Mercurial > hg > release > icedtea6-1.6
view patches/security/20100330/6893954.patch @ 1723:d48a4f542e7d
Add new security patches and fix srcdir!=builddir issues.
2009-03-30 Andrew John Hughes <ahughes@redhat.com>
* patches/icedtea-systemtap.patch:
Moved to HotSpot-specific patch tree.
* Makefile.am: Add new security patches
and add $(HSBUILD) to systemtap patch.
Put copied OpenJDK files in openjdk-copy
rather than a duplicate rt directory
in the build tree.
* NEWS: List new security patches.
* patches/hotspot/default/systemtap.patch:
From patches/icedtea-systemtap.patch.
* patches/hotspot/original/icedtea-format.patch,
* patches/hotspot/original/systemtap.patch:
Added for original HotSpot build.
* patches/security/20100330/6626217.patch,
* patches/security/20100330/6633872.patch,
* patches/security/20100330/6639665.patch,
* patches/security/20100330/6736390.patch,
* patches/security/20100330/6745393.patch,
* patches/security/20100330/6887703.patch,
* patches/security/20100330/6888149.patch,
* patches/security/20100330/6892265.patch,
* patches/security/20100330/6893947.patch,
* patches/security/20100330/6893954.patch,
* patches/security/20100330/6898622.patch,
* patches/security/20100330/6898739.patch,
* patches/security/20100330/6899653.patch,
* patches/security/20100330/6902299.patch,
* patches/security/20100330/6904691.patch,
* patches/security/20100330/6909597.patch,
* patches/security/20100330/6910590.patch,
* patches/security/20100330/6914823.patch,
* patches/security/20100330/6914866.patch,
* patches/security/20100330/6932480.patch,
* patches/security/20100330/hotspot/default/6894807.patch,
* patches/security/20100330/hotspot/original/6894807.patch:
New security and hardening patches
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Tue, 30 Mar 2010 23:04:54 +0100 |
parents | |
children |
line wrap: on
line source
diff -Nru openjdk.orig/jdk/src/share/classes/java/net/DatagramSocket.java openjdk/jdk/src/share/classes/java/net/DatagramSocket.java --- openjdk.orig/jdk/src/share/classes/java/net/DatagramSocket.java 2009-04-24 08:34:06.000000000 +0100 +++ openjdk/jdk/src/share/classes/java/net/DatagramSocket.java 2010-03-30 20:52:25.000000000 +0100 @@ -117,6 +117,7 @@ if (address == null) { throw new IllegalArgumentException("connect: null address"); } + checkAddress (address, "connect"); if (isClosed()) return; SecurityManager security = System.getSecurityManager(); @@ -361,13 +362,15 @@ InetSocketAddress epoint = (InetSocketAddress) addr; if (epoint.isUnresolved()) throw new SocketException("Unresolved address"); + InetAddress iaddr = epoint.getAddress(); + int port = epoint.getPort(); + checkAddress(iaddr, "bind"); SecurityManager sec = System.getSecurityManager(); if (sec != null) { - sec.checkListen(epoint.getPort()); + sec.checkListen(port); } try { - getImpl().bind(epoint.getPort(), - epoint.getAddress()); + getImpl().bind(port, iaddr); } catch (SocketException e) { getImpl().close(); throw e; @@ -375,6 +378,15 @@ bound = true; } + void checkAddress (InetAddress addr, String op) { + if (addr == null) { + return; + } + if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) { + throw new IllegalArgumentException(op + ": invalid address type"); + } + } + /** * Connects the socket to a remote address for this socket. When a * socket is connected to a remote address, packets may only be @@ -580,6 +592,7 @@ synchronized (p) { if (isClosed()) throw new SocketException("Socket is closed"); + checkAddress (p.getAddress(), "send"); if (connectState == ST_NOT_CONNECTED) { // check the address is ok wiht the security manager on every send. SecurityManager security = System.getSecurityManager(); diff -Nru openjdk.orig/jdk/src/share/classes/java/net/InetAddress.java openjdk/jdk/src/share/classes/java/net/InetAddress.java --- openjdk.orig/jdk/src/share/classes/java/net/InetAddress.java 2009-04-24 08:34:06.000000000 +0100 +++ openjdk/jdk/src/share/classes/java/net/InetAddress.java 2010-03-30 20:52:25.000000000 +0100 @@ -35,6 +35,7 @@ import java.security.AccessController; import java.io.ObjectStreamException; import java.io.IOException; +import java.io.ObjectInputStream; import sun.security.action.*; import sun.net.InetAddressCachePolicy; import sun.net.util.IPAddressUtil; @@ -1491,6 +1492,23 @@ return impl; } + + private void readObjectNoData (ObjectInputStream s) throws + IOException, ClassNotFoundException { + if (getClass().getClassLoader() != null) { + throw new SecurityException ("invalid address type"); + } + } + + private void readObject (ObjectInputStream s) throws + IOException, ClassNotFoundException { + s.defaultReadObject (); + if (getClass().getClassLoader() != null) { + hostName = null; + address = 0; + throw new SecurityException ("invalid address type"); + } + } } /* diff -Nru openjdk.orig/jdk/src/share/classes/java/net/MulticastSocket.java openjdk/jdk/src/share/classes/java/net/MulticastSocket.java --- openjdk.orig/jdk/src/share/classes/java/net/MulticastSocket.java 2009-04-24 08:34:06.000000000 +0100 +++ openjdk/jdk/src/share/classes/java/net/MulticastSocket.java 2010-03-30 20:52:25.000000000 +0100 @@ -287,6 +287,7 @@ throw new