Mercurial > hg > release > icedtea6-1.11

view patches/openjdk/8017196-ensure_proxies_are_handled_appropriately-jdk.patch @ 2938:d667440f2973

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 2013/10/15 security fixes. 2013-10-29 Andrew John Hughes <gnu.andrew@redhat.com> * patches/ecj/bootver.patch: Removed as unapplied & incorporated in other patches. * Makefile.am: (SECURITY_PATCHES): Add security update. * NEWS: Updated. * patches/jtreg-LastErrorString.patch, * patches/openjdk/7196533-timezone_bottleneck.patch, * patches/openjdk/8010727-empty_logger_name.patch, * patches/openjdk/8010939-logmanager_deadlock.patch, * patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch, * patches/openjdk/8014718-remove_logging_suntoolkit.patch: Regenerated. * patches/nss-config.patch: Fix path to java.security. * patches/openjdk/4075303-javap_update.patch, * patches/openjdk/4111861-static_fields.patch, * patches/openjdk/4501661-disallow_mixing.patch, * patches/openjdk/4884240-javap_additional_option.patch, * patches/openjdk/6708729-javap_makefile_update.patch, * patches/openjdk/6715767-javap_crash.patch, * patches/openjdk/6819246-javap_instruction_decoding.patch, * patches/openjdk/6824493-experimental.patch, * patches/openjdk/6841419-classfile_iterator.patch, * patches/openjdk/6841420-classfile_methods.patch, * patches/openjdk/6843013-missing_experimental.patch, * patches/openjdk/6852856-javap_subclasses.patch, * patches/openjdk/6867671-javap_whitespace.patch, * patches/openjdk/6868539-constant_pool_tags.patch, * patches/openjdk/6902264-fix_indentation.patch, * patches/openjdk/6954275-big_xml_signatures.patch, * patches/openjdk/7146431-java.security_files.patch, * patches/openjdk/8000450-restrict_access.patch, * patches/openjdk/8002070-remove_logger_stack_search.patch, * patches/openjdk/8003992-embedded_nulls.patch, * patches/openjdk/8004188-rename_java.security.patch, * patches/openjdk/8006882-jmockit.patch, * patches/openjdk/8006900-new_date_time.patch, * patches/openjdk/8008589-better_mbean_permission_validation.patch, * patches/openjdk/8010118-caller_sensitive.patch, * patches/openjdk/8011071-better_crypto_provider_handling.patch, * patches/openjdk/8011081-improve_jhat.patch, * patches/openjdk/8011139-revise_checking_getenclosingclass.patch, * patches/openjdk/8011157-improve_corba_portability-jdk.patch, * patches/openjdk/8011157-improve_corba_portability.patch, * patches/openjdk/8011990-logger_test_urls.patch, * patches/openjdk/8012071-better_bean_building.patch, * patches/openjdk/8012147-improve_tool.patch, * patches/openjdk/8012243-serial_regression.patch, * patches/openjdk/8012277-improve_dataflavour.patch, * patches/openjdk/8012425-transform_transformfactory.patch, * patches/openjdk/8012453-runtime.exec.patch, * patches/openjdk/8013380-logger_stack_walk_glassfish.patch, * patches/openjdk/8013503-improve_stream_factories.patch, * patches/openjdk/8013506-better_pack200.patch, * patches/openjdk/8013510-augment_image_writing.patch, * patches/openjdk/8013514-improve_cmap_stability.patch, * patches/openjdk/8013739-better_ldap_resource_management.patch, * patches/openjdk/8013744-better_tabling.patch, * patches/openjdk/8013827-createtempfile_hang.patch, * patches/openjdk/8014085-better_serialization.patch, * patches/openjdk/8014093-improve_image_parsing.patch, * patches/openjdk/8014102-improve_image_conversion.patch, * patches/openjdk/8014341-better_kerberos_service.patch, * patches/openjdk/8014349-getdeclaredclass_fix.patch, * patches/openjdk/8014530-better_dsp.patch, * patches/openjdk/8014534-better_profiling.patch, * patches/openjdk/8014745-logger_stack_walk_switch.patch, * patches/openjdk/8014987-augment_serialization.patch, * patches/openjdk/8015144-performance_regression.patch, * patches/openjdk/8015614-update_build.patch, * patches/openjdk/8015731-auth_improvements.patch, * patches/openjdk/8015743-address_internet_addresses.patch, * patches/openjdk/8015965-typo_in_property_name.patch, * patches/openjdk/8015978-incorrect_transformation.patch, * patches/openjdk/8016256-finalization_final.patch, * patches/openjdk/8016357-update_hs_diagnostic_class.patch, * patches/openjdk/8016653-ignoreable_characters.patch, * patches/openjdk/8016675-robust_javadoc.patch, * patches/openjdk/8017196-ensure_proxies_are_handled_appropriately-jdk.patch, * patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch, * patches/openjdk/8017287-better_resource_disposal.patch, * patches/openjdk/8017291-cast_proxies_aside.patch, * patches/openjdk/8017298-better_xml_support.patch, * patches/openjdk/8017300-improve_interface_implementation.patch, * patches/openjdk/8017505-better_client_service.patch, * patches/openjdk/8017566-backout_part_of_8000450.patch, * patches/openjdk/8019292-better_attribute_value_exceptions.patch, * patches/openjdk/8019584-invalid_notification_fix.patch, * patches/openjdk/8019617-better_view_of_objects.patch, * patches/openjdk/8019969-inet6_test_case_fix.patch, * patches/openjdk/8019979-better_access_test.patch, * patches/openjdk/8020293-jvm_crash.patch, * patches/openjdk/8021290-signature_validation.patch, * patches/openjdk/8021355-splashscreen_regression.patch, * patches/openjdk/8021366-jaxp_test_fix-01.patch, * patches/openjdk/8021577-bean_serialization_fix.patch, * patches/openjdk/8021933-jaxp_test_fix-02.patch, * patches/openjdk/8021969-jnlp_load_failure.patch, * patches/openjdk/8022661-writeobject_flush.patch, * patches/openjdk/8022682-supporting_xom.patch, * patches/openjdk/8022940-enhance_corba_translations.patch, * patches/openjdk/8023683-enhance_class_file_parsing.patch, * patches/openjdk/8023964-ignore_test.patch, * patches/openjdk/8024914-swapped_usage.patch, * patches/openjdk/8025128-createtempfile_absolute_prefix.patch, * patches/openjdk/oj6-19-fix_8010118_test_cases.patch, * patches/openjdk/oj6-20-merge.patch, * patches/openjdk/oj6-21-overrides.patch: Added.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Thu, 31 Oct 2013 00:22:07 +0000
parents
children
line wrap: on
line source

