Mercurial > hg > release > icedtea6-1.7
view patches/openjdk/6691503-malicious-applet-always-on-top.patch @ 2046:d780d2efc830
Fix for security exceptions when JPopupMenu sets always on top.
author | Denis Lila <dlila@redhat.com> |
---|---|
date | Wed, 23 Feb 2011 14:00:24 -0500 |
parents | |
children |
line wrap: on
line source
diff -r dd66920b2d51 src/share/classes/javax/swing/Popup.java --- openjdk.orig/jdk/src/share/classes/javax/swing/Popup.java Fri Apr 18 18:21:02 2008 +0400 +++ openjdk/jdk/src/share/classes/javax/swing/Popup.java Wed Feb 23 13:50:58 2011 -0500 @@ -1,12 +1,12 @@ /* - * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved. + * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Sun designates this + * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided - * by Sun in the LICENSE file that accompanied this code. + * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or @@ -18,9 +18,9 @@ * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * - * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. */ package javax.swing; @@ -229,14 +229,15 @@ // Popups are typically transient and most likely won't benefit // from true double buffering. Turn it off here. getRootPane().setUseTrueDoubleBuffering(false); - java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<Object>() { - public Object run() { - setAlwaysOnTop(true); - return null; - } - } - ); + // Try to set "always-on-top" for the popup window. + // Applets usually don't have sufficient permissions to do it. + // In this case simply ignore the exception. + try { + setAlwaysOnTop(true); + } catch (SecurityException se) { + // setAlwaysOnTop is restricted, + // the exception is ignored + } } public void update(Graphics g) { diff -r dd66920b2d51 test/javax/swing/JPopupMenu/6691503/bug6691503.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ openjdk/jdk/test/javax/swing/JPopupMenu/6691503/bug6691503.java Wed Feb 23 13:50:58 2011 -0500 @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 6691503 + * @summary Checks that there is no opportunity for a malicious applet + * to show a popup menu which has whole screen size. + * a heaviweight popup menu is shown from an applet. + * @author Mikhail Lapshin + * @run main bug6691503 + */ + +import sun.awt.SunToolkit; + +import javax.swing.*; +import java.awt.*; + +public class bug6691503 { + private JPopupMenu popupMenu; + private JFrame frame; + private boolean isAlwaysOnTop1 = false; + private boolean isAlwaysOnTop2 = true; + + public static void main(String[] args) { + bug6691503 test = new bug6691503(); + test.setupUI(); + test.testApplication(); + test.testApplet(); + test.checkResult(); + test.stopEDT(); + } + + private void setupUI() { + SwingUtilities.invokeLater(new Runnable() { + public void run() { + frame = new JFrame(); + frame.setVisible(true); + popupMenu = new JPopupMenu(); + JMenuItem click = new JMenuItem("Click"); + popupMenu.add(click); + } + }); + } + + private void testApplication() { + SwingUtilities.invokeLater(new Runnable() { + public void run() { + popupