Mercurial > hg > release > icedtea6-1.6

view patches/security/20100330/6893954.patch @ 1723:d48a4f542e7d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add new security patches and fix srcdir!=builddir issues. 2009-03-30 Andrew John Hughes <ahughes@redhat.com> * patches/icedtea-systemtap.patch: Moved to HotSpot-specific patch tree. * Makefile.am: Add new security patches and add $(HSBUILD) to systemtap patch. Put copied OpenJDK files in openjdk-copy rather than a duplicate rt directory in the build tree. * NEWS: List new security patches. * patches/hotspot/default/systemtap.patch: From patches/icedtea-systemtap.patch. * patches/hotspot/original/icedtea-format.patch, * patches/hotspot/original/systemtap.patch: Added for original HotSpot build. * patches/security/20100330/6626217.patch, * patches/security/20100330/6633872.patch, * patches/security/20100330/6639665.patch, * patches/security/20100330/6736390.patch, * patches/security/20100330/6745393.patch, * patches/security/20100330/6887703.patch, * patches/security/20100330/6888149.patch, * patches/security/20100330/6892265.patch, * patches/security/20100330/6893947.patch, * patches/security/20100330/6893954.patch, * patches/security/20100330/6898622.patch, * patches/security/20100330/6898739.patch, * patches/security/20100330/6899653.patch, * patches/security/20100330/6902299.patch, * patches/security/20100330/6904691.patch, * patches/security/20100330/6909597.patch, * patches/security/20100330/6910590.patch, * patches/security/20100330/6914823.patch, * patches/security/20100330/6914866.patch, * patches/security/20100330/6932480.patch, * patches/security/20100330/hotspot/default/6894807.patch, * patches/security/20100330/hotspot/original/6894807.patch: New security and hardening patches http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
author Andrew John Hughes <ahughes@redhat.com>
date Tue, 30 Mar 2010 23:04:54 +0100
parents
children
line wrap: on
line source

diff -Nru openjdk.orig/jdk/src/share/classes/java/net/DatagramSocket.java openjdk/jdk/src/share/classes/java/net/DatagramSocket.java
--- openjdk.orig/jdk/src/share/classes/java/net/DatagramSocket.java	2009-04-24 08:34:06.000000000 +0100
+++ openjdk/jdk/src/share/classes/java/net/DatagramSocket.java	2010-03-30 20:52:25.000000000 +0100
@@ -117,6 +117,7 @@
         if (address == null) {
             throw new IllegalArgumentException("connect: null address");
         }
+        checkAddress (address, "connect");
         if (isClosed())
             return;
         SecurityManager security = System.getSecurityManager();
@@ -361,13 +362,15 @@
         InetSocketAddress epoint = (InetSocketAddress) addr;
         if (epoint.isUnresolved())
             throw new SocketException("Unresolved address");
+        InetAddress iaddr = epoint.getAddress();
+        int port = epoint.getPort();
+        checkAddress(iaddr, "bind");
         SecurityManager sec = System.getSecurityManager();
         if (sec != null) {
-            sec.checkListen(epoint.getPort());
+            sec.checkListen(port);
         }
         try {
-            getImpl().bind(epoint.getPort(),
-                           epoint.getAddress());
+            getImpl().bind(port, iaddr);
         } catch (SocketException e) {
             getImpl().close();
             throw e;
@@ -375,6 +378,15 @@
         bound = true;
     }
 
