Mercurial > hg > release > icedtea6-1.12

view patches/security/20130618/8004584-augment_applet_contextualization.patch @ 3004:08ce3247b5b0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 2013/06/18 security patches. 2013-06-22 Andrew John Hughes <gnu.andrew@member.fsf.org> * patches/idresolver_fix.patch: Removed. Part of 6469266. * Makefile.am: (SECURITY_PATCHES): Add new ones. (SPECIAL_SECURITY_PATCH_1): Renamed from SPECIAL_SECURITY_PATCH. (SPECIAL_SECURITY_PATCH_2): Add 8009071, which needs to be applied after some AWT backports. (ICEDTEA_PATCHES): Use SPECIAL_SECURITY_PATCH_{1,2}. Move 8005615, 8007393 & 8007611 to SECURITY_PATCHES as must be applied before 8004584. Add 7171223 to end. * patches/openjdk/6307603-xrender-01.patch, * patches/openjdk/6469266-xmlsec_1.4.2.patch, * patches/openjdk/6656651-windows_lcd_glyphs.patch, * patches/openjdk/6786028-wcag_bold_tags.patch, * patches/openjdk/6786682-wcag_lang.patch, * patches/openjdk/6786688-wcag_table.patch, * patches/openjdk/6786690-wcag_dl.patch, * patches/openjdk/6802694-no_deprecated.patch, * patches/openjdk/6851834-restructure.patch, * patches/openjdk/6888167-medialib_memory_leaks.patch, * patches/openjdk/6961178-doclet_xml.patch, * patches/openjdk/6990754-use_native_memory_for_symboltable.patch, * patches/openjdk/7006270-regressions.patch, * patches/openjdk/7008809-report_class_in_arraystoreexception.patch, * patches/openjdk/7014851-unused_parallel_compaction_code.patch, * patches/openjdk/7017732-move_static_fields_to_class.patch, * patches/openjdk/7036747-elfstringtable.patch, * patches/openjdk/7086585-flexible_field_injection.patch, * patches/openjdk/7171223-strict_aliasing.patch, * patches/openjdk/7195301-no_instanceof_node.patch, * patches/security/20130618/6741606-apache_santuario.patch, * patches/security/20130618/7158805-nested_subroutine_rewriting.patch, * patches/security/20130618/7170730-windows_network_stack.patch, * patches/security/20130618/8000638-improve_deserialization.patch, * patches/security/20130618/8000642-better_transportation_handling.patch, * patches/security/20130618/8001032-restrict_object_access-corba.patch, * patches/security/20130618/8001032-restrict_object_access-jdk.patch, * patches/security/20130618/8001033-refactor_address_handling.patch, * patches/security/20130618/8001034-memory_management.patch, * patches/security/20130618/8001038-resourcefully_handle_resources.patch, * patches/security/20130618/8001043-clarify_definition_restrictions.patch, * patches/security/20130618/8001309-better_handling_of_annotation_interfaces.patch, * patches/security/20130618/8001318-6_fixup.patch, * patches/security/20130618/8001318-socket_getlocaladdress_consistency.patch, * patches/security/20130618/8001330-checking_order_improvement.patch, * patches/security/20130618/8001330-improve_checking_order.patch, * patches/security/20130618/8003703-update_rmi_connection_dialog.patch, * patches/security/20130618/8004584-augment_applet_contextualization.patch, * patches/security/20130618/8005007-better_glyph_processing.patch, * patches/security/20130618/8006328-6_fixup.patch, * patches/security/20130618/8006328-sound_class_robustness.patch, * patches/security/20130618/8006611-improve_scripting.patch, * patches/security/20130618/8007467-improve_jmx_internal_api_robustness.patch, * patches/security/20130618/8007471-6_fixup.patch, * patches/security/20130618/8007471-improve_mbean_notifications.patch, * patches/security/20130618/8007812-getenclosingmethod.patch, * patches/security/20130618/8008120-improve_jmx_class_checking.patch, * patches/security/20130618/8008124-better_compliance_testing.patch, * patches/security/20130618/8008128-better_jmx_api_coherence.patch, * patches/security/20130618/8008132-better_serialization.patch, * patches/security/20130618/8008585-jmx_data_handling.patch, * patches/security/20130618/8008593-better_urlclassloader.patch, * patches/security/20130618/8008603-jmx_provider_provision.patch, * patches/security/20130618/8008611-6_fixup.patch, * patches/security/20130618/8008611-jmx_annotations.patch, * patches/security/20130618/8008615-jmx_internal_api_robustness.patch, * patches/security/20130618/8008623-mbeanserver_handling.patch, * patches/security/20130618/8008744-6741606_rework.patch, * patches/security/20130618/8008982-jmx_interface_changes.patch, * patches/security/20130618/8009004-rmi_connection_improvement.patch, * patches/security/20130618/8009013-t2k_glyphs.patch, * patches/security/20130618/8009034-jmx_notification_improvement.patch, * patches/security/20130618/8009038-jmx_notification_support_improvement.patch, * patches/security/20130618/8009067-improve_key_storing.patch, * patches/security/20130618/8009071-improve_shape_handling.patch, * patches/security/20130618/8009235-improve_tsa_data_handling.patch, * patches/security/20130618/8009554-serialjavaobject.patch, * patches/security/20130618/8011243-improve_imaginglib.patch, * patches/security/20130618/8011248-better_component_rasters.patch, * patches/security/20130618/8011253-better_short_component_rasters.patch, * patches/security/20130618/8011257-better_byte_component_rasters.patch, * patches/security/20130618/8011557-improve_reflection.patch, * patches/security/20130618/8012375-javadoc_framing.patch, * patches/security/20130618/8012421-better_positioning.patch, * patches/security/20130618/8012438-better_image_validation.patch, * patches/security/20130618/8012597-better_image_channel_validation.patch, * patches/security/20130618/8012601-better_layout_validation.patch, * patches/security/20130618/8014281-better_xml_signature_checking.patch, * patches/security/20130618/8015997-more_javadoc_framing.patch, * patches/security/20130618/diamond_fix.patch, * patches/security/20130618/handle_npe.patch, * patches/security/20130618/hs_merge-01.patch, * patches/security/20130618/hs_merge-02.patch, * patches/security/20130618/hs_merge-03.patch, * patches/security/20130618/hs_merge-04.patch, * patches/security/20130618/javac_issue.patch, * patches/security/20130618/langtools_generics.patch, * patches/security/20130618/langtools_merge-01.patch, * patches/security/20130618/langtools_merge-02.patch, * patches/security/20130618/langtools_merge-03.patch: 2013/06/18 security patches. * patches/apache-xml-internal-fix-bug-38655.patch: Remove.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Sat, 22 Jun 2013 16:38:24 -0500
parents
children
line wrap: on
line source

