Mercurial > hg > release > icedtea6-1.10

view patches/openjdk/7102369-7094468-rmiregistry.patch @ 2578:96394d394527

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add security patches for 2012/06/12. 2012-06-07 Andrew John Hughes <ahughes@redhat.com> * Makefile.am: (ICEDTEA_PATCHES): Add security patches. Make more patches HotSpot-build specific. * patches/ecj/override.patch: Add additional cases from 7143872. * patches/arm.patch: Moved to HotSpot-specific versions. * patches/arch.patch, * patches/freetypeversion.patch, * patches/gcc-suffix.patch: Fix to work with no fuzz. * patches/hotspot/hs20/arm.patch, * patches/hotspot/hs20/gcc-stack-markings.patch, * patches/hotspot/hs20/numa_on_early_glibc.patch, * patches/hotspot/hs20/sparc-trapsfix.patch, * patches/hotspot/hs20/version-hotspot.patch: Split to work with hs20 with no fuzz. * patches/hotspot/original/arm.patch, * patches/hotspot/original/gcc-stack-markings.patch, * patches/hotspot/original/numa_on_early_glibc.patch, * patches/hotspot/original/sparc-trapsfix.patch, * patches/hotspot/original/version-hotspot.patch: Likewise for hs19 (original). * patches/jaxp-serial-version-uid.patch, * patches/libraries.patch, * patches/nio2.patch, * patches/no-static-linking.patch, * patches/openjdk/6693253-security_warning.patch, * patches/openjdk/6766342-AA-simple-shape-performance.patch, * patches/openjdk/6797139-jbutton_truncation.patch, * patches/openjdk/6851973-kerberos.patch, * patches/openjdk/7102369-7094468-rmiregistry.patch: Fixed to work with no fuzz. * patches/openjdk/hs20/7034464-hugepage.patch, * patches/openjdk/hs20/7103224-glibc_name_collision.patch, Fixed to work with hs20 and no fuzz. * patches/openjdk/mutter.patch: Fixed to work with no fuzz. * patches/openjdk/original/7034464-hugepage.patch, * patches/openjdk/original/7103224-glibc_name_collision.patch, Fixed to work with hs19 (original) and no fuzz. * patches/openjdk/remove-mimpure-option-to-gcc.patch: Fixed to work with no fuzz. * patches/security/20120612/7079902.patch, * patches/security/20120612/7143606.patch, * patches/security/20120612/7143614.patch, * patches/security/20120612/7143617.patch, * patches/security/20120612/7143851.patch, * patches/security/20120612/7143872.patch, * patches/security/20120612/7145239.patch, * patches/security/20120612/7157609.patch, * patches/security/20120612/7160677.patch, * patches/security/20120612/7160757.patch, * patches/security/20120612/hs20/7110720.patch, * patches/security/20120612/hs20/7152811.patch, * patches/security/20120612/original/7110720.patch, * patches/security/20120612/original/7152811.patch, Security patches for 2012/06/12. * NEWS: Updated.
author Andrew John Hughes <ahughes@redhat.com>
date Fri, 08 Jun 2012 14:23:28 +0100
parents f844632b05a0
children
line wrap: on
line source

diff -Nru openjdk.orig/jdk/src/share/classes/sun/rmi/registry/RegistryImpl.java openjdk/jdk/src/share/classes/sun/rmi/registry/RegistryImpl.java
--- openjdk.orig/jdk/src/share/classes/sun/rmi/registry/RegistryImpl.java	2012-06-08 12:16:36.773125012 +0100
+++ openjdk/jdk/src/share/classes/sun/rmi/registry/RegistryImpl.java	2012-06-08 12:17:21.653851103 +0100
@@ -29,6 +29,7 @@
 import java.util.Hashtable;
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
+import java.io.FilePermission;
 import java.io.IOException;
 import java.net.*;
 import java.rmi.*;
@@ -41,12 +42,12 @@
 import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.CodeSource;
-import java.security.Policy; 
+import java.security.Policy;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.security.PermissionCollection;
 import java.security.Permissions;
-import java.security.ProtectionDomain; 
+import java.security.ProtectionDomain;
 import java.text.MessageFormat;
 import sun.rmi.server.LoaderHandler;
 import sun.rmi.server.UnicastServerRef;
@@ -54,7 +55,6 @@
 import sun.rmi.transport.LiveRef;
 import sun.rmi.transport.ObjectTable;
 import sun.rmi.transport.Target;
-import sun.security.action.GetPropertyAction;
 