SocketException("Socket is closed"); } + checkAddress(mcastaddr, "joinGroup"); SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkMulticast(mcastaddr); @@ -321,6 +322,7 @@ throw new SocketException("Socket is closed"); } + checkAddress(mcastaddr, "leaveGroup"); SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkMulticast(mcastaddr); @@ -368,6 +370,7 @@ if (oldImpl) throw new UnsupportedOperationException(); + checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "joinGroup"); SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress()); @@ -414,6 +417,7 @@ if (oldImpl) throw new UnsupportedOperationException(); + checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "leaveGroup"); SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress()); @@ -439,6 +443,7 @@ if (isClosed()) { throw new SocketException("Socket is closed"); } + checkAddress(inf, "setInterface"); synchronized (infLock) { getImpl().setOption(SocketOptions.IP_MULTICAST_IF, inf); infAddress = inf; @@ -630,6 +635,7 @@ throws IOException { if (isClosed()) throw new SocketException("Socket is closed"); + checkAddress(p.getAddress(), "send"); synchronized(ttlLock) { synchronized(p) { if (connectState == ST_NOT_CONNECTED) { diff -Nru openjdk.orig/jdk/src/share/classes/java/net/NetworkInterface.java openjdk/jdk/src/share/classes/java/net/NetworkInterface.java --- openjdk.orig/jdk/src/share/classes/java/net/NetworkInterface.java 2010-03-30 20:51:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/java/net/NetworkInterface.java 2010-03-30 20:52:25.000000000 +0100 @@ -278,8 +278,12 @@ * If the specified address is <tt>null</tt>. */ public static NetworkInterface getByInetAddress(InetAddress addr) throws SocketException { - if (addr == null) + if (addr == null) { throw new NullPointerException(); + } + if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) { + throw new IllegalArgumentException ("invalid address type"); + } return getByInetAddress0(addr); } diff -Nru openjdk.orig/jdk/src/share/classes/java/net/Socket.java openjdk/jdk/src/share/classes/java/net/Socket.java --- openjdk.orig/jdk/src/share/classes/java/net/Socket.java 2010-03-30 20:50:59.000000000 +0100 +++ openjdk/jdk/src/share/classes/java/net/Socket.java 2010-03-30 20:53:20.000000000 +0100 @@ -122,6 +122,9 @@ if (p.type() == Proxy.Type.SOCKS) { SecurityManager security = System.getSecurityManager(); InetSocketAddress epoint = (InetSocketAddress) p.address(); + if (epoint.getAddress() != null) { + checkAddress (epoint.getAddress(), "Socket"); + } if (security != null) { if (epoint.isUnresolved()) epoint = new InetSocketAddress(epoint.getHostName(), epoint.getPort()); @@ -526,15 +529,16 @@ throw new IllegalArgumentException("Unsupported address type"); InetSocketAddress epoint = (InetSocketAddress) endpoint; + InetAddress addr = epoint.getAddress (); + int port = epoint.getPort(); + checkAddress(addr, "connect"); SecurityManager security = System.getSecurityManager(); if (security != null) { if (epoint.isUnresolved()) - security.checkConnect(epoint.getHostName(), - epoint.getPort()); + security.checkConnect(epoint.getHostName(), port); else - security.checkConnect(epoint.getAddress().getHostAddress(), - epoint.getPort()); + security.checkConnect(addr.getHostAddress(), port); } if (!created) createImpl(true); @@ -542,10 +546,9 @@ impl.connect(epoint, timeout); else if (timeout == 0) { if (epoint.isUnresolved()) - impl.connect(epoint.getAddress().getHostName(), - epoint.getPort()); + impl.connect(addr.getHostName(), port); else - impl.connect(epoint.getAddress(), epoint.getPort()); + impl.connect(addr, port); } else throw new UnsupportedOperationException("SocketImpl.connect(addr, timeout)"); connected = true; @@ -582,14 +585,25 @@ InetSocketAddress epoint = (InetSocketAddress) bindpoint; if (epoint != null && epoint.isUnresolved()) throw new SocketException("Unresolved address"); - if (bindpoint == null) - getImpl().bind(InetAddress.anyLocalAddress(), 0); - else - getImpl().bind(epoint.getAddress(), - epoint.getPort()); + if (epoint == null) { + epoint = new InetSocketAddress(0); + } + InetAddress addr = epoint.getAddress(); + int port = epoint.getPort(); + checkAddress (addr, "bind"); + getImpl().bind (addr, port); bound = true; } + private void checkAddress (InetAddress addr, String op) { + if (addr == null) { + return; + } + if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) { + throw new IllegalArgumentException(op + ": invalid address type"); + } + } + /** * set the flags after an accept() call. */ diff -Nru openjdk.orig/jdk/src/share/classes/sun/nio/ch/Net.java openjdk/jdk/src/share/classes/sun/nio/ch/Net.java --- openjdk.orig/jdk/src/share/classes/sun/nio/ch/Net.java 2010-03-30 20:51:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/sun/nio/ch/Net.java 2010-03-30 20:52:25.000000000 +0100 @@ -55,6 +55,9 @@ InetSocketAddress isa = (InetSocketAddress)sa; if (isa.isUnresolved()) throw new UnresolvedAddressException(); // ## needs arg + InetAddress addr = isa.getAddress(); + if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) + throw new IllegalArgumentException("Invalid address type"); return isa; }