Mercurial > hg > release > icedtea6-1.11
view patches/security/20130618/8008593-better_urlclassloader.patch @ 2907:d7eca687b7d2
Add 2013/06/18 security patches.
2013-06-22 Andrew John Hughes <gnu.andrew@member.fsf.org>
* patches/idresolver_fix.patch:
Removed. Part of 6469266.
* Makefile.am:
(SECURITY_PATCHES): Add new ones.
(SPECIAL_SECURITY_PATCH_1): Renamed from
SPECIAL_SECURITY_PATCH.
(SPECIAL_SECURITY_PATCH_2): Add 8009071, which
needs to be applied after some AWT backports.
(ICEDTEA_PATCHES): Use SPECIAL_SECURITY_PATCH_{1,2}.
Move 8005615, 8007393 & 8007611 to SECURITY_PATCHES
as must be applied before 8004584. Add 7171223 to
end.
* patches/openjdk/6307603-xrender-01.patch,
* patches/openjdk/6469266-xmlsec_1.4.2.patch,
* patches/openjdk/6656651-windows_lcd_glyphs.patch,
* patches/openjdk/6786028-wcag_bold_tags.patch,
* patches/openjdk/6786682-wcag_lang.patch,
* patches/openjdk/6786688-wcag_table.patch,
* patches/openjdk/6786690-wcag_dl.patch,
* patches/openjdk/6802694-no_deprecated.patch,
* patches/openjdk/6851834-restructure.patch,
* patches/openjdk/6888167-medialib_memory_leaks.patch,
* patches/openjdk/6961178-doclet_xml.patch,
* patches/openjdk/6990754-use_native_memory_for_symboltable.patch,
* patches/openjdk/7006270-regressions.patch,
* patches/openjdk/7008809-report_class_in_arraystoreexception.patch,
* patches/openjdk/7014851-unused_parallel_compaction_code.patch,
* patches/openjdk/7017732-move_static_fields_to_class.patch,
* patches/openjdk/7036747-elfstringtable.patch,
* patches/openjdk/7086585-flexible_field_injection.patch,
* patches/openjdk/7171223-strict_aliasing.patch,
* patches/openjdk/7195301-no_instanceof_node.patch,
* patches/security/20130618/6741606-apache_santuario.patch,
* patches/security/20130618/7158805-nested_subroutine_rewriting.patch,
* patches/security/20130618/7170730-windows_network_stack.patch,
* patches/security/20130618/8000638-improve_deserialization.patch,
* patches/security/20130618/8000642-better_transportation_handling.patch,
* patches/security/20130618/8001032-restrict_object_access-corba.patch,
* patches/security/20130618/8001032-restrict_object_access-jdk.patch,
* patches/security/20130618/8001033-refactor_address_handling.patch,
* patches/security/20130618/8001034-memory_management.patch,
* patches/security/20130618/8001038-resourcefully_handle_resources.patch,
* patches/security/20130618/8001043-clarify_definition_restrictions.patch,
* patches/security/20130618/8001309-better_handling_of_annotation_interfaces.patch,
* patches/security/20130618/8001318-6_fixup.patch,
* patches/security/20130618/8001318-socket_getlocaladdress_consistency.patch,
* patches/security/20130618/8001330-checking_order_improvement.patch,
* patches/security/20130618/8001330-improve_checking_order.patch,
* patches/security/20130618/8003703-update_rmi_connection_dialog.patch,
* patches/security/20130618/8004584-augment_applet_contextualization.patch,
* patches/security/20130618/8005007-better_glyph_processing.patch,
* patches/security/20130618/8006328-6_fixup.patch,
* patches/security/20130618/8006328-sound_class_robustness.patch,
* patches/security/20130618/8006611-improve_scripting.patch,
* patches/security/20130618/8007467-improve_jmx_internal_api_robustness.patch,
* patches/security/20130618/8007471-6_fixup.patch,
* patches/security/20130618/8007471-improve_mbean_notifications.patch,
* patches/security/20130618/8007812-getenclosingmethod.patch,
* patches/security/20130618/8008120-improve_jmx_class_checking.patch,
* patches/security/20130618/8008124-better_compliance_testing.patch,
* patches/security/20130618/8008128-better_jmx_api_coherence.patch,
* patches/security/20130618/8008132-better_serialization.patch,
* patches/security/20130618/8008585-jmx_data_handling.patch,