# HG changeset patch
# User andrew
# Date 1371392356 18000
# Node ID 148e0adac8e895f2cee0d121f0699bb9d4923044
# Parent  672b00f8dd800d0b494cde9eb219bd82179c5ff5
8004584: Augment applet contextualization
Summary: Do not create the main AppContext for applets

diff --git a/src/share/classes/java/util/logging/LogManager.java b/src/share/classes/java/util/logging/LogManager.java
--- openjdk/jdk/src/share/classes/java/util/logging/LogManager.java
+++ openjdk/jdk/src/share/classes/java/util/logging/LogManager.java
@@ -342,27 +342,23 @@
                 // from the execution stack.
                 Object ecx = javaAwtAccess.getExecutionContext();
                 if (ecx == null) {
-                    // fall back to AppContext.getAppContext()
+                    // fall back to thread group seach of AppContext
                     ecx = javaAwtAccess.getContext();
                 }
-                context = (LoggerContext) javaAwtAccess.get(ecx, LoggerContext.class);
-                if (context == null) {
-                    if (javaAwtAccess.isMainAppContext()) {
-                        context = userContext;
-                    } else {
-                        context = new LoggerContext();
-                        // during initialization, rootLogger is null when
-                        // instantiating itself RootLogger
-                        if (manager.rootLogger != null)
-                            context.addLocalLogger(manager.rootLogger);
+                if (ecx != null) {
+                    context = (LoggerContext)javaAwtAccess.get(ecx, LoggerContext.class);
+                    if (context == null) {
+                        if (javaAwtAccess.isMainAppContext()) {
+                            context = userContext;
+                        } else {
+                            context = new LoggerContext();
+                        }
+                        javaAwtAccess.put(ecx, LoggerContext.class, context);
                     }
-                    javaAwtAccess.put(ecx, LoggerContext.class, context);
                 }
             }
-        } else {
-            context = userContext;
         }
-        return context;
+        return context != null ? context : userContext;
     }
 
     private List<LoggerContext> contexts() {
@@ -489,9 +485,22 @@
             return logger;
         }
 