 /**
  * A "registry" exists on every node that allows RMI connections to
@@ -76,8 +76,10 @@
 
     /* indicate compatibility with JDK 1.1.x version of class */
     private static final long serialVersionUID = 4666870661827494597L;
-    private Hashtable bindings = new Hashtable(101);
-    private static Hashtable allowedAccessCache = new Hashtable(3);
+    private Hashtable<String, Remote> bindings
+        = new Hashtable<String, Remote>(101);
+    private static Hashtable<InetAddress, InetAddress> allowedAccessCache
+        = new Hashtable<InetAddress, InetAddress>(3);
     private static RegistryImpl registry;
     private static ObjID id = new ObjID(ObjID.REGISTRY_ID);
 
@@ -129,7 +131,7 @@
         throws RemoteException, NotBoundException
     {
         synchronized (bindings) {
-            Remote obj = (Remote)bindings.get(name);
+            Remote obj = bindings.get(name);
             if (obj == null)
                 throw new NotBoundException(name);
             return obj;
@@ -146,7 +148,7 @@
     {
         checkAccess("Registry.bind");
         synchronized (bindings) {
-            Remote curr = (Remote)bindings.get(name);
+            Remote curr = bindings.get(name);
             if (curr != null)
                 throw new AlreadyBoundException(name);
             bindings.put(name, obj);
@@ -163,7 +165,7 @@
     {
         checkAccess("Registry.unbind");
         synchronized (bindings) {
-            Remote obj = (Remote)bindings.get(name);
+            Remote obj = bindings.get(name);
             if (obj == null)
                 throw new NotBoundException(name);
             bindings.remove(name);
@@ -213,10 +215,9 @@
             InetAddress clientHost;
 
             try {
-                clientHost = (InetAddress)
-                    java.security.AccessController.doPrivileged(
-                        new java.security.PrivilegedExceptionAction() {
-                        public Object run()
+                clientHost = java.security.AccessController.doPrivileged(
+                    new java.security.PrivilegedExceptionAction<InetAddress>() {
+                        public InetAddress run()
                             throws java.net.UnknownHostException
                         {
                             return InetAddress.getByName(clientHostName);
@@ -238,8 +239,8 @@
                     final InetAddress finalClientHost = clientHost;
 
                     java.security.AccessController.doPrivileged(
-                        new java.security.PrivilegedExceptionAction() {
-                            public Object run() throws java.io.IOException {
+                        new java.security.PrivilegedExceptionAction<Void>() {
+                            public Void run() throws java.io.IOException {
                                 /*
                                  * if a ServerSocket can be bound to the client's
                                  * address then that address must be local
@@ -334,19 +335,6 @@
             URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp);
             ClassLoader cl = new URLClassLoader(urls);
 
-            String codebaseProperty = null;
-            String prop = java.security.AccessController.doPrivileged(
-                new GetPropertyAction("java.rmi.server.codebase"));
-                if (prop != null && prop.trim().length() > 0) {
-                    codebaseProperty = prop;
-                }
-            URL[] codebaseURLs = null;
-            if (codebaseProperty != null) {
-                codebaseURLs = sun.misc.URLClassPath.pathToURLs(codebaseProperty);
-            } else {
-                codebaseURLs = new URL[0];
-            }
-
             /*
              * Fix bugid 4242317: Classes defined by this class loader should
              * be annotated with the value of the "java.rmi.server.codebase"
@@ -364,7 +352,7 @@
                         public RegistryImpl run() throws RemoteException {
                             return new RegistryImpl(regPort);
                         }
-                    }, getAccessControlContext(codebaseURLs));
+                    }, getAccessControlContext());
             } catch (PrivilegedActionException ex) {
                 throw (RemoteException) ex.getException();
             }
@@ -390,11 +378,11 @@
     }
 
