Mercurial > hg > release > icedtea6-1.11

view patches/openjdk/8014085-better_serialization.patch @ 2938:d667440f2973

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 2013/10/15 security fixes. 2013-10-29 Andrew John Hughes <gnu.andrew@redhat.com> * patches/ecj/bootver.patch: Removed as unapplied & incorporated in other patches. * Makefile.am: (SECURITY_PATCHES): Add security update. * NEWS: Updated. * patches/jtreg-LastErrorString.patch, * patches/openjdk/7196533-timezone_bottleneck.patch, * patches/openjdk/8010727-empty_logger_name.patch, * patches/openjdk/8010939-logmanager_deadlock.patch, * patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch, * patches/openjdk/8014718-remove_logging_suntoolkit.patch: Regenerated. * patches/nss-config.patch: Fix path to java.security. * patches/openjdk/4075303-javap_update.patch, * patches/openjdk/4111861-static_fields.patch, * patches/openjdk/4501661-disallow_mixing.patch, * patches/openjdk/4884240-javap_additional_option.patch, * patches/openjdk/6708729-javap_makefile_update.patch, * patches/openjdk/6715767-javap_crash.patch, * patches/openjdk/6819246-javap_instruction_decoding.patch, * patches/openjdk/6824493-experimental.patch, * patches/openjdk/6841419-classfile_iterator.patch, * patches/openjdk/6841420-classfile_methods.patch, * patches/openjdk/6843013-missing_experimental.patch, * patches/openjdk/6852856-javap_subclasses.patch, * patches/openjdk/6867671-javap_whitespace.patch, * patches/openjdk/6868539-constant_pool_tags.patch, * patches/openjdk/6902264-fix_indentation.patch, * patches/openjdk/6954275-big_xml_signatures.patch, * patches/openjdk/7146431-java.security_files.patch, * patches/openjdk/8000450-restrict_access.patch, * patches/openjdk/8002070-remove_logger_stack_search.patch, * patches/openjdk/8003992-embedded_nulls.patch, * patches/openjdk/8004188-rename_java.security.patch, * patches/openjdk/8006882-jmockit.patch, * patches/openjdk/8006900-new_date_time.patch, * patches/openjdk/8008589-better_mbean_permission_validation.patch, * patches/openjdk/8010118-caller_sensitive.patch, * patches/openjdk/8011071-better_crypto_provider_handling.patch, * patches/openjdk/8011081-improve_jhat.patch, * patches/openjdk/8011139-revise_checking_getenclosingclass.patch, * patches/openjdk/8011157-improve_corba_portability-jdk.patch, * patches/openjdk/8011157-improve_corba_portability.patch, * patches/openjdk/8011990-logger_test_urls.patch, * patches/openjdk/8012071-better_bean_building.patch, * patches/openjdk/8012147-improve_tool.patch, * patches/openjdk/8012243-serial_regression.patch, * patches/openjdk/8012277-improve_dataflavour.patch, * patches/openjdk/8012425-transform_transformfactory.patch, * patches/openjdk/8012453-runtime.exec.patch, * patches/openjdk/8013380-logger_stack_walk_glassfish.patch, * patches/openjdk/8013503-improve_stream_factories.patch, * patches/openjdk/8013506-better_pack200.patch, * patches/openjdk/8013510-augment_image_writing.patch, * patches/openjdk/8013514-improve_cmap_stability.patch, * patches/openjdk/8013739-better_ldap_resource_management.patch, * patches/openjdk/8013744-better_tabling.patch, * patches/openjdk/8013827-createtempfile_hang.patch, * patches/openjdk/8014085-better_serialization.patch, * patches/openjdk/8014093-improve_image_parsing.patch, * patches/openjdk/8014102-improve_image_conversion.patch, * patches/openjdk/8014341-better_kerberos_service.patch, * patches/openjdk/8014349-getdeclaredclass_fix.patch, * patches/openjdk/8014530-better_dsp.patch, * patches/openjdk/8014534-better_profiling.patch, * patches/openjdk/8014745-logger_stack_walk_switch.patch, * patches/openjdk/8014987-augment_serialization.patch, * patches/openjdk/8015144-performance_regression.patch, * patches/openjdk/8015614-update_build.patch, * patches/openjdk/8015731-auth_improvements.patch, * patches/openjdk/8015743-address_internet_addresses.patch, * patches/openjdk/8015965-typo_in_property_name.patch, * patches/openjdk/8015978-incorrect_transformation.patch, * patches/openjdk/8016256-finalization_final.patch, * patches/openjdk/8016357-update_hs_diagnostic_class.patch, * patches/openjdk/8016653-ignoreable_characters.patch, * patches/openjdk/8016675-robust_javadoc.patch, * patches/openjdk/8017196-ensure_proxies_are_handled_appropriately-jdk.patch, * patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch, * patches/openjdk/8017287-better_resource_disposal.patch, * patches/openjdk/8017291-cast_proxies_aside.patch, * patches/openjdk/8017298-better_xml_support.patch, * patches/openjdk/8017300-improve_interface_implementation.patch, * patches/openjdk/8017505-better_client_service.patch, * patches/openjdk/8017566-backout_part_of_8000450.patch, * patches/openjdk/8019292-better_attribute_value_exceptions.patch, * patches/openjdk/8019584-invalid_notification_fix.patch, * patches/openjdk/8019617-better_view_of_objects.patch, * patches/openjdk/8019969-inet6_test_case_fix.patch, * patches/openjdk/8019979-better_access_test.patch, * patches/openjdk/8020293-jvm_crash.patch, * patches/openjdk/8021290-signature_validation.patch, * patches/openjdk/8021355-splashscreen_regression.patch, * patches/openjdk/8021366-jaxp_test_fix-01.patch, * patches/openjdk/8021577-bean_serialization_fix.patch, * patches/openjdk/8021933-jaxp_test_fix-02.patch, * patches/openjdk/8021969-jnlp_load_failure.patch, * patches/openjdk/8022661-writeobject_flush.patch, * patches/openjdk/8022682-supporting_xom.patch, * patches/openjdk/8022940-enhance_corba_translations.patch, * patches/openjdk/8023683-enhance_class_file_parsing.patch, * patches/openjdk/8023964-ignore_test.patch, * patches/openjdk/8024914-swapped_usage.patch, * patches/openjdk/8025128-createtempfile_absolute_prefix.patch, * patches/openjdk/oj6-19-fix_8010118_test_cases.patch, * patches/openjdk/oj6-20-merge.patch, * patches/openjdk/oj6-21-overrides.patch: Added.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Thu, 31 Oct 2013 00:22:07 +0000
parents
children
line wrap: on
line source

