Mercurial > hg > release > icedtea6-1.11

view patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch @ 2938:d667440f2973

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 2013/10/15 security fixes. 2013-10-29 Andrew John Hughes <gnu.andrew@redhat.com> * patches/ecj/bootver.patch: Removed as unapplied & incorporated in other patches. * Makefile.am: (SECURITY_PATCHES): Add security update. * NEWS: Updated. * patches/jtreg-LastErrorString.patch, * patches/openjdk/7196533-timezone_bottleneck.patch, * patches/openjdk/8010727-empty_logger_name.patch, * patches/openjdk/8010939-logmanager_deadlock.patch, * patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch, * patches/openjdk/8014718-remove_logging_suntoolkit.patch: Regenerated. * patches/nss-config.patch: Fix path to java.security. * patches/openjdk/4075303-javap_update.patch, * patches/openjdk/4111861-static_fields.patch, * patches/openjdk/4501661-disallow_mixing.patch, * patches/openjdk/4884240-javap_additional_option.patch, * patches/openjdk/6708729-javap_makefile_update.patch, * patches/openjdk/6715767-javap_crash.patch, * patches/openjdk/6819246-javap_instruction_decoding.patch, * patches/openjdk/6824493-experimental.patch, * patches/openjdk/6841419-classfile_iterator.patch, * patches/openjdk/6841420-classfile_methods.patch, * patches/openjdk/6843013-missing_experimental.patch, * patches/openjdk/6852856-javap_subclasses.patch, * patches/openjdk/6867671-javap_whitespace.patch, * patches/openjdk/6868539-constant_pool_tags.patch, * patches/openjdk/6902264-fix_indentation.patch, * patches/openjdk/6954275-big_xml_signatures.patch, * patches/openjdk/7146431-java.security_files.patch, * patches/openjdk/8000450-restrict_access.patch, * patches/openjdk/8002070-remove_logger_stack_search.patch, * patches/openjdk/8003992-embedded_nulls.patch, * patches/openjdk/8004188-rename_java.security.patch, * patches/openjdk/8006882-jmockit.patch, * patches/openjdk/8006900-new_date_time.patch, * patches/openjdk/8008589-better_mbean_permission_validation.patch, * patches/openjdk/8010118-caller_sensitive.patch, * patches/openjdk/8011071-better_crypto_provider_handling.patch, * patches/openjdk/8011081-improve_jhat.patch, * patches/openjdk/8011139-revise_checking_getenclosingclass.patch, * patches/openjdk/8011157-improve_corba_portability-jdk.patch, * patches/openjdk/8011157-improve_corba_portability.patch, * patches/openjdk/8011990-logger_test_urls.patch, * patches/openjdk/8012071-better_bean_building.patch, * patches/openjdk/8012147-improve_tool.patch, * patches/openjdk/8012243-serial_regression.patch, * patches/openjdk/8012277-improve_dataflavour.patch, * patches/openjdk/8012425-transform_transformfactory.patch, * patches/openjdk/8012453-runtime.exec.patch, * patches/openjdk/8013380-logger_stack_walk_glassfish.patch, * patches/openjdk/8013503-improve_stream_factories.patch, * patches/openjdk/8013506-better_pack200.patch, * patches/openjdk/8013510-augment_image_writing.patch, * patches/openjdk/8013514-improve_cmap_stability.patch, * patches/openjdk/8013739-better_ldap_resource_management.patch, * patches/openjdk/8013744-better_tabling.patch, * patches/openjdk/8013827-createtempfile_hang.patch, * patches/openjdk/8014085-better_serialization.patch, * patches/openjdk/8014093-improve_image_parsing.patch, * patches/openjdk/8014102-improve_image_conversion.patch, * patches/openjdk/8014341-better_kerberos_service.patch, * patches/openjdk/8014349-getdeclaredclass_fix.patch, * patches/openjdk/8014530-better_dsp.patch, * patches/openjdk/8014534-better_profiling.patch, * patches/openjdk/8014745-logger_stack_walk_switch.patch, * patches/openjdk/8014987-augment_serialization.patch, * patches/openjdk/8015144-performance_regression.patch, * patches/openjdk/8015614-update_build.patch, * patches/openjdk/8015731-auth_improvements.patch, * patches/openjdk/8015743-address_internet_addresses.patch, * patches/openjdk/8015965-typo_in_property_name.patch, * patches/openjdk/8015978-incorrect_transformation.patch, * patches/openjdk/8016256-finalization_final.patch, * patches/openjdk/8016357-update_hs_diagnostic_class.patch, * patches/openjdk/8016653-ignoreable_characters.patch, * patches/openjdk/8016675-robust_javadoc.patch, * patches/openjdk/8017196-ensure_proxies_are_handled_appropriately-jdk.patch, * patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch, * patches/openjdk/8017287-better_resource_disposal.patch, * patches/openjdk/8017291-cast_proxies_aside.patch, * patches/openjdk/8017298-better_xml_support.patch, * patches/openjdk/8017300-improve_interface_implementation.patch, * patches/openjdk/8017505-better_client_service.patch, * patches/openjdk/8017566-backout_part_of_8000450.patch, * patches/openjdk/8019292-better_attribute_value_exceptions.patch, * patches/openjdk/8019584-invalid_notification_fix.patch, * patches/openjdk/8019617-better_view_of_objects.patch, * patches/openjdk/8019969-inet6_test_case_fix.patch, * patches/openjdk/8019979-better_access_test.patch, * patches/openjdk/8020293-jvm_crash.patch, * patches/openjdk/8021290-signature_validation.patch, * patches/openjdk/8021355-splashscreen_regression.patch, * patches/openjdk/8021366-jaxp_test_fix-01.patch, * patches/openjdk/8021577-bean_serialization_fix.patch, * patches/openjdk/8021933-jaxp_test_fix-02.patch, * patches/openjdk/8021969-jnlp_load_failure.patch, * patches/openjdk/8022661-writeobject_flush.patch, * patches/openjdk/8022682-supporting_xom.patch, * patches/openjdk/8022940-enhance_corba_translations.patch, * patches/openjdk/8023683-enhance_class_file_parsing.patch, * patches/openjdk/8023964-ignore_test.patch, * patches/openjdk/8024914-swapped_usage.patch, * patches/openjdk/8025128-createtempfile_absolute_prefix.patch, * patches/openjdk/oj6-19-fix_8010118_test_cases.patch, * patches/openjdk/oj6-20-merge.patch, * patches/openjdk/oj6-21-overrides.patch: Added.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Thu, 31 Oct 2013 00:22:07 +0000
parents
children
line wrap: on
line source

