Mercurial > hg > release > icedtea6-1.11
view patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch @ 2938:d667440f2973
Add 2013/10/15 security fixes.
2013-10-29 Andrew John Hughes <gnu.andrew@redhat.com>
* patches/ecj/bootver.patch:
Removed as unapplied & incorporated in other patches.
* Makefile.am:
(SECURITY_PATCHES): Add security update.
* NEWS: Updated.
* patches/jtreg-LastErrorString.patch,
* patches/openjdk/7196533-timezone_bottleneck.patch,
* patches/openjdk/8010727-empty_logger_name.patch,
* patches/openjdk/8010939-logmanager_deadlock.patch,
* patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch,
* patches/openjdk/8014718-remove_logging_suntoolkit.patch:
Regenerated.
* patches/nss-config.patch: Fix path to java.security.
* patches/openjdk/4075303-javap_update.patch,
* patches/openjdk/4111861-static_fields.patch,
* patches/openjdk/4501661-disallow_mixing.patch,
* patches/openjdk/4884240-javap_additional_option.patch,
* patches/openjdk/6708729-javap_makefile_update.patch,
* patches/openjdk/6715767-javap_crash.patch,
* patches/openjdk/6819246-javap_instruction_decoding.patch,
* patches/openjdk/6824493-experimental.patch,
* patches/openjdk/6841419-classfile_iterator.patch,
* patches/openjdk/6841420-classfile_methods.patch,
* patches/openjdk/6843013-missing_experimental.patch,
* patches/openjdk/6852856-javap_subclasses.patch,
* patches/openjdk/6867671-javap_whitespace.patch,
* patches/openjdk/6868539-constant_pool_tags.patch,
* patches/openjdk/6902264-fix_indentation.patch,
* patches/openjdk/6954275-big_xml_signatures.patch,
* patches/openjdk/7146431-java.security_files.patch,
* patches/openjdk/8000450-restrict_access.patch,
* patches/openjdk/8002070-remove_logger_stack_search.patch,
* patches/openjdk/8003992-embedded_nulls.patch,
* patches/openjdk/8004188-rename_java.security.patch,
* patches/openjdk/8006882-jmockit.patch,
* patches/openjdk/8006900-new_date_time.patch,
* patches/openjdk/8008589-better_mbean_permission_validation.patch,
* patches/openjdk/8010118-caller_sensitive.patch,
* patches/openjdk/8011071-better_crypto_provider_handling.patch,
* patches/openjdk/8011081-improve_jhat.patch,
* patches/openjdk/8011139-revise_checking_getenclosingclass.patch,
* patches/openjdk/8011157-improve_corba_portability-jdk.patch,
* patches/openjdk/8011157-improve_corba_portability.patch,
* patches/openjdk/8011990-logger_test_urls.patch,
* patches/openjdk/8012071-better_bean_building.patch,
* patches/openjdk/8012147-improve_tool.patch,
* patches/openjdk/8012243-serial_regression.patch,
* patches/openjdk/8012277-improve_dataflavour.patch,
* patches/openjdk/8012425-transform_transformfactory.patch,
* patches/openjdk/8012453-runtime.exec.patch,
* patches/openjdk/8013380-logger_stack_walk_glassfish.patch,
* patches/openjdk/8013503-improve_stream_factories.patch,
* patches/openjdk/8013506-better_pack200.patch,
* patches/openjdk/8013510-augment_image_writing.patch,
* patches/openjdk/8013514-improve_cmap_stability.patch,
* patches/openjdk/8013739-better_ldap_resource_management.patch,
* patches/openjdk/8013744-better_tabling.patch,
* patches/openjdk/8013827-createtempfile_hang.patch,
* patches/openjdk/8014085-better_serialization.patch,
* patches/openjdk/8014093-improve_image_parsing.patch,
* patches/openjdk/8014102-improve_image_conversion.patch,
* patches/openjdk/8014341-better_kerberos_service.patch,
* patches/openjdk/8014349-getdeclaredclass_fix.patch,
* patches/openjdk/8014530-better_dsp.patch,
* patches/openjdk/8014534-better_profiling.patch,
* patches/openjdk/8014745-logger_stack_walk_switch.patch,
* patches/openjdk/8014987-augment_serialization.patch,
* patches/openjdk/8015144-performance_regression.patch,
* patches/openjdk/8015614-update_build.patch,
* patches/openjdk/8015731-auth_improvements.patch,
* patches/openjdk/8015743-address_internet_addresses.patch,
* patches/openjdk/8015965-typo_in_property_name.patch,
* patches/openjdk/8015978-incorrect_transformation.patch,
* patches/openjdk/8016256-finalization_final.patch,
* patches/openjdk/8016357-update_hs_diagnostic_class.patch,
* patches/openjdk/8016653-ignoreable_characters.patch,
* patches/openjdk/8016675-robust_javadoc.patch,
* patches/openjdk/8017196-ensure_proxies_are_handled_appropriately-jdk.patch,
* patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch,
* patches/openjdk/8017287-better_resource_disposal.patch,
* patches/openjdk/8017291-cast_proxies_aside.patch,
* patches/openjdk/8017298-better_xml_support.patch,
* patches/openjdk/8017300-improve_interface_implementation.patch,
* patches/openjdk/8017505-better_client_service.patch,
* patches/openjdk/8017566-backout_part_of_8000450.patch,
* patches/openjdk/8019292-better_attribute_value_exceptions.patch,
* patches/openjdk/8019584-invalid_notification_fix.patch,