# HG changeset patch
# User jbachorik
# Date 1371711107 -7200
#      Thu Jun 20 08:51:47 2013 +0200
# Node ID a9be60a78488c7b261b92d927d1272afe2484e6b
# Parent  d10e47deb098d4af5d58a8bfe92dc8033e5ef6f7
8014085: Better serialization support in JMX classes
Reviewed-by: alanb, dfuchs, skoivu

diff -r d10e47deb098 -r a9be60a78488 src/share/classes/javax/management/MBeanNotificationInfo.java
--- openjdk/jdk/src/share/classes/javax/management/MBeanNotificationInfo.java	Tue Oct 15 16:47:11 2013 +0100
+++ openjdk/jdk/src/share/classes/javax/management/MBeanNotificationInfo.java	Thu Jun 20 08:51:47 2013 +0200
@@ -25,6 +25,9 @@
 
 package javax.management;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.util.Arrays;
 
 /**
@@ -67,7 +70,7 @@
     /**
      * @serial The different types of the notification.
      */
-    private final String[] types;
+    private String[] types;
 
     /** @see MBeanInfo#arrayGettersSafe */
     private final transient boolean arrayGettersSafe;
@@ -114,9 +117,8 @@
            notifType, though it doesn't explicitly allow it
            either.  */
 
