jsrc, srcRasterP) <= 0) { free(srcRasterP); free(dstRasterP); return 0; } /* Parse the destination image - reject custom images */ - if ((status = awt_parseRaster(env, jdst, dstRasterP)) <= 0) { + if (awt_parseRaster(env, jdst, dstRasterP) <= 0) { awt_freeParsedRaster(srcRasterP, TRUE); free(dstRasterP); return 0; diff --git a/src/share/native/sun/font/freetypeScaler.c b/src/share/native/sun/font/freetypeScaler.c index e4b37fd9a..55ca4ebc8 100644 --- a/src/share/native/sun/font/freetypeScaler.c +++ b/src/share/native/sun/font/freetypeScaler.c @@ -177,18 +177,10 @@ static unsigned long ReadTTFontFileFunc(FT_Stream stream, if (numBytes > FILEDATACACHESIZE) { bBuffer = (*env)->NewDirectByteBuffer(env, destBuffer, numBytes); if (bBuffer != NULL) { - /* Loop until the read succeeds (or EOF). - * This should improve robustness in the event of a problem in - * the I/O system. If we find that we ever end up spinning here - * we are going to have to do some serious work to recover. - * Just returning without reading the data will cause a crash. - */ - while (bread == 0) { - bread = (*env)->CallIntMethod(env, - scalerInfo->font2D, - sunFontIDs.ttReadBlockMID, - bBuffer, offset, numBytes); - } + bread = (*env)->CallIntMethod(env, + scalerInfo->font2D, + sunFontIDs.ttReadBlockMID, + bBuffer, offset, numBytes); return bread; } else { /* We probably hit bug bug 4845371. For reasons that @@ -224,19 +216,10 @@ static unsigned long ReadTTFontFileFunc(FT_Stream stream, (offset + FILEDATACACHESIZE > scalerInfo->fileSize) ? scalerInfo->fileSize - offset : FILEDATACACHESIZE; bBuffer = scalerInfo->directBuffer; - /* Loop until all the read succeeds (or EOF). - * This should improve robustness in the event of a problem in - * the I/O system. If we find that we ever end up spinning here - * we are going to have to do some serious work to recover. - * Just returning without reading the data will cause a crash. - */ - while (bread == 0) { - bread = (*env)->CallIntMethod(env, scalerInfo->font2D, - sunFontIDs.ttReadBlockMID, - bBuffer, offset, - scalerInfo->fontDataLength); - } - + bread = (*env)->CallIntMethod(env, scalerInfo->font2D, + sunFontIDs.ttReadBlockMID, + bBuffer, offset, + scalerInfo->fontDataLength); memcpy(destBuffer, scalerInfo->fontData, numBytes); return numBytes; } diff --git a/src/share/native/sun/management/GcInfoBuilder.c b/src/share/native/sun/management/GcInfoBuilder.c index 1d0bebd42..672cc6a77 100644 --- a/src/share/native/sun/management/GcInfoBuilder.c +++ b/src/share/native/sun/management/GcInfoBuilder.c @@ -190,7 +190,7 @@ JNIEXPORT jobject JNICALL Java_sun_management_GcInfoBuilder_getLastGcInfo0 if (ext_att_count <= 0) { JNU_ThrowIllegalArgumentException(env, "Invalid ext_att_count"); - return; + return 0; } gc_stat.usage_before_gc = usageBeforeGC; diff --git a/src/share/native/sun/security/ec/ECC_JNI.cpp b/src/share/native/sun/security/ec/ECC_JNI.cpp index dff675f95..f2612adc2 100644 --- a/src/share/native/sun/security/ec/ECC_JNI.cpp +++ b/src/share/native/sun/security/ec/ECC_JNI.