+        synchronized void ensureRootLogger(Logger logger) {
+            if (logger == manager.rootLogger)
+                return;
+
+            // during initialization, rootLogger is null when
+            // instantiating itself RootLogger
+            if (findLogger("") == null && manager.rootLogger != null) {
+                addLocalLogger(manager.rootLogger);
+            }
+        }
+
         // Add a logger to this context.  This method will only set its level
         // and process parent loggers.  It doesn't set its handlers.
         synchronized boolean addLocalLogger(Logger logger) {
+            ensureRootLogger(logger);
+
             final String name = logger.getName();
             if (name == null) {
                 throw new NullPointerException();
diff --git a/src/share/classes/sun/applet/AppletSecurity.java b/src/share/classes/sun/applet/AppletSecurity.java
--- openjdk/jdk/src/share/classes/sun/applet/AppletSecurity.java
+++ openjdk/jdk/src/share/classes/sun/applet/AppletSecurity.java
@@ -52,7 +52,6 @@
  */
 public
 class AppletSecurity extends AWTSecurityManager {
-    private AppContext mainAppContext;
 
     //URLClassLoader.acc
     private static Field facc = null;
@@ -77,7 +76,6 @@
      */
     public AppletSecurity() {
         reset();
-        mainAppContext = AppContext.getAppContext();
     }
 
     // Cache to store known restricted packages
@@ -312,7 +310,7 @@
         AppContext appContext = AppContext.getAppContext();
         AppletClassLoader appletClassLoader = currentAppletClassLoader();
 
-        if ((appContext == mainAppContext) && (appletClassLoader != null)) {
+        if (AppContext.isMainContext(appContext) && (appletClassLoader != null)) {
             // If we're about to allow access to the main EventQueue,
             // and anything untrusted is on the class context stack,
             // disallow access.
diff --git a/src/share/classes/sun/awt/AppContext.java b/src/share/classes/sun/awt/AppContext.java
--- openjdk/jdk/src/share/classes/sun/awt/AppContext.java
+++ openjdk/jdk/src/share/classes/sun/awt/AppContext.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,7 @@
 import java.util.HashSet;
 import java.beans.PropertyChangeSupport;
 import java.beans.PropertyChangeListener;
+import java.util.concurrent.atomic.AtomicInteger;
 
 /**
  * The AppContext is a table referenced by ThreadGroup which stores
@@ -147,8 +148,9 @@
     }
 
     /* The main "system" AppContext, used by everything not otherwise
-       contained in another AppContext.
-     */
+       contained in another AppContext. It is implicitly created for
+       standalone apps only (i.e. not applets)
+    */
     private static AppContext mainAppContext = null;
 
     /*
@@ -181,27 +183,6 @@
     }
 
 
-    static {
-        // On the main Thread, we get the ThreadGroup, make a corresponding
-        // AppContext, and instantiate the Java EventQueue.  This way, legacy
-        // code is unaffected by the move to multiple AppContext ability.
-        AccessController.doPrivileged(new PrivilegedAction() {
-          public Object run() {
-            ThreadGroup currentThreadGroup =
-                                Thread.currentThread().getThreadGroup();
-            ThreadGroup parentThreadGroup = currentThreadGroup.getParent();
-            while (parentThreadGroup != null) {
-                // Find the root ThreadGroup to construct our main AppContext
-                currentThreadGroup = parentThreadGroup;
-                parentThreadGroup = currentThreadGroup.getParent();
-            }
-            mainAppContext = new AppContext(currentThreadGroup);
-            numAppContexts = 1;
-            return mainAppContext;
-          }
-        });
-    }
-
     /*
      * The total number of AppContexts, system-wide.  This number is
      * incremented at the beginning of the constructor, and decremented
@@ -209,7 +190,7 @@
      * number is 1.  If so, it returns the sole AppContext without
      * checking Thread.currentThread().
      */
-    private static int numAppContexts;
+    private static final AtomicInteger numAppContexts = new AtomicInteger(0);
 
     /*
      * The context ClassLoader that was used to create this AppContext.
@@ -230,7 +211,7 @@
      * @since   1.2
      */
     AppContext(ThreadGroup threadGroup) {
-        numAppContexts++;
+        numAppContexts.incrementAndGet();
 
         this.threadGroup = threadGroup;
         threadGroup2appContext.put(threadGroup, this);
@@ -245,6 +226,27 @@
 
     private static MostRecentThreadAppContext mostRecentThreadAppContext = null;
 
+    private final static void initMainAppContext() {
+        // On the main Thread, we get the ThreadGroup, make a corresponding
+        // AppContext, and instantiate the Java EventQueue.  This way, legacy
+        // code is unaffected by the move to multiple AppContext ability.
+        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            public Void run() {
+                ThreadGroup currentThreadGroup =
+                        Thread.currentThread().getThreadGroup();
+                ThreadGroup parentThreadGroup = currentThreadGroup.getParent();
+                while (parentThreadGroup != null) {
+                    // Find the root ThreadGroup to construct our main AppContext
+                    currentThreadGroup = parentThreadGroup;
+                    parentThreadGroup = currentThreadGroup.getParent();
+                }
+
+                mainAppContext = SunToolkit.createNewAppContext(currentThreadGroup);
+                return null;
+            }
+        });
+    }
+
     /**
      * Returns the appropriate AppContext for the caller,
      * as determined by its ThreadGroup.  If the main "system" AppContext
@@ -257,8 +259,10 @@
      * @since   1.2
      */
     public final static AppContext getAppContext() {
-        if (numAppContexts == 1)   // If there's only one system-wide,
-            return mainAppContext; // return the main system AppContext.
+        // we are standalone app, return the main app context
+        if (numAppContexts.get() == 1 && mainAppContext != null) {
+            return mainAppContext;
+        }
 
         final Thread currentThread = Thread.currentThread();
 