-        if (notifTypes == null)
-            notifTypes = NO_TYPES;
-        this.types = notifTypes;
+        this.types = (notifTypes != null && notifTypes.length > 0) ?
+                        notifTypes.clone() : NO_TYPES;
         this.arrayGettersSafe =
             MBeanInfo.arrayGettersSafe(this.getClass(),
                                        MBeanNotificationInfo.class);
@@ -203,4 +205,16 @@
             hash ^= types[i].hashCode();
         return hash;
     }
+
+    private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
+        ObjectInputStream.GetField gf = ois.readFields();
+        String[] t = (String[])gf.get("types", null);
+
+        if (t == null) {
+            throw new InvalidObjectException("Trying to deserialize an invalid " +
+                                             "instance of " + MBeanNotificationInfo.class +
+                                             "[types=null]");
+        }
+        types = t.length == 0 ? t : t.clone();
+    }
 }
diff -r d10e47deb098 -r a9be60a78488 src/share/classes/javax/management/remote/JMXPrincipal.java
--- openjdk/jdk/src/share/classes/javax/management/remote/JMXPrincipal.java	Tue Oct 15 16:47:11 2013 +0100
+++ openjdk/jdk/src/share/classes/javax/management/remote/JMXPrincipal.java	Thu Jun 20 08:51:47 2013 +0200
@@ -26,6 +26,9 @@
 
 package javax.management.remote;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.security.Principal;
 
@@ -64,9 +67,7 @@
      * <code>null</code>.
      */
     public JMXPrincipal(String name) {
-        if (name == null)
-            throw new NullPointerException("illegal null input");
-
+        validate(name);
         this.name = name;
     }
 
@@ -130,4 +131,20 @@
     public int hashCode() {
         return name.hashCode();
     }
+
+    private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
+        ObjectInputStream.GetField gf = ois.readFields();
+        String principalName = (String)gf.get("name", null);
+        try {
+            validate(principalName);
+            this.name = principalName;
+        } catch (NullPointerException e) {
+            throw new InvalidObjectException(e.getMessage());
+        }
+    }
+
+    private static void validate(String name) throws NullPointerException {
+        if (name == null)
+            throw new NullPointerException("illegal null input");
+    }
 }
diff -r d10e47deb098 -r a9be60a78488 src/share/classes/javax/management/remote/JMXServiceURL.java
--- openjdk/jdk/src/share/classes/javax/management/remote/JMXServiceURL.java	Tue Oct 15 16:47:11 2013 +0100
+++ openjdk/jdk/src/share/classes/javax/management/remote/JMXServiceURL.java	Thu Jun 20 08:51:47 2013 +0200
@@ -29,6 +29,9 @@
 
 import com.sun.jmx.remote.util.ClassLogger;
 import com.sun.jmx.remote.util.EnvHelp;
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 
 import java.io.Serializable;
 import java.net.InetAddress;
@@ -299,7 +302,7 @@
                If we're given an explicit host name that is illegal we
                have to reject it.  (Bug 5057532.)  */
             try {
-                validateHost(host);
+                validateHost(host, port);
             } catch (MalformedURLException e) {
                 if (logger.fineOn()) {
                     logger.fine("JMXServiceURL",
@@ -338,36 +341,82 @@
         validate();
     }
 
-    private void validate() throws MalformedURLException {
+    private static final String INVALID_INSTANCE_MSG =
+            "Trying to deserialize an invalid instance of JMXServiceURL";
+    private void readObject(ObjectInputStream  inputStream) throws IOException, ClassNotFoundException {
+        ObjectInputStream.GetField gf = inputStream.readFields();
+        String h = (String)gf.get("host", null);
+        int p = (int)gf.get("port", -1);
+        String proto = (String)gf.get("protocol", null);
+        String url = (String)gf.get("urlPath", null);
 