* patches/security/20130618/8008593-better_urlclassloader.patch,
* patches/security/20130618/8008603-jmx_provider_provision.patch,
* patches/security/20130618/8008611-6_fixup.patch,
* patches/security/20130618/8008611-jmx_annotations.patch,
* patches/security/20130618/8008615-jmx_internal_api_robustness.patch,
* patches/security/20130618/8008623-mbeanserver_handling.patch,
* patches/security/20130618/8008744-6741606_rework.patch,
* patches/security/20130618/8008982-jmx_interface_changes.patch,
* patches/security/20130618/8009004-rmi_connection_improvement.patch,
* patches/security/20130618/8009013-t2k_glyphs.patch,
* patches/security/20130618/8009034-jmx_notification_improvement.patch,
* patches/security/20130618/8009038-jmx_notification_support_improvement.patch,
* patches/security/20130618/8009067-improve_key_storing.patch,
* patches/security/20130618/8009071-improve_shape_handling.patch,
* patches/security/20130618/8009235-improve_tsa_data_handling.patch,
* patches/security/20130618/8009554-serialjavaobject.patch,
* patches/security/20130618/8011243-improve_imaginglib.patch,
* patches/security/20130618/8011248-better_component_rasters.patch,
* patches/security/20130618/8011253-better_short_component_rasters.patch,
* patches/security/20130618/8011257-better_byte_component_rasters.patch,
* patches/security/20130618/8011557-improve_reflection.patch,
* patches/security/20130618/8012375-javadoc_framing.patch,
* patches/security/20130618/8012421-better_positioning.patch,
* patches/security/20130618/8012438-better_image_validation.patch,
* patches/security/20130618/8012597-better_image_channel_validation.patch,
* patches/security/20130618/8012601-better_layout_validation.patch,
* patches/security/20130618/8014281-better_xml_signature_checking.patch,
* patches/security/20130618/8015997-more_javadoc_framing.patch,
* patches/security/20130618/diamond_fix.patch,
* patches/security/20130618/handle_npe.patch,
* patches/security/20130618/hs_merge-01.patch,
* patches/security/20130618/hs_merge-02.patch,
* patches/security/20130618/hs_merge-03.patch,
* patches/security/20130618/hs_merge-04.patch,
* patches/security/20130618/javac_issue.patch,
* patches/security/20130618/langtools_generics.patch,
* patches/security/20130618/langtools_merge-01.patch,
* patches/security/20130618/langtools_merge-02.patch,
* patches/security/20130618/langtools_merge-03.patch:
2013/06/18 security patches.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Sat, 22 Jun 2013 16:38:24 -0500 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User andrew # Date 1371485843 18000 # Node ID 56bbd9db0a4965701dc64b41dac04507fa74f934 # Parent 9bfe1c4dabb13428827ab592c4ee120593407603 8008593: Better URLClassLoader resource management diff --git a/make/java/zip/mapfile-vers b/make/java/zip/mapfile-vers --- openjdk/jdk/make/java/zip/mapfile-vers +++ openjdk/jdk/make/java/zip/mapfile-vers @@ -64,6 +64,7 @@ Java_java_util_zip_ZipFile_initIDs; Java_java_util_zip_ZipFile_open; Java_java_util_zip_ZipFile_read; + Java_java_util_zip_ZipFile_startsWithLOC; ZIP_Close; ZIP_CRC32; diff --git a/make/java/zip/reorder-i586 b/make/java/zip/reorder-i586 --- openjdk/jdk/make/java/zip/reorder-i586 +++ openjdk/jdk/make/java/zip/reorder-i586 @@ -19,6 +19,7 @@ text: .text%Java_java_util_zip_ZipFile_initIDs; text: .text%Java_java_util_zip_ZipFile_open; text: .text%Java_java_util_zip_ZipFile_getTotal; +text: .text%Java_java_util_zip_ZipFile_startsWithLOC; text: .text%Java_java_util_zip_ZipFile_getEntry; text: .text%Java_java_util_zip_ZipEntry_initIDs; text: .text%Java_java_util_zip_ZipEntry_initFields; diff --git a/make/java/zip/reorder-sparc b/make/java/zip/reorder-sparc --- openjdk/jdk/make/java/zip/reorder-sparc +++ openjdk/jdk/make/java/zip/reorder-sparc @@ -18,6 +18,7 @@ text: .text%Java_java_util_zip_ZipFile_initIDs; text: .text%Java_java_util_zip_ZipFile_open; text: .text%Java_java_util_zip_ZipFile_getTotal; +text: .text%Java_java_util_zip_ZipFile_startsWithLOC; text: .text%Java_java_util_zip_ZipFile_getEntry; text: .text%Java_java_util_zip_ZipEntry_initIDs; text: .text%Java_java_util_zip_ZipEntry_initFields; diff --git a/make/java/zip/reorder-sparcv9 b/make/java/zip/reorder-sparcv9 --- openjdk/jdk/make/java/zip/reorder-sparcv9 +++ openjdk/jdk/make/java/zip/reorder-sparcv9 @@ -19,6 +19,7 @@ text: .text%Java_java_util_zip_ZipFile_initIDs; text: .text%Java_java_util_zip_ZipFile_open; text: .text%Java_java_util_zip_ZipFile_getTotal; +text: .text%Java_java_util_zip_ZipFile_startsWithLOC; text: .text%Java_java_util_zip_ZipFile_getEntry; text: .text%Java_java_util_zip_ZipEntry_initIDs; text: .text%Java_java_util_zip_ZipEntry_initFields; diff --git a/src/share/classes/java/util/zip/ZipFile.java b/src/share/classes/java/util/zip/ZipFile.java --- openjdk/jdk/src/share/classes/java/util/zip/ZipFile.java +++ openjdk/jdk/src/share/classes/java/util/zip/ZipFile.java @@ -44,9 +44,10 @@ */ public class ZipFile implements ZipConstants { - private long jzfile; // address of jzfile data - private String name; // zip file name - private int total; // total number of entries + private long jzfile; // address of jzfile data + private final String name; // zip file name + private final int total; // total number of entries + private final boolean locsig; // if zip file starts with LOCSIG (usually true) private boolean closeRequested; private static final int STORED = ZipEntry.STORED; @@ -132,10 +133,30 @@ this.name = name; this.total = getTotal(jzfile); + this.locsig = startsWithLOC(jzfile); + } + + static { + sun.misc.SharedSecrets.setJavaUtilZipFileAccess( + new sun.misc.JavaUtilZipFileAccess() { + public boolean startsWithLocHeader(ZipFile zip) { + return zip.startsWithLocHeader(); + } + } + ); + } + + /** + * Returns {@code true} if, and only if, the zip file begins with {@code + * LOCSIG}. + */ + private boolean startsWithLocHeader() { + return locsig; } private static native long open(String name, int mode, long lastModified); private static native int getTotal(long jzfile); + private static native boolean startsWithLOC(long jzfile); /** diff --git a/src/share/classes/sun/misc/JavaUtilZipFileAccess.java b/src/share/classes/sun/misc/JavaUtilZipFileAccess.java new file mode 100644 --- /dev/null +++ openjdk/jdk/src/share/classes/sun/misc/JavaUtilZipFileAccess.java @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.misc; + +import java.util.zip.ZipFile; + +public interface JavaUtilZipFileAccess { + public boolean startsWithLocHeader(ZipFile zip); +} diff --git a/src/share/classes/sun/misc/SharedSecrets.java b/src/share/classes/sun/misc/SharedSecrets.java --- openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java +++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java @@ -52,6 +52,7 @@ private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess; private static JavaSecurityAccess javaSecurityAccess; + private static JavaUtilZipFileAccess javaUtilZipFileAccess; private static JavaAWTAccess javaAWTAccess; private static JavaIOFileAccess javaIOFileAccess; @@ -141,6 +142,16 @@ return javaSecurityAccess; } + public static JavaUtilZipFileAccess getJavaUtilZipFileAccess() { + if (javaUtilZipFileAccess == null) + unsafe.ensureClassInitialized(java.util.zip.ZipFile.class); + return javaUtilZipFileAccess; + } + + public static void setJavaUtilZipFileAccess(JavaUtilZipFileAccess access) { + javaUtilZipFileAccess = access; + } + public static void setJavaAWTAccess(JavaAWTAccess