Mercurial > hg > release > icedtea6-1.12
view patches/openjdk/8014745-logger_stack_walk_switch.patch @ 3029:dfef77966f7c
Add 2013/10/15 security fixes.
2013-10-29 Andrew John Hughes <gnu.andrew@redhat.com>
* Makefile.am:
(SECURITY_PATCHES): Add security update.
* NEWS: Updated.
* patches/jtreg-LastErrorString.patch,
* patches/use-idx_t.patch,
* patches/openjdk/7162902-corba_fixes.patch,
* patches/openjdk/7196533-timezone_bottleneck.patch,
* patches/openjdk/8010727-empty_logger_name.patch,
* patches/openjdk/8010939-logmanager_deadlock.patch,
* patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch,
* patches/openjdk/8014718-remove_logging_suntoolkit.patch:
Regenerated.
* patches/nss-config.patch: Fix path to java.security.
* patches/openjdk/4075303-javap_update.patch,
* patches/openjdk/4111861-static_fields.patch,
* patches/openjdk/4501661-disallow_mixing.patch,
* patches/openjdk/4884240-javap_additional_option.patch,
* patches/openjdk/6708729-javap_makefile_update.patch,
* patches/openjdk/6715767-javap_crash.patch,
* patches/openjdk/6819246-javap_instruction_decoding.patch,
* patches/openjdk/6824493-experimental.patch,
* patches/openjdk/6841419-classfile_iterator.patch,
* patches/openjdk/6841420-classfile_methods.patch,
* patches/openjdk/6843013-missing_experimental.patch,
* patches/openjdk/6852856-javap_subclasses.patch,
* patches/openjdk/6867671-javap_whitespace.patch,
* patches/openjdk/6868539-constant_pool_tags.patch,
* patches/openjdk/6902264-fix_indentation.patch,
* patches/openjdk/6954275-big_xml_signatures.patch,
* patches/openjdk/7146431-java.security_files.patch,
* patches/openjdk/8000450-restrict_access.patch,
* patches/openjdk/8002070-remove_logger_stack_search.patch,
* patches/openjdk/8003992-embedded_nulls.patch,
* patches/openjdk/8004188-rename_java.security.patch,
* patches/openjdk/8006882-jmockit.patch,
* patches/openjdk/8006900-new_date_time.patch,
* patches/openjdk/8008589-better_mbean_permission_validation.patch,
* patches/openjdk/8010118-caller_sensitive.patch,
* patches/openjdk/8011071-better_crypto_provider_handling.patch,
* patches/openjdk/8011081-improve_jhat.patch,
* patches/openjdk/8011139-revise_checking_getenclosingclass.patch,
* patches/openjdk/8011157-improve_corba_portability-jdk.patch,
* patches/openjdk/8011157-improve_corba_portability.patch,
* patches/openjdk/8011990-logger_test_urls.patch,
* patches/openjdk/8012071-better_bean_building.patch,
* patches/openjdk/8012147-improve_tool.patch,
* patches/openjdk/8012243-serial_regression.patch,
* patches/openjdk/8012277-improve_dataflavour.patch,
* patches/openjdk/8012425-transform_transformfactory.patch,
* patches/openjdk/8012453-runtime.exec.patch,
* patches/openjdk/8013380-logger_stack_walk_glassfish.patch,
* patches/openjdk/8013503-improve_stream_factories.patch,
* patches/openjdk/8013506-better_pack200.patch,
* patches/openjdk/8013510-augment_image_writing.patch,
* patches/openjdk/8013514-improve_cmap_stability.patch,
* patches/openjdk/8013739-better_ldap_resource_management.patch,
* patches/openjdk/8013744-better_tabling.patch,
* patches/openjdk/8013827-createtempfile_hang.patch,
* patches/openjdk/8014085-better_serialization.patch,
* patches/openjdk/8014093-improve_image_parsing.patch,
* patches/openjdk/8014102-improve_image_conversion.patch,
* patches/openjdk/8014341-better_kerberos_service.patch,
* patches/openjdk/8014349-getdeclaredclass_fix.patch,