* patches/openjdk/8019617-better_view_of_objects.patch,
* patches/openjdk/8019969-inet6_test_case_fix.patch,
* patches/openjdk/8019979-better_access_test.patch,
* patches/openjdk/8020293-jvm_crash.patch,
* patches/openjdk/8021290-signature_validation.patch,
* patches/openjdk/8021355-splashscreen_regression.patch,
* patches/openjdk/8021366-jaxp_test_fix-01.patch,
* patches/openjdk/8021577-bean_serialization_fix.patch,
* patches/openjdk/8021933-jaxp_test_fix-02.patch,
* patches/openjdk/8021969-jnlp_load_failure.patch,
* patches/openjdk/8022661-writeobject_flush.patch,
* patches/openjdk/8022682-supporting_xom.patch,
* patches/openjdk/8022940-enhance_corba_translations.patch,
* patches/openjdk/8023683-enhance_class_file_parsing.patch,
* patches/openjdk/8023964-ignore_test.patch,
* patches/openjdk/8024914-swapped_usage.patch,
* patches/openjdk/8025128-createtempfile_absolute_prefix.patch,
* patches/openjdk/oj6-19-fix_8010118_test_cases.patch,
* patches/openjdk/oj6-20-merge.patch,
* patches/openjdk/oj6-21-overrides.patch: Added.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Thu, 31 Oct 2013 00:22:07 +0000 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User mchung # Date 1374193345 25200 # Thu Jul 18 17:22:25 2013 -0700 # Node ID 2a415f9ee0976719ac79e6e5e2b1f00b29636427 # Parent 9e7e1b6ab5cdf0096c9c16d991e6a982771a15f1 8017196: Ensure Proxies are handled appropriately Reviewed-by: dfuchs, jrose, jdn, ahgross, chegar diff -r 9e7e1b6ab5cd -r 2a415f9ee097 src/share/classes/com/sun/corba/se/impl/presentation/rmi/InvocationHandlerFactoryImpl.java --- openjdk/corba/src/share/classes/com/sun/corba/se/impl/presentation/rmi/InvocationHandlerFactoryImpl.java Tue Oct 15 15:24:25 2013 +0100 +++ openjdk/corba/src/share/classes/com/sun/corba/se/impl/presentation/rmi/InvocationHandlerFactoryImpl.java Thu Jul 18 17:22:25 2013 -0700 @@ -43,6 +43,8 @@ import com.sun.corba.se.spi.orbutil.proxy.DelegateInvocationHandlerImpl ; import com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandler ; import com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl ; +import java.security.AccessController; +import java.security.PrivilegedAction; public class InvocationHandlerFactoryImpl implements InvocationHandlerFactory { @@ -114,24 +116,32 @@ // which extends org.omg.CORBA.Object. This handler delegates all // calls directly to a DynamicStubImpl, which extends // org.omg.CORBA.portable.ObjectImpl. - InvocationHandler dynamicStubHandler = + final InvocationHandler dynamicStubHandler = DelegateInvocationHandlerImpl.create( stub ) ; // Create an invocation handler that handles any remote interface // methods. - InvocationHandler stubMethodHandler = new StubInvocationHandlerImpl( + final InvocationHandler stubMethodHandler = new StubInvocationHandlerImpl( pm, classData, stub ) ; // Create a composite handler that handles the DynamicStub interface // as well as the remote interfaces. final CompositeInvocationHandler handler = new CustomCompositeInvocationHandlerImpl( stub ) ; + + AccessController.doPrivileged(new PrivilegedAction<Void>() { + @Override + public Void run() { handler.addInvocationHandler( DynamicStub.class, dynamicStubHandler ) ; handler.addInvocationHandler( org.omg.CORBA.Object.class, dynamicStubHandler ) ; handler.addInvocationHandler( Object.class, dynamicStubHandler ) ; + return null; + } + }); + // If the method passed to invoke is not from DynamicStub or its superclasses, // it must be from an implemented interface, so we just handle diff -r 9e7e1b6ab5cd -r 2a415f9ee097 src/share/classes/com/sun/corba/se/spi/orbutil/proxy/CompositeInvocationHandlerImpl.java --- openjdk/corba/src/share/classes/com/sun/corba/se/spi/orbutil/proxy/CompositeInvocationHandlerImpl.java Tue Oct 15 15:24:25 2013 +0100 +++ openjdk/corba/src/share/classes/com/sun/corba/se/spi/orbutil/proxy/CompositeInvocationHandlerImpl.java Thu Jul 18 17:22:25 2013 -0700 @@ -36,6 +36,7 @@ import com.sun.corba.se.spi.logging.CORBALogDomains ; import com.sun.corba.se.impl.logging.ORBUtilSystemException ; +import com.sun.corba.se.impl.presentation.rmi.DynamicAccessPermission; public class CompositeInvocationHandlerImpl implements CompositeInvocationHandler @@ -46,11 +47,13 @@ public void addInvocationHandler( Class interf, InvocationHandler handler ) { + checkAccess(); classToInvocationHandler.put( interf, handler ) ; } public void setDefaultHandler( InvocationHandler handler ) { + checkAccess(); defaultHandler = handler ; } @@ -78,4 +81,12 @@ return handler.invoke( proxy, method, args ) ; } + + private static final DynamicAccessPermission perm = new DynamicAccessPermission("access"); + private void checkAccess() { + final SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(perm); } + } +}