# HG changeset patch
# User mchung
# Date 1382731288 -3600
#      Fri Oct 25 21:01:28 2013 +0100
# Node ID 43b600fed0e8ac9d5ffe7556617d4850143e2dcd
# Parent  a2b63addc0633a5ef8d196d1019d78b920cb4b1a
8017196: Ensure Proxies are handled appropriately
Reviewed-by: dfuchs, jrose, jdn, ahgross, chegar

diff -r a2b63addc063 -r 43b600fed0e8 src/share/classes/java/lang/reflect/Proxy.java
--- openjdk/jdk/src/share/classes/java/lang/reflect/Proxy.java	Fri Oct 25 19:45:04 2013 +0100
+++ openjdk/jdk/src/share/classes/java/lang/reflect/Proxy.java	Fri Oct 25 21:01:28 2013 +0100
@@ -787,6 +787,7 @@
      * @throws  IllegalArgumentException if the argument is not a
      *          proxy instance
      */
+    @CallerSensitive
     public static InvocationHandler getInvocationHandler(Object proxy)
         throws IllegalArgumentException
     {
@@ -797,8 +798,19 @@
             throw new IllegalArgumentException("not a proxy instance");
         }
 
-        Proxy p = (Proxy) proxy;
-        return p.h;
+        final Proxy p = (Proxy) proxy;
+        final InvocationHandler ih = p.h;
+        if (System.getSecurityManager() != null) {
+            Class<?> ihClass = ih.getClass();
+            Class<?> caller = Reflection.getCallerClass();
+            if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
+                                                    ihClass.getClassLoader()))
+            {
+                ReflectUtil.checkPackageAccess(ihClass);
+            }
+        }
+
+        return ih;
     }
 
     private static native Class defineClass0(ClassLoader loader, String name,
diff -r a2b63addc063 -r 43b600fed0e8 src/share/classes/sun/reflect/misc/ReflectUtil.java
--- openjdk/jdk/src/share/classes/sun/reflect/misc/ReflectUtil.java	Fri Oct 25 19:45:04 2013 +0100
+++ openjdk/jdk/src/share/classes/sun/reflect/misc/ReflectUtil.java	Fri Oct 25 21:01:28 2013 +0100
@@ -26,8 +26,10 @@
 
 package sun.reflect.misc;
 
+import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.lang.reflect.Proxy;
+import java.util.Arrays;
 import sun.reflect.Reflection;
 
 public final class ReflectUtil {
@@ -257,4 +259,50 @@
         String pkg = (i != -1) ? name.substring(0, i) : "";
         return Proxy.isProxyClass(cls) && !pkg.equals(PROXY_PACKAGE);
     }
+
+    /**
+     * Check if the given method is a method declared in the proxy interface
+     * implemented by the given proxy instance.
+     *
+     * @param proxy a proxy instance
+     * @param method an interface method dispatched to a InvocationHandler
+     *
+     * @throws IllegalArgumentException if the given proxy or method is invalid.
+     */
+    public static void checkProxyMethod(Object proxy, Method method) {
+        // check if it is a valid proxy instance
+        if (proxy == null || !Proxy.isProxyClass(proxy.getClass())) {
+            throw new IllegalArgumentException("Not a Proxy instance");
 }
+        if (Modifier.isStatic(method.getModifiers())) {
+            throw new IllegalArgumentException("Can't handle static method");
+        }
+
+        Class<?> c = method.getDeclaringClass();
+        if (c == Object.class) {
+            String name = method.getName();
+            if (name.equals("hashCode") || name.equals("equals") || name.equals("toString")) {
+                return;
+            }
+        }
+
+        if (isSuperInterface(proxy.getClass(), c)) {
+            return;
+        }
+
+        // disallow any method not declared in one of the proxy intefaces
+        throw new IllegalArgumentException("Can't handle: " + method);
+    }
+
+    private static boolean isSuperInterface(Class<?> c, Class<?> intf) {
+        for (Class<?> i : c.getInterfaces()) {
+            if (i == intf) {
+                return true;
+            }
+            if (isSuperInterface(i, intf)) {
+                return true;
+            }
+        }
+        return false;
+    }
+}