* patches/openjdk/8014530-better_dsp.patch,
* patches/openjdk/8014534-better_profiling.patch,
* patches/openjdk/8014745-logger_stack_walk_switch.patch,
* patches/openjdk/8014987-augment_serialization.patch,
* patches/openjdk/8015144-performance_regression.patch,
* patches/openjdk/8015614-update_build.patch,
* patches/openjdk/8015731-auth_improvements.patch,
* patches/openjdk/8015743-address_internet_addresses.patch,
* patches/openjdk/8015965-typo_in_property_name.patch,
* patches/openjdk/8015978-incorrect_transformation.patch,
* patches/openjdk/8016256-finalization_final.patch,
* patches/openjdk/8016357-update_hs_diagnostic_class.patch,
* patches/openjdk/8016653-ignoreable_characters.patch,
* patches/openjdk/8016675-robust_javadoc.patch,
* patches/openjdk/8017196-ensure_proxies_are_handled_appropriately-jdk.patch,
* patches/openjdk/8017196-ensure_proxies_are_handled_appropriately.patch,
* patches/openjdk/8017287-better_resource_disposal.patch,
* patches/openjdk/8017291-cast_proxies_aside.patch,
* patches/openjdk/8017298-better_xml_support.patch,
* patches/openjdk/8017300-improve_interface_implementation.patch,
* patches/openjdk/8017505-better_client_service.patch,
* patches/openjdk/8017566-backout_part_of_8000450.patch,
* patches/openjdk/8019292-better_attribute_value_exceptions.patch,
* patches/openjdk/8019584-invalid_notification_fix.patch,
* patches/openjdk/8019617-better_view_of_objects.patch,
* patches/openjdk/8019969-inet6_test_case_fix.patch,
* patches/openjdk/8019979-better_access_test.patch,
* patches/openjdk/8020293-jvm_crash.patch,
* patches/openjdk/8021290-signature_validation.patch,
* patches/openjdk/8021355-splashscreen_regression.patch,
* patches/openjdk/8021366-jaxp_test_fix-01.patch,
* patches/openjdk/8021577-bean_serialization_fix.patch,
* patches/openjdk/8021933-jaxp_test_fix-02.patch,
* patches/openjdk/8021969-jnlp_load_failure.patch,
* patches/openjdk/8022661-writeobject_flush.patch,
* patches/openjdk/8022682-supporting_xom.patch,
* patches/openjdk/8022940-enhance_corba_translations.patch,
* patches/openjdk/8023683-enhance_class_file_parsing.patch,
* patches/openjdk/8023964-ignore_test.patch,
* patches/openjdk/8024914-swapped_usage.patch,
* patches/openjdk/8025128-createtempfile_absolute_prefix.patch,
* patches/openjdk/oj6-19-fix_8010118_test_cases.patch,
* patches/openjdk/oj6-20-merge.patch,
* patches/openjdk/oj6-21-overrides.patch: Added.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Wed, 20 Nov 2013 22:56:43 +0000 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User mchung # Date 1368826191 25200 # Fri May 17 14:29:51 2013 -0700 # Node ID 0bf55b4c8a7bbea02a9d848b2a5451adbd6a6ac4 # Parent 8733761ca20bb4e46405e274c514bda0e0616a21 8014745: Provide a switch to allow stack walk search of resource bundle Reviewed-by: alanb, jgish diff -r 8733761ca20b -r 0bf55b4c8a7b make/java/java/mapfile-vers --- openjdk/jdk/make/java/java/mapfile-vers Wed Jun 26 22:50:47 2013 -0500 +++ openjdk/jdk/make/java/java/mapfile-vers Fri May 17 14:29:51 2013 -0700 @@ -271,6 +271,7 @@ Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0; Java_sun_reflect_NativeMethodAccessorImpl_invoke0; Java_sun_reflect_Reflection_getCallerClass; + Java_sun_reflect_Reflection_getCallerClass0; Java_sun_reflect_Reflection_getClassAccessFlags; Java_sun_misc_Version_getJdkVersionInfo; Java_sun_misc_Version_getJdkSpecialVersion; diff -r 8733761ca20b -r 