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -64,22 +64,40 @@ void FreeECParams(ECParams *ecparams, jboolean freeStruct) free(ecparams); } +jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem) +{ + SECItem *s = (SECItem *)hSECItem; + + jbyteArray jEncodedBytes = env->NewByteArray(s->len); + if (jEncodedBytes == NULL) { + return NULL; + } + // Copy bytes from a native SECItem buffer to Java byte array + env->SetByteArrayRegion(jEncodedBytes, 0, s->len, (jbyte *)s->data); + if (env->ExceptionCheck()) { // should never happen + return NULL; + } + return jEncodedBytes; +} + + /* * Class: sun_security_ec_ECKeyPairGenerator * Method: generateECKeyPair - * Signature: (I[B[B)[J + * Signature: (I[B[B)[[B */ -JNIEXPORT jlongArray +JNIEXPORT jobjectArray JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed) { - ECPrivateKey *privKey; /* contains both public and private values */ + ECPrivateKey *privKey = NULL; // contains both public and private values ECParams *ecparams = NULL; SECKEYECParams params_item; jint jSeedLength; jbyte* pSeedBuffer = NULL; - jlongArray result = NULL; - jlong* resultElements = NULL; + jobjectArray result = NULL; + jclass baCls = NULL; + jbyteArray jba; // Initialize the ECParams struct params_item.len = env->GetArrayLength(encodedParams); @@ -106,61 +124,61 @@ JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair } jboolean isCopy; - result = env->NewLongArray(2); - resultElements = env->GetLongArrayElements(result, &isCopy); - - resultElements[0] = (jlong) &(privKey->privateValue); // private big integer - resultElements[1] = (jlong) &(privKey->publicValue); // encoded ec point + baCls = env->FindClass("[B"); + if (baCls == NULL) { + goto cleanup; + } + result = env->NewObjectArray(2, baCls, NULL); + if (result == NULL) { + goto cleanup; + } + jba = getEncodedBytes(env, &(privKey->privateValue)); + if (jba == NULL) { + result = NULL; + goto cleanup; + } + env->SetObjectArrayElement(result, 0, jba); // big integer + if (env->ExceptionCheck()) { // should never happen + result = NULL; + goto cleanup; + } - // If the array is a copy then we must write back our changes - if (isCopy == JNI_TRUE) { - env->ReleaseLongArrayElements(result, resultElements, 0); + jba = getEncodedBytes(env, &(privKey->publicValue)); + if (jba == NULL) { + result = NULL; + goto cleanup; + } + env->SetObjectArrayElement(result, 1, jba); // encoded ec point + if (env->ExceptionCheck()) { // should never happen + result = NULL; + goto cleanup; } cleanup: { - if (params_item.data) + if (params_item.data) { env->ReleaseByteArrayElements(encodedParams, (jbyte *) params_item.data, JNI_ABORT); - - if (ecparams) + } + if (ecparams) { FreeECParams(ecparams, true); - + } if (privKey) { FreeECParams(&privKey->ecParams, false); SECITEM_FreeItem(&privKey->version, B_FALSE); - // Don't free privKey->privateValue and privKey->publicValue + SECITEM_FreeItem(&privKey->privateValue, B_FALSE); + SECITEM_FreeItem(&privKey->publicValue, B_FALSE); + free(privKey); } - - if (pSeedBuffer) + if (pSeedBuffer) { delete [] pSeedBuffer; + } } return result; } /* - * Class: sun_security_ec_ECKeyPairGenerator - * Method: getEncodedBytes - * Signature: (J)[B - */ -JNIEXPORT jbyteArray -JNICALL Java_sun_security_ec_ECKeyPairGenerator_getEncodedBytes - (JNIEnv *env, jclass clazz, jlong hSECItem) -{ - SECItem *s = (SECItem *)hSECItem; - jbyteArray jEncodedBytes = env->NewByteArray(s->len); - - // Copy bytes from a native SECItem buffer to Java byte array - env->SetByteArrayRegion(jEncodedBytes, 0, s->len, (jbyte *)s->data); - - // Use B_FALSE to free only the SECItem->data - SECITEM_FreeItem(s, B_FALSE); - - return jEncodedBytes; -} - -/* * Class: sun_security_ec_ECDSASignature * Method: signDigest * Signature: ([B[B[B[B)[B @@ -234,21 +252,26 @@ JNICALL Java_sun_security_ec_ECDSASignature_signDigest cleanup: { - if (params_item.data) + if (params_item.data) { env->ReleaseByteArrayElements(encodedParams, (jbyte *) params_item.data, JNI_ABORT); - - if (pDigestBuffer) + } + if (privKey.privateValue.data) { + env->ReleaseByteArrayElements(privateKey, + (jbyte *) privKey.privateValue.data, JNI_ABORT); + } + if (pDigestBuffer) { delete [] pDigestBuffer; - - if (pSignedDigestBuffer) + } + if (pSignedDigestBuffer) { delete [] pSignedDigestBuffer; - - if (pSeedBuffer) + } + if (pSeedBuffer) { delete [] pSeedBuffer; - - if (ecparams) + } + if (ecparams) { FreeECParams(ecparams, true); + } } return jSignedDigest; diff --git a/src/windows/bin/java_md.c b/src/windows/bin/java_md.c index d08f2bf9b..43ccfc8dd 100644 --- a/src/windows/bin/java_md.c +++ b/src/windows/bin/java_md.c @@ -1306,6 +1306,14 @@ int AWTPreload(const char *funcName) /* save path length */ jrePathLen = JLI_StrLen(libraryPath); + if (jrePathLen + JLI_StrLen("\\bin\\verify.dll") >= MAXPATHLEN) { + /* jre path is too long, the library path will not fit there; + * report and abort preloading + */ + JLI_ReportErrorMessage(JRE_ERROR11); + break; + } + /* load msvcrt 1st */ LoadMSVCRT(); diff --git a/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java b/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java index 765a9b496..0070bd445 100644 --- a/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java +++ b/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java @@ -583,11 +583,18 @@ final class Win32ShellFolder2 extends ShellFolder { // Needs to be accessible to Win32ShellFolderManager2 static String getFileSystemPath(final int csidl) throws IOException, InterruptedException { - return invoke(new Callable<String>() { + String path = invoke(new Callable<String>() { public String call() throws IOException { return getFileSystemPath0(csidl); } }, IOException.class); + if (path != null) { + SecurityManager security = System.getSecurityManager(); + if (security != null) { + security.checkRead(path); + } + } + return path; } // NOTE: this method uses COM and must be called on the 'COM thread'. See ComInvoker for the details diff --git a/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java b/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java index a9522ee57..41ba690f3 100644 --- a/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java +++ b/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java @@ -136,6 +136,8 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { if (desktop == null) { try { desktop = new Win32ShellFolder2(DESKTOP); + } catch (SecurityException e) { + // Ignore error } catch (IOException e) { // Ignore error } catch (InterruptedException e) { @@ -149,6 +151,8 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { if (drives == null) { try { drives = new Win32ShellFolder2(DRIVES); + } catch (SecurityException e) { + // Ignore error } catch (IOException e) { // Ignore error } catch (InterruptedException e) { @@ -165,6 +169,8 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { if (path != null) { recent = createShellFolder(getDesktop(), new File(path)); } + } catch (SecurityException e) { + // Ignore error } catch (InterruptedException e) { // Ignore error } catch (IOException e) { @@ -178,6 +184,8 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { if (network == null) { try { network = new Win32ShellFolder2(NETWORK); + } catch (SecurityException e) { + // Ignore error } catch (IOException e) { // Ignore error } catch (InterruptedException e) { @@ -201,6 +209,8 @@ public class Win32ShellFolderManager2 extends ShellFolderManager { personal.setIsPersonal(); } } + } catch (SecurityException e) { + // Ignore error } catch (InterruptedException e) { // Ignore error } catch (IOException e) { |