+        if (proto == null || url == null || h == null) {
+            StringBuilder sb = new StringBuilder(INVALID_INSTANCE_MSG).append('[');
+            boolean empty = true;
+            if (proto == null) {
+                sb.append("protocol=null");
+                empty = false;
+            }
+            if (h == null) {
+                sb.append(empty ? "" : ",").append("host=null");
+                empty = false;
+            }
+            if (url == null) {
+                sb.append(empty ? "" : ",").append("urlPath=null");
+            }
+            sb.append(']');
+            throw new InvalidObjectException(sb.toString());
+        }
+
+        if (h.contains("[") || h.contains("]")) {
+            throw new InvalidObjectException("Invalid host name: " + h);
+        }
+
+        try {
+            validate(proto, h, p, url);
+            this.protocol = proto;
+            this.host = h;
+            this.port = p;
+            this.urlPath = url;
+        } catch (MalformedURLException e) {
+            throw new InvalidObjectException(INVALID_INSTANCE_MSG + ": " +
+                                             e.getMessage());
+        }
+
+    }
+
+    private void validate(String proto, String h, int p, String url)
+        throws MalformedURLException {
         // Check protocol
-
-        final int protoEnd = indexOfFirstNotInSet(protocol, protocolBitSet, 0);
-        if (protoEnd == 0 || protoEnd < protocol.length()
-            || !alphaBitSet.get(protocol.charAt(0))) {
+        final int protoEnd = indexOfFirstNotInSet(proto, protocolBitSet, 0);
+        if (protoEnd == 0 || protoEnd < proto.length()
+            || !alphaBitSet.get(proto.charAt(0))) {
             throw new MalformedURLException("Missing or invalid protocol " +
-                                            "name: \"" + protocol + "\"");
+                                            "name: \"" + proto + "\"");
         }
 
         // Check host
-
-        validateHost();
+        validateHost(h, p);
 
         // Check port
-
-        if (port < 0)
-            throw new MalformedURLException("Bad port: " + port);
+        if (p < 0)
+            throw new MalformedURLException("Bad port: " + p);
 
         // Check URL path
-
-        if (urlPath.length() > 0) {
-            if (!urlPath.startsWith("/") && !urlPath.startsWith(";"))
-                throw new MalformedURLException("Bad URL path: " + urlPath);
+        if (url.length() > 0) {
+            if (!url.startsWith("/") && !url.startsWith(";"))
+                throw new MalformedURLException("Bad URL path: " + url);
         }
     }
 
-    private void validateHost() throws MalformedURLException {
-        if (host.length() == 0) {
+    private void validate() throws MalformedURLException {
+        validate(this.protocol, this.host, this.port, this.urlPath);
+    }
+
+    private static void validateHost(String h, int port)
+            throws MalformedURLException {
+
+        if (h.length() == 0) {
             if (port != 0) {
                 throw new MalformedURLException("Cannot give port number " +
                                                 "without host name");
@@ -375,12 +424,6 @@
             return;
         }
 
-        validateHost(host);
-    }
-
-    private static void validateHost(String h)
-            throws MalformedURLException {
-
         if (isNumericIPv6Address(h)) {
             /* We assume J2SE >= 1.4 here.  Otherwise you can't
                use the address anyway.  We can't call
@@ -670,22 +713,22 @@
     /**
      * The value returned by {@link #getProtocol()}.
      */
-    private final String protocol;
+    private String protocol;
 
     /**
      * The value returned by {@link #getHost()}.
      */
-    private final String host;
+    private String host;
 
     /**
      * The value returned by {@link #getPort()}.
      */
-    private final int port;
+    private int port;
 
     /**
      * The value returned by {@link #getURLPath()}.
      */
-    private final String urlPath;
+    private String urlPath;
 
     /**
      * Cached result of {@link #toString()}.
diff -r d10e47deb098 -r a9be60a78488 src/share/classes/javax/management/remote/NotificationResult.java
--- openjdk/jdk/src/share/classes/javax/management/remote/NotificationResult.java	Tue Oct 15 16:47:11 2013 +0100
+++ openjdk/jdk/src/share/classes/javax/management/remote/NotificationResult.java	Thu Jun 20 08:51:47 2013 +0200
@@ -25,6 +25,9 @@
 
 package javax.management.remote;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 
 /**
@@ -76,17 +79,7 @@
     public NotificationResult(long earliestSequenceNumber,
                               long nextSequenceNumber,
                               TargetedNotification[] targetedNotifications) {
-        if (targetedNotifications == null) {
-            final String msg = "Notifications null";
-            throw new IllegalArgumentException(msg);
-        }
-
-        if (earliestSequenceNumber < 0 || nextSequenceNumber < 0)
-            throw new IllegalArgumentException("Bad sequence numbers");
-        /* We used to check nextSequenceNumber >= earliestSequenceNumber
-           here.  But in fact the opposite can legitimately be true if
-           notifications have been lost.  */
-
+        validate(targetedNotifications, earliestSequenceNumber, nextSequenceNumber);
         this.earliestSequenceNumber = earliestSequenceNumber;
         this.nextSequenceNumber = nextSequenceNumber;
         this.targetedNotifications = (targetedNotifications.length == 0 ? targetedNotifications : targetedNotifications.clone());
@@ -138,7 +131,39 @@
             getTargetedNotifications().length;
     }
 