0bf55b4c8a7b src/share/classes/java/util/logging/Logger.java --- openjdk/jdk/src/share/classes/java/util/logging/Logger.java Wed Jun 26 22:50:47 2013 -0500 +++ openjdk/jdk/src/share/classes/java/util/logging/Logger.java Fri May 17 14:29:51 2013 -0700 @@ -303,8 +303,13 @@ // null, we assume it's a system logger and add it to the system context. // These system loggers only set the resource bundle to the given // resource bundle name (rather than the default system resource bundle). - private static class SystemLoggerHelper { - static boolean disableCallerCheck = getBooleanProperty("sun.util.logging.disableCallerCheck"); + private static class LoggerHelper { + static boolean disableCallerCheck = + getBooleanProperty("sun.util.logging.disableCallerCheck"); + + // workaround to turn on the old behavior for resource bundle search + static boolean allowStackWalkSearch = + getBooleanProperty("jdk.logging.allowStackWalkSearch"); private static boolean getBooleanProperty(final String key) { String s = AccessController.doPrivileged(new PrivilegedAction<String>() { public String run() { @@ -318,7 +323,7 @@ private static Logger demandLogger(String name, String resourceBundleName, Class<?> caller) { LogManager manager = LogManager.getLogManager(); SecurityManager sm = System.getSecurityManager(); - if (sm != null && !SystemLoggerHelper.disableCallerCheck) { + if (sm != null && !LoggerHelper.disableCallerCheck) { if (caller.getClassLoader() == null) { return manager.demandSystemLogger(name, resourceBundleName); } @@ -1407,25 +1412,61 @@ if (useCallersClassLoader) { // Try with the caller's ClassLoader ClassLoader callersClassLoader = getCallersClassLoader(); + if (callersClassLoader != null && callersClassLoader != cl) { + try { + catalog = ResourceBundle.getBundle(name, currentLocale, + callersClassLoader); + catalogName = name; + catalogLocale = currentLocale; + return catalog; + } catch (MissingResourceException ex) { + } + } + } - if (callersClassLoader == null || callersClassLoader == cl) { - return null; - } - - try { - catalog = ResourceBundle.getBundle(name, currentLocale, - callersClassLoader); - catalogName = name; - catalogLocale = currentLocale; - return catalog; - } catch (MissingResourceException ex) { - return null; // no luck - } + // If -Djdk.logging.allowStackWalkSearch=true is set, + // does stack walk to search for the resource bundle + if (LoggerHelper.allowStackWalkSearch) { + return findResourceBundleFromStack(name, currentLocale, cl); } else { return null; } } + /** + * This method will fail when running with a VM that enforces caller-sensitive + * methods and only allows to get the immediate caller. + */ + @CallerSensitive + private synchronized ResourceBundle findResourceBundleFromStack(String name, + Locale locale, + ClassLoader cl) + { + for (int ix = 0; ; ix++) { + Class<?> clz = sun.reflect.Reflection.getCallerClass(ix); + if (clz == null) { + break; + } + ClassLoader cl2 = clz.getClassLoader(); + if (cl2 == null) { + cl2 = ClassLoader.getSystemClassLoader(); + } + if (cl == cl2) { + // We've already checked this classloader. + continue; + } + cl = cl2; + try { + catalog = ResourceBundle.getBundle(name, locale, cl); + catalogName = name; + catalogLocale = locale; + return catalog; + } catch (MissingResourceException ex) { + } + } + return null; + } + // Private utility method to initialize our one entry // resource bundle name