# HG changeset patch
# User mchung
# Date 1374193345 25200
#      Thu Jul 18 17:22:25 2013 -0700
# Node ID 2a415f9ee0976719ac79e6e5e2b1f00b29636427
# Parent  9e7e1b6ab5cdf0096c9c16d991e6a982771a15f1
8017196: Ensure Proxies are handled appropriately
Reviewed-by: dfuchs, jrose, jdn, ahgross, chegar

diff -r 9e7e1b6ab5cd -r 2a415f9ee097 src/share/classes/com/sun/corba/se/impl/presentation/rmi/InvocationHandlerFactoryImpl.java
--- openjdk/corba/src/share/classes/com/sun/corba/se/impl/presentation/rmi/InvocationHandlerFactoryImpl.java	Tue Oct 15 15:24:25 2013 +0100
+++ openjdk/corba/src/share/classes/com/sun/corba/se/impl/presentation/rmi/InvocationHandlerFactoryImpl.java	Thu Jul 18 17:22:25 2013 -0700
@@ -43,6 +43,8 @@
 import com.sun.corba.se.spi.orbutil.proxy.DelegateInvocationHandlerImpl ;
 import com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandler ;
 import com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl ;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
 public class InvocationHandlerFactoryImpl implements InvocationHandlerFactory
 {
@@ -114,24 +116,32 @@
         // which extends org.omg.CORBA.Object.  This handler delegates all
         // calls directly to a DynamicStubImpl, which extends
         // org.omg.CORBA.portable.ObjectImpl.
-        InvocationHandler dynamicStubHandler =
+        final InvocationHandler dynamicStubHandler =
             DelegateInvocationHandlerImpl.create( stub ) ;
 
         // Create an invocation handler that handles any remote interface
         // methods.
-        InvocationHandler stubMethodHandler = new StubInvocationHandlerImpl(
+        final InvocationHandler stubMethodHandler = new StubInvocationHandlerImpl(
             pm, classData, stub ) ;
 
         // Create a composite handler that handles the DynamicStub interface
         // as well as the remote interfaces.
         final CompositeInvocationHandler handler =
             new CustomCompositeInvocationHandlerImpl( stub ) ;
+
+        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            @Override
+            public Void run() {
         handler.addInvocationHandler( DynamicStub.class,
             dynamicStubHandler ) ;
         handler.addInvocationHandler( org.omg.CORBA.Object.class,
             dynamicStubHandler ) ;
         handler.addInvocationHandler( Object.class,
             dynamicStubHandler ) ;
+                return null;
+            }
+        });
+
 
         // If the method passed to invoke is not from DynamicStub or its superclasses,
         // it must be from an implemented interface, so we just handle
diff -r 9e7e1b6ab5cd -r 2a415f9ee097 src/share/classes/com/sun/corba/se/spi/orbutil/proxy/CompositeInvocationHandlerImpl.java
--- openjdk/corba/src/share/classes/com/sun/corba/se/spi/orbutil/proxy/CompositeInvocationHandlerImpl.java	Tue Oct 15 15:24:25 2013 +0100
+++ openjdk/corba/src/share/classes/com/sun/corba/se/spi/orbutil/proxy/CompositeInvocationHandlerImpl.java	Thu Jul 18 17:22:25 2013 -0700
@@ -36,6 +36,7 @@
 
 import com.sun.corba.se.spi.logging.CORBALogDomains ;
 import com.sun.corba.se.impl.logging.ORBUtilSystemException ;
+import com.sun.corba.se.impl.presentation.rmi.DynamicAccessPermission;
 
 public class CompositeInvocationHandlerImpl implements
     CompositeInvocationHandler
@@ -46,11 +47,13 @@
     public void addInvocationHandler( Class interf,
         InvocationHandler handler )
     {
+        checkAccess();
         classToInvocationHandler.put( interf, handler ) ;
     }
 
     public void setDefaultHandler( InvocationHandler handler )
     {
+        checkAccess();
         defaultHandler = handler ;
     }
 
@@ -78,4 +81,12 @@
 
         return handler.invoke( proxy, method, args ) ;
     }
+
+    private static final DynamicAccessPermission perm = new DynamicAccessPermission("access");
+    private void checkAccess() {
+        final SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(perm);
 }
+    }
+}