@@ -284,16 +288,25 @@
             // when new AppContext objects are created.
             ThreadGroup currentThreadGroup = currentThread.getThreadGroup();
             ThreadGroup threadGroup = currentThreadGroup;
+
+                    // Special case: we implicitly create the main app context
+                    // if no contexts have been created yet. This covers standalone apps
+                    // and excludes applets because by the time applet starts
+                    // a number of contexts have already been created by the plugin.
+                    if (numAppContexts.get() == 0) {
+                        // This check is not necessary, its purpose is to help
+                        // Plugin devs to catch all the cases of main AC creation.
+                        if (System.getProperty("javaplugin.version") == null &&
+                                System.getProperty("javawebstart.version") == null) {
+                            initMainAppContext();
+                        }
+                    }
+
             AppContext context = threadGroup2appContext.get(threadGroup);
             while (context == null) {
                 threadGroup = threadGroup.getParent();
                 if (threadGroup == null) {
-                    // If we get here, we're running under a ThreadGroup that
-                    // has no AppContext associated with it.  This should never
-                    // happen, because createNewContext() should be used by the
-                    // toolkit to create the ThreadGroup that everything runs
-                    // under.
-                    throw new RuntimeException("Invalid ThreadGroup");
+		    return null;
                 }
                 context = threadGroup2appContext.get(threadGroup);
             }
@@ -303,10 +316,8 @@
             for (ThreadGroup tg = currentThreadGroup; tg != threadGroup; tg = tg.getParent()) {
                 threadGroup2appContext.put(tg, context);
             }
+
             // Now we're done, so we cache the latest key/value pair.
-            // (we do this before checking with any AWTSecurityManager, so if
-            // this Thread equates with the main AppContext in the cache, it
-            // still will)
             mostRecentThreadAppContext =
                 new MostRecentThreadAppContext(currentThread, context);
 
@@ -315,17 +326,17 @@
          });
         }
 
-        if (appContext == mainAppContext)  {
-            // Before we return the main "system" AppContext, check to
-            // see if there's an AWTSecurityManager installed.  If so,
-            // allow it to choose the AppContext to return.
-            AppContext secAppContext = getExecutionAppContext();
-            if (secAppContext != null) {
-               appContext = secAppContext; // Return what we're told
-            }
-        }
+        return appContext;
+    }
 
-        return appContext;
+    /**
+     * Returns true if the specified AppContext is the main AppContext.
+     *
+     * @param   ctx the context to compare with the main context
+     * @return  true if the specified AppContext is the main AppContext.
+     */
+    public final static boolean isMainContext(AppContext ctx) {
+        return (ctx != null && ctx == mainAppContext);
     }
 
     private final static AppContext getExecutionAppContext() {
@@ -500,7 +511,7 @@
             this.table.clear(); // Clear out the Hashtable to ease garbage collection
         }
 
-        numAppContexts--;
+        numAppContexts.decrementAndGet();
 
         mostRecentKeyValue = null;
     }
@@ -790,7 +801,7 @@
                 return getAppContext().isDisposed();
             }
             public boolean isMainAppContext() {
-                return (numAppContexts == 1);
+                return (numAppContexts.get() == 1 && mainAppContext != null);
             }
             public Object getContext() {
                 return getAppContext();
diff --git a/src/share/classes/sun/awt/SunToolkit.java b/src/share/classes/sun/awt/SunToolkit.java
--- openjdk/jdk/src/share/classes/sun/awt/SunToolkit.java
+++ openjdk/jdk/src/share/classes/sun/awt/SunToolkit.java
@@ -293,6 +293,10 @@
      */
     public static AppContext createNewAppContext() {
         ThreadGroup threadGroup = Thread.currentThread().getThreadGroup();
+        return createNewAppContext(threadGroup);
+    }
+
+    static final AppContext createNewAppContext(ThreadGroup threadGroup) {
         EventQueue eventQueue;
         String eqName = System.getProperty("AWT.EventQueueClass",
                                            "java.awt.EventQueue");