cache and the callers ClassLoader // Note: for consistency reasons, we are careful to check diff -r 8733761ca20b -r 0bf55b4c8a7b src/share/classes/sun/reflect/Reflection.java --- openjdk/jdk/src/share/classes/sun/reflect/Reflection.java Wed Jun 26 22:50:47 2013 -0500 +++ openjdk/jdk/src/share/classes/sun/reflect/Reflection.java Fri May 17 14:29:51 2013 -0700 @@ -58,6 +58,21 @@ @CallerSensitive public static native Class getCallerClass(); + /** + * @deprecated No replacement. This method will be removed in the next + * JDK 7 update release. + */ + @Deprecated + @CallerSensitive + public static Class getCallerClass(int depth) { + return getCallerClass0(depth); + } + + // If the VM enforces getting caller class with @CallerSensitive, + // this will fail anyway. + @CallerSensitive + private static native Class getCallerClass0(int depth); + /** Retrieves the access flags written to the class file. For inner classes these flags may differ from those returned by Class.getModifiers(), which searches the InnerClasses diff -r 8733761ca20b -r 0bf55b4c8a7b src/share/native/sun/reflect/Reflection.c --- openjdk/jdk/src/share/native/sun/reflect/Reflection.c Wed Jun 26 22:50:47 2013 -0500 +++ openjdk/jdk/src/share/native/sun/reflect/Reflection.c Fri May 17 14:29:51 2013 -0700 @@ -34,6 +34,12 @@ return JVM_GetCallerClass(env, 2); } +JNIEXPORT jclass JNICALL Java_sun_reflect_Reflection_getCallerClass0 +(JNIEnv *env, jclass unused, jint depth) +{ + return JVM_GetCallerClass(env, depth); +} + JNIEXPORT jint JNICALL Java_sun_reflect_Reflection_getClassAccessFlags (JNIEnv *env, jclass unused, jclass cls) { diff -r 8733761ca20b -r 0bf55b4c8a7b test/java/util/logging/bundlesearch/ResourceBundleSearchTest.java --- openjdk/jdk/test/java/util/logging/bundlesearch/ResourceBundleSearchTest.java Wed Jun 26 22:50:47 2013 -0500 +++ openjdk/jdk/test/java/util/logging/bundlesearch/ResourceBundleSearchTest.java Fri May 17 14:29:51 2013 -0700 @@ -28,6 +28,7 @@ * @author Jim Gish * @build ResourceBundleSearchTest IndirectlyLoadABundle LoadItUp1 LoadItUp2 TwiceIndirectlyLoadABundle LoadItUp2Invoker * @run main/othervm ResourceBundleSearchTest + * @run main/othervm -Djdk.logging.allowStackWalkSearch=true ResourceBundleSearchTest */ import java.net.URL; import java.net.URLClassLoader; @@ -79,7 +80,15 @@ // Test 1 - can we find a Logger bundle from doing a stack search? // We shouldn't be able to - assertFalse(testGetBundleFromStackSearch(), "1-testGetBundleFromStackSearch"); + // unless -Djdk.logging.allowStackWalkSearch=true is set + + boolean allowStackWalkSearch = Boolean.getBoolean("jdk.logging.allowStackWalkSearch"); + if (allowStackWalkSearch) { + assertTrue(testGetBundleFromStackSearch(), "1-testGetBundleFromStackSearch"); + } else { + // default behavior + assertFalse(testGetBundleFromStackSearch(), "1-testGetBundleFromStackSearch"); + } // Test 2 - can we find a Logger bundle off of the Thread context class // loader? We should be able to. @@ -111,8 +120,10 @@ // Test 6 - first call getLogger("myLogger"). // Then call getLogger("myLogger","bundleName") from a different ClassLoader // Make sure we find the bundle - assertTrue(testGetBundleFromSecondCallersClassLoader(), - "6-testGetBundleFromSecondCallersClassLoader"); + if (!allowStackWalkSearch) { + assertTrue(testGetBundleFromSecondCallersClassLoader(), + "6-testGetBundleFromSecondCallersClassLoader"); + } report(); }