     /**
-     * Generates an AccessControlContext from several URLs.
+     * Generates an AccessControlContext with minimal permissions.
      * The approach used here is taken from the similar method
      * getAccessControlContext() in the sun.applet.AppletPanel class.
      */
-    private static AccessControlContext getAccessControlContext(URL[] urls) {
+    private static AccessControlContext getAccessControlContext() {
         // begin with permissions granted to all code in current policy
         PermissionCollection perms = AccessController.doPrivileged(
             new java.security.PrivilegedAction<PermissionCollection>() {
@@ -417,17 +405,15 @@
          */
         perms.add(new SocketPermission("*", "connect,accept"));
 
-        // add permissions required to load from codebase URL path
-        LoaderHandler.addPermissionsForURLs(urls, perms, false);
+        perms.add(new FilePermission("<<ALL FILES>>", "read"));
 
         /*
          * Create an AccessControlContext that consists of a single
          * protection domain with only the permissions calculated above.
          */
         ProtectionDomain pd = new ProtectionDomain(
-            new CodeSource((urls.length > 0 ? urls[0] : null),
-                (java.security.cert.Certificate[]) null),
-            perms);
+            new CodeSource(null,
+                (java.security.cert.Certificate[]) null), perms);
         return new AccessControlContext(new ProtectionDomain[] { pd });
     }
 }
diff -Nru openjdk.orig/jdk/src/share/classes/sun/rmi/server/LoaderHandler.java openjdk/jdk/src/share/classes/sun/rmi/server/LoaderHandler.java
--- openjdk.orig/jdk/src/share/classes/sun/rmi/server/LoaderHandler.java	2012-06-08 12:16:36.773125012 +0100
+++ openjdk/jdk/src/share/classes/sun/rmi/server/LoaderHandler.java	2012-06-08 12:17:21.653851103 +0100
@@ -1028,7 +1028,7 @@
      * loader.  A given permission is only added to the collection if
      * it is not already implied by the collection.
      */
-    public static void addPermissionsForURLs(URL[] urls,
+    private static void addPermissionsForURLs(URL[] urls,
                                               PermissionCollection perms,
                                               boolean forLoader)
     {
diff -Nru openjdk.orig/jdk/test/java/rmi/registry/readTest/readTest.java openjdk/jdk/test/java/rmi/registry/readTest/readTest.java
--- openjdk.orig/jdk/test/java/rmi/registry/readTest/readTest.java	1970-01-01 01:00:00.000000000 +0100
+++ openjdk/jdk/test/java/rmi/registry/readTest/readTest.java	2012-06-08 12:17:21.673851428 +0100
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.rmi.registry.Registry;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.RemoteException;
+import java.rmi.server.UnicastRemoteObject;
+
+        
+public class readTest {
+    
+    public static void main(String args[]) throws Exception {
+        int port = 7491; 
+        try {
+            testPkg.Server obj = new testPkg.Server();
+            testPkg.Hello stub = (testPkg.Hello) UnicastRemoteObject.exportObject(obj, 0);
+            // Bind the remote object's stub in the registry
+            Registry registry = LocateRegistry.getRegistry(port);
+            registry.bind("Hello", stub);
+
+            System.err.println("Server ready");
+
+            // now, let's test client
+            testPkg.Client client = new testPkg.Client(port);
+            String testStubReturn = client.testStub();
+            if(!testStubReturn.equals(obj.hello)) {
+                throw new RuntimeException("Test Fails : unexpected string from stub call");
+            } else {
+                System.out.println("Test passed"); 
+            }
+            registry.unbind("Hello"); 
+            
+        } catch (Exception e) {
+            System.err.println("Server exception: " + e.toString());
+            e.printStackTrace();
+        }
+      
+    }
+}
diff -Nru openjdk.orig/jdk/test/java/rmi/registry/readTest/readTest.sh openjdk/jdk/test/java/rmi/registry/readTest/readTest.sh