+    void checkAddress (InetAddress addr, String op) {
+        if (addr == null) {
+            return;
+        }
+        if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
+            throw new IllegalArgumentException(op + ": invalid address type");
+        }
+    }
+
     /**
      * Connects the socket to a remote address for this socket. When a
      * socket is connected to a remote address, packets may only be
@@ -580,6 +592,7 @@
         synchronized (p) {
             if (isClosed())
                 throw new SocketException("Socket is closed");
+	    checkAddress (p.getAddress(), "send");
             if (connectState == ST_NOT_CONNECTED) {
                 // check the address is ok wiht the security manager on every send.
                 SecurityManager security = System.getSecurityManager();
diff -Nru openjdk.orig/jdk/src/share/classes/java/net/InetAddress.java openjdk/jdk/src/share/classes/java/net/InetAddress.java
--- openjdk.orig/jdk/src/share/classes/java/net/InetAddress.java	2009-04-24 08:34:06.000000000 +0100
+++ openjdk/jdk/src/share/classes/java/net/InetAddress.java	2010-03-30 20:52:25.000000000 +0100
@@ -35,6 +35,7 @@
 import java.security.AccessController;
 import java.io.ObjectStreamException;
 import java.io.IOException;
+import java.io.ObjectInputStream;
 import sun.security.action.*;
 import sun.net.InetAddressCachePolicy;
 import sun.net.util.IPAddressUtil;
@@ -1491,6 +1492,23 @@
 
         return impl;
     }
+
+    private void readObjectNoData (ObjectInputStream s) throws
+                         IOException, ClassNotFoundException {
+        if (getClass().getClassLoader() != null) {
+            throw new SecurityException ("invalid address type");
+        }
+    }
+
+    private void readObject (ObjectInputStream s) throws
+                         IOException, ClassNotFoundException {
+        s.defaultReadObject ();
+        if (getClass().getClassLoader() != null) {
+            hostName = null;
+            address = 0;
+            throw new SecurityException ("invalid address type");
+        }
+    }
 }
 
 /*
diff -Nru openjdk.orig/jdk/src/share/classes/java/net/MulticastSocket.java openjdk/jdk/src/share/classes/java/net/MulticastSocket.java
--- openjdk.orig/jdk/src/share/classes/java/net/MulticastSocket.java	2009-04-24 08:34:06.000000000 +0100
+++ openjdk/jdk/src/share/classes/java/net/MulticastSocket.java	2010-03-30 20:52:25.000000000 +0100
@@ -287,6 +287,7 @@
             throw new SocketException("Socket is closed");
         }
 
+        checkAddress(mcastaddr, "joinGroup");
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
             security.checkMulticast(mcastaddr);
@@ -321,6 +322,7 @@
             throw new SocketException("Socket is closed");
         }
 
+        checkAddress(mcastaddr, "leaveGroup");
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
             security.checkMulticast(mcastaddr);
@@ -368,6 +370,7 @@
         if (oldImpl)
             throw new UnsupportedOperationException();
 
+        checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "joinGroup");
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
             security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress());
@@ -414,6 +417,7 @@
         if (oldImpl)
             throw new UnsupportedOperationException();
 
+        checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "leaveGroup");
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
             security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress());
@@ -439,6 +443,7 @@
         if (isClosed()) {
             throw new SocketException("Socket is closed");
         }
+        checkAddress(inf, "setInterface");
         synchronized (infLock) {
             getImpl().setOption(SocketOptions.IP_MULTICAST_IF, inf);
             infAddress = inf;
@@ -630,6 +635,7 @@
         throws IOException {
             if (isClosed())
                 throw new SocketException("Socket is closed");
+            checkAddress(p.getAddress(), "send");
             synchronized(ttlLock) {
                 synchronized(p) {
                     if (connectState == ST_NOT_CONNECTED) {
diff -Nru openjdk.orig/jdk/src/share/classes/java/net/NetworkInterface.java openjdk/jdk/src/share/classes/java/net/NetworkInterface.java
--- openjdk.orig/jdk/src/share/classes/java/net/NetworkInterface.java	2010-03-30 20:51:15.000000000 +0100
+++ openjdk/jdk/src/share/classes/java/net/NetworkInterface.java	2010-03-30 20:52:25.000000000 +0100
@@ -278,8 +278,12 @@
      *          If the specified address is <tt>null</tt>.
      */
     public static NetworkInterface getByInetAddress(InetAddress addr) throws SocketException {
-        if (addr == null)
+        if (addr == null) {
             throw new NullPointerException();
+        }
+        if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
+            throw new IllegalArgumentException ("invalid address type");
+        }
         return getByInetAddress0(addr);
     }
 
diff -Nru openjdk.orig/jdk/src/share/classes/java/net/Socket.java openjdk/jdk/src/share/classes/java/net/Socket.java
--- openjdk.orig/jdk/src/share/classes/java/net/Socket.java	2010-03-30 20:50:59.000000000 +0100
+++ openjdk/jdk/src/share/classes/java/net/Socket.java	2010-03-30 20:53:20.000000000 +0100
@@ -122,6 +122,9 @@
         if (p.type() == Proxy.Type.SOCKS) {
             SecurityManager security = System.getSecurityManager();
             InetSocketAddress epoint = (InetSocketAddress) p.address();
+            if (epoint.getAddress() != null) {
+                checkAddress (epoint.getAddress(), "Socket");
+            }
             if (security != null) {
                 if (epoint.isUnresolved())
                     epoint = new InetSocketAddress(epoint.getHostName(), epoint.getPort());
@@ -526,15 +529,16 @@
             throw new IllegalArgumentException("Unsupported address type");
 
         InetSocketAddress epoint = (InetSocketAddress) endpoint;
+        InetAddress addr = epoint.getAddress ();
+        int port = epoint.getPort();
+        checkAddress(addr, "connect");
 
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
             if (epoint.isUnresolved())
-                security.checkConnect(epoint.getHostName(),
-                                      epoint.getPort());
+                security.checkConnect(epoint.getHostName(), port);
             else
-                security.checkConnect(epoint.getAddress().getHostAddress(),
-                                      epoint.getPort());
+                security.checkConnect(addr.getHostAddress(), port);
         }
         if (!created)
             createImpl(true);
@@ -542,10 +546,9 @@
             impl.connect(epoint, timeout);
         else if (timeout == 0) {
             if (epoint.isUnresolved())
-                impl.connect(epoint.getAddress().getHostName(),
-                             epoint.getPort());
+                impl.connect(addr.getHostName(), port);
             else
-                impl.connect(epoint.getAddress(), epoint.getPort());
+                impl.connect(addr, port);
         } else
             throw new UnsupportedOperationException("SocketImpl.connect(addr, timeout)");
         connected = true;
@@ -582,14 +585,25 @@
         InetSocketAddress epoint = (InetSocketAddress) bindpoint;
         if (epoint != null && epoint.isUnresolved())
             throw new SocketException("Unresolved address");
-        if (bindpoint == null)
-            getImpl().bind(InetAddress.anyLocalAddress(), 0);
-        else
-            getImpl().bind(epoint.getAddress(),
-                           epoint.getPort());
+        if (epoint == null) {
+            epoint = new InetSocketAddress(0);
+        }
+        InetAddress addr = epoint.getAddress();
+        int port = epoint.getPort();
+        checkAddress (addr, "bind");
+        getImpl().bind (addr, port);
         bound = true;
     }
 
+    private void checkAddress (InetAddress addr, String op) {
+        if (addr == null) {
+            return;
+        }
+        if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
+            throw new IllegalArgumentException(op + ": invalid address type");
+        }
+    }
+
     /**
      * set the flags after an accept() call.
      */
diff -Nru openjdk.orig/jdk/src/share/classes/sun/nio/ch/Net.java openjdk/jdk/src/share/classes/sun/nio/ch/Net.java
--- openjdk.orig/jdk/src/share/classes/sun/nio/ch/Net.java	2010-03-30 20:51:15.000000000 +0100
+++ openjdk/jdk/src/share/classes/sun/nio/ch/Net.java	2010-03-30 20:52:25.000000000 +0100
@@ -55,6 +55,9 @@
         InetSocketAddress isa = (InetSocketAddress)sa;
         if (isa.isUnresolved())
             throw new UnresolvedAddressException(); // ## needs arg
+        InetAddress addr = isa.getAddress();
+        if (!(addr instanceof Inet4Address || addr instanceof Inet6Address))
+            throw new IllegalArgumentException("Invalid address type");
         return isa;
     }