-    private final long earliestSequenceNumber;
-    private final long nextSequenceNumber;
-    private final TargetedNotification[] targetedNotifications;
+    private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
+        ObjectInputStream.GetField gf = ois.readFields();
+        TargetedNotification[] tNotifs = (TargetedNotification[])gf.get("targetedNotifications", null);
+        long snStart = gf.get("earliestSequenceNumber", -1L);
+        long snNext = gf.get("nextSequenceNumber", -1L);
+        try {
+            validate(tNotifs, snStart, snNext);
+
+            this.targetedNotifications = tNotifs.length == 0 ? tNotifs : tNotifs.clone();
+            this.earliestSequenceNumber = snStart;
+            this.nextSequenceNumber = snNext;
+        } catch (IllegalArgumentException e) {
+            throw new InvalidObjectException(e.getMessage());
+        }
+    }
+
+    private long earliestSequenceNumber;
+    private long nextSequenceNumber;
+    private TargetedNotification[] targetedNotifications;
+
+    private static void validate(TargetedNotification[] targetedNotifications,
+                                 long earliestSequenceNumber,
+                                 long nextSequenceNumber)
+        throws IllegalArgumentException {
+        if (targetedNotifications == null) {
+            final String msg = "Notifications null";
+            throw new IllegalArgumentException(msg);
+        }
+
+        if (earliestSequenceNumber < 0 || nextSequenceNumber < 0)
+            throw new IllegalArgumentException("Bad sequence numbers");
+        /* We used to check nextSequenceNumber >= earliestSequenceNumber
+           here.  But in fact the opposite can legitimately be true if
+           notifications have been lost.  */
+    }
 }
diff -r d10e47deb098 -r a9be60a78488 src/share/classes/javax/management/remote/TargetedNotification.java
--- openjdk/jdk/src/share/classes/javax/management/remote/TargetedNotification.java	Tue Oct 15 16:47:11 2013 +0100
+++ openjdk/jdk/src/share/classes/javax/management/remote/TargetedNotification.java	Thu Jun 20 08:51:47 2013 +0200
@@ -26,6 +26,9 @@
 
 package javax.management.remote;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import javax.management.Notification;
 
@@ -73,12 +76,9 @@
      */
     public TargetedNotification(Notification notification,
                                 Integer listenerID) {
+        validate(notification, listenerID);
         // If we replace integer with int...
         // this(notification,intValue(listenerID));
-        if (notification == null) throw new
-            IllegalArgumentException("Invalid notification: null");
-        if (listenerID == null) throw new
-            IllegalArgumentException("Invalid listener ID: null");
         this.notif = notification;
         this.id = listenerID;
     }
@@ -115,13 +115,13 @@
      * @serial A notification to transmit to the other side.
      * @see #getNotification()
      **/
-    private final Notification notif;
+    private Notification notif;
     /**
      * @serial The ID of the listener to which the notification is
      *         targeted.
      * @see #getListenerID()
      **/
-    private final Integer id;
+    private Integer id;
     //private final int id;
 
 // Needed if we use int instead of Integer...
@@ -130,4 +130,26 @@
 //          IllegalArgumentException("Invalid listener ID: null");
 //      return id.intValue();
 //     }
+
+    private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
+        ObjectInputStream.GetField gf = ois.readFields();
+        Notification notification = (Notification)gf.get("notif", null);
+        Integer listenerId = (Integer)gf.get("id", null);
+        try {
+            validate(notification, listenerId);
+            this.notif = notification;
+            this.id = listenerId;
+        } catch (IllegalArgumentException e) {
+            throw new InvalidObjectException(e.getMessage());
+        }
+    }
+
+    private static void validate(Notification notif, Integer id) throws IllegalArgumentException {
+        if (notif == null) {
+            throw new IllegalArgumentException("Invalid notification: null");
+        }
+        if (id == null) {
+            throw new IllegalArgumentException("Invalid listener ID: null");
+        }
+    }
 }