--- openjdk.orig/jdk/test/java/rmi/registry/readTest/readTest.sh	1970-01-01 01:00:00.000000000 +0100
+++ openjdk/jdk/test/java/rmi/registry/readTest/readTest.sh	2012-06-08 12:17:21.673851428 +0100
@@ -0,0 +1,95 @@
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 7102369 7094468 7100592
+# @summary remove java.rmi.server.codebase property parsing from registyimpl
+# @run shell readTest.sh
+
+OS=`uname -s`
+case "$OS" in
+  SunOS | Linux )
+    PS=":"
+    FS="/"
+    FILEURL="file:"
+    ;;
+  Windows* | CYGWIN* )
+    PS=";"
+    FS="\\"
+    FILEURL="file:/"
+    ;;
+  * )
+    echo "Unrecognized system!"
+    exit 1;
+    ;;
+esac
+
+cp -r ${TESTSRC}${FS}* .
+${TESTJAVA}${FS}bin${FS}javac testPkg${FS}*java
+${TESTJAVA}${FS}bin${FS}javac readTest.java
+
+mkdir rmi_tmp
+RMIREG_OUT=rmi.out
+#start rmiregistry without any local classes on classpath
+cd rmi_tmp
+${TESTJAVA}${FS}bin${FS}rmiregistry 7491 > ..${FS}${RMIREG_OUT} 2>&1 &
+RMIREG_PID=$!
+# allow some time to start
+sleep 3
+cd ..
+
+# trailing / after code base is important for rmi codebase property.
+${TESTJAVA}${FS}bin${FS}java -Djava.rmi.server.codebase=${FILEURL}`pwd`/ readTest > OUT.TXT 2>&1 &
+TEST_PID=$!
+#bulk of testcase - let it run for a while
+sleep 5
+
+#we're done, kill processes first
+kill -9 ${RMIREG_PID} ${TEST_PID}
+sleep 3
+
+echo "Test output : "
+
+cat OUT.TXT
+echo "=============="
+echo "rmiregistry output  : "
+cat ${RMIREG_OUT}
+echo "=============="
+
+grep "Server ready" OUT.TXT
+result1=$?
+grep "Test passed" OUT.TXT
+result2=$?
+
+if [ $result1 -eq 0  -a $result2 -eq 0 ]
+then 
+    echo "Passed"
+    exitCode=0;
+else
+    echo "Failed"
+    exitCode=1
+fi
+rm -rf OUT.TXT ${RMIREG_OUT} rmi_tmp
+exit ${exitCode}    
+
+
diff -Nru openjdk.orig/jdk/test/java/rmi/registry/readTest/testPkg/Client.java openjdk/jdk/test/java/rmi/registry/readTest/testPkg/Client.java
--- openjdk.orig/jdk/test/java/rmi/registry/readTest/testPkg/Client.java	1970-01-01 01:00:00.000000000 +0100
+++ openjdk/jdk/test/java/rmi/registry/readTest/testPkg/Client.java	2012-06-08 12:17:21.673851428 +0100
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package testPkg;
+
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+
+public class Client {
+    int port;
+
+    public Client(int p) {
+        port = p;
+    }
+
+    public String testStub() throws Exception {
+        try {
+            Registry registry = LocateRegistry.getRegistry(port);
+            Hello stub = (Hello) registry.lookup("Hello");
+            String response = stub.sayHello();
+            return response;
+            } catch (Exception e) {
+                System.err.println("Client exception: " + e.toString());
+                throw e;
+            }
+        }
+    }
+
diff -Nru openjdk.orig/jdk/test/java/rmi/registry/readTest/testPkg/Hello.java openjdk/jdk/test/java/rmi/registry/readTest/testPkg/Hello.java
--- openjdk.orig/jdk/test/java/rmi/registry/readTest/testPkg/Hello.java	1970-01-01 01:00:00.000000000 +0100
+++ openjdk/jdk/test/java/rmi/registry/readTest/testPkg/Hello.java	2012-06-08 12:17:21.673851428 +0100
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package testPkg;
+
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+
+public interface Hello extends Remote {
+    String sayHello() throws RemoteException;
+}
diff -Nru openjdk.orig/jdk/test/java/rmi/registry/readTest/testPkg/Server.java openjdk/jdk/test/java/rmi/registry/readTest/testPkg/Server.java
--- openjdk.orig/jdk/test/java/rmi/registry/readTest/testPkg/Server.java	1970-01-01 01:00:00.000000000 +0100
+++ openjdk/jdk/test/java/rmi/registry/readTest/testPkg/Server.java	2012-06-08 12:17:21.673851428 +0100
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package testPkg;
+        
+public class Server implements Hello {
+
+    public String hello = "Hello, world!";
+        
+    public Server() {}
+
+    public String sayHello() {
+        return hello;
+    }
+        
+}