jaa) { javaAWTAccess = jaa; } diff --git a/src/share/classes/sun/misc/URLClassPath.java b/src/share/classes/sun/misc/URLClassPath.java --- openjdk/jdk/src/share/classes/sun/misc/URLClassPath.java +++ openjdk/jdk/src/share/classes/sun/misc/URLClassPath.java @@ -77,12 +77,16 @@ final static String USER_AGENT_JAVA_VERSION = "UA-Java-Version"; final static String JAVA_VERSION; private static final boolean DEBUG; + private static final boolean DISABLE_JAR_CHECKING; static { JAVA_VERSION = java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction("java.version")); DEBUG = (java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction("sun.misc.URLClassPath.debug")) != null); + String p = java.security.AccessController.doPrivileged( + new sun.security.action.GetPropertyAction("sun.misc.URLClassPath.disableJarChecking")); + DISABLE_JAR_CHECKING = p != null ? p.equals("true") || p.equals("") : false; } /* The original search path of URLs. */ @@ -559,6 +563,8 @@ private MetaIndex metaIndex; private URLStreamHandler handler; private HashMap lmap; + private static final sun.misc.JavaUtilZipFileAccess zipAccess = + sun.misc.SharedSecrets.getJavaUtilZipFileAccess(); /* * Creates a new JarLoader for the specified URL referring to @@ -650,6 +656,14 @@ } } + /* Throws if the given jar file is does not start with the correct LOC */ + static JarFile checkJar(JarFile jar) throws IOException { + if (System.getSecurityManager() != null && !DISABLE_JAR_CHECKING + && !zipAccess.startsWithLocHeader(jar)) + throw new IOException("Invalid Jar file"); + return jar; + } + private JarFile getJarFile(URL url) throws IOException { // Optimize case where url refers to a local jar file if (isOptimizable(url)) { @@ -657,11 +671,12 @@ if (!p.exists()) { throw new FileNotFoundException(p.getPath()); } - return new JarFile (p.getPath()); + return checkJar(new JarFile(p.getPath())); } URLConnection uc = getBaseURL().openConnection(); uc.setRequestProperty(USER_AGENT_JAVA_VERSION, JAVA_VERSION); - return ((JarURLConnection)uc).getJarFile(); + JarFile jarFile = ((JarURLConnection)uc).getJarFile(); + return checkJar(jarFile); } /* diff --git a/src/share/native/java/util/zip/ZipFile.c b/src/share/native/java/util/zip/ZipFile.c --- openjdk/jdk/src/share/native/java/util/zip/ZipFile.c +++ openjdk/jdk/src/share/native/java/util/zip/ZipFile.c @@ -133,6 +133,14 @@ return zip->total; } +JNIEXPORT jboolean JNICALL +Java_java_util_zip_ZipFile_startsWithLOC(JNIEnv *env, jclass cls, jlong zfile) +{ + jzfile *zip = jlong_to_ptr(zfile); + + return zip->locsig; +} + JNIEXPORT void JNICALL Java_java_util_zip_ZipFile_close(JNIEnv *env, jclass cls, jlong zfile) { diff --git a/src/share/native/java/util/zip/zip_util.c b/src/share/native/java/util/zip/zip_util.c --- openjdk/jdk/src/share/native/java/util/zip/zip_util.c +++ openjdk/jdk/src/share/native/java/util/zip/zip_util.c @@ -721,6 +721,14 @@ return NULL; } + // Assumption, zfd refers to start of file. Trivially, reuse errbuf. + if (readFully(zfd, errbuf, 4) != -1) { // errors will be handled later + if (GETSIG(errbuf) == LOCSIG) + zip->locsig = JNI_TRUE; + else + zip->locsig = JNI_FALSE; + } + len = zip->len = ZFILE_Lseek(zfd, 0, SEEK_END); if (len == -1) { if (pmsg && JVM_GetLastErrorString(errbuf, sizeof(errbuf)) > 0) diff --git a/src/share/native/java/util/zip/zip_util.h b/src/share/native/java/util/zip/zip_util.h --- openjdk/jdk/src/share/native/java/util/zip/zip_util.h +++ openjdk/jdk/src/share/native/java/util/zip/zip_util.h @@ -179,6 +179,7 @@ #else cencache cencache; /* CEN header cache */ #endif + jboolean locsig; /* if zip file starts with LOCSIG */ ZFILE zfd; /* open file descriptor */ void *lock; /* read lock */ char *comment; /* zip file comment */