Mercurial > hg > release > icedtea6-1.11
changeset 2910:a1cb163cb044
Drop unnecessary patch for S8009554
2013-06-26 Omair Majid <omajid@redhat.com>
Severin Gehwolf <sgehwolf@redhat.com>
* Makefile.am (SECURITY_PATCHES): Drop
patches/security/20130618/8009554-serialjavaobject.patch.
* patches/security/20130618/8009554-serialjavaobject.patch: Remove. This
was adding redundant permission check
author | Omair Majid <omajid@redhat.com> |
---|---|
date | Wed, 26 Jun 2013 13:45:20 -0400 |
parents | c5297dd496da |
children | ea7bce0f610a |
files | ChangeLog Makefile.am patches/security/20130618/8009554-serialjavaobject.patch |
diffstat | 3 files changed, 8 insertions(+), 79 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Jun 26 10:47:13 2013 -0400 +++ b/ChangeLog Wed Jun 26 13:45:20 2013 -0400 @@ -1,3 +1,11 @@ +2013-06-26 Omair Majid <omajid@redhat.com> + Severin Gehwolf <sgehwolf@redhat.com> + + * Makefile.am (SECURITY_PATCHES): Drop + patches/security/20130618/8009554-serialjavaobject.patch. + * patches/security/20130618/8009554-serialjavaobject.patch: Remove. This + was adding redundant permission checking. + 2013-06-26 Omair Majid <omajid@redhat.com> * Makefile.am:
--- a/Makefile.am Wed Jun 26 10:47:13 2013 -0400 +++ b/Makefile.am Wed Jun 26 13:45:20 2013 -0400 @@ -363,7 +363,6 @@ patches/security/20130618/8009038-jmx_notification_support_improvement.patch \ patches/security/20130618/8009067-improve_key_storing.patch \ patches/security/20130618/8009235-improve_tsa_data_handling.patch \ - patches/security/20130618/8009554-serialjavaobject.patch \ patches/openjdk/6888167-medialib_memory_leaks.patch \ patches/security/20130618/8011243-improve_imaginglib.patch \ patches/security/20130618/8011248-better_component_rasters.patch \
--- a/patches/security/20130618/8009554-serialjavaobject.patch Wed Jun 26 10:47:13 2013 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,78 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1371556350 18000 -# Node ID 5fcac0fe0ace5584b980a35afb582519f8434617 -# Parent 97f318cdfb834385beb7370348582daebccc8987 -8009554: Improve SerialJavaObject.getFields -Reviewed-by: alanb, skoivu - -diff --git a/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java b/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java ---- openjdk/jdk/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java -+++ openjdk/jdk/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -30,6 +30,7 @@ - import java.util.Map; - import java.lang.reflect.*; - import javax.sql.rowset.RowSetWarning; -+import sun.reflect.Reflection; - - /** - * A serializable mapping in the Java programming language of an SQL -@@ -136,10 +137,12 @@ - * @return an array of <code>Field</code> objects - * @throws SerialException if an error is encountered accessing - * the serialized object -+ * @see Class#getFields - */ - public Field[] getFields() throws SerialException { - if (fields != null) { - Class c = this.obj.getClass(); -+ checkPackageAccess(c); - //the following has to be commented before mustang integration - //return c.getFields(); - //the following has to be uncommented before mustang integration -@@ -172,4 +175,38 @@ - } - chain.add(e); - } -+ -+ /* -+ * Check if the caller is allowed to access the specified class's package. If access is denied, -+ * throw a SecurityException. -+ * -+ */ -+ private void checkPackageAccess(Class<?> clz) { -+ SecurityManager s = System.getSecurityManager(); -+ if (s != null) { -+ if (sun.reflect.misc.ReflectUtil.needsPackageAccessCheck( -+ getCallerClassLoader(), clz.getClassLoader())) { -+ String name = clz.getName(); -+ int i = name.lastIndexOf('.'); -+ if (i != -1) { -+ s.checkPackageAccess(name.substring(0, i)); -+ } -+ } -+ } -+ } -+ -+ /* Internal method used to get the caller's caller class loader. -+ * Caution is required if you attempt to make changes as this method assumes -+ * the following stack frame count: -+ * 0: Reflection -+ * 1: getCallerClassLoader -+ * 2: checkPackageAccess -+ * 3: getFields -+ * 4: caller of getFields -+ */ -+ private static ClassLoader getCallerClassLoader() { -+ Class<?> cc = Reflection.getCallerClass(4); -+ ClassLoader cl = (cc != null) ? cc.getClassLoader() : null; -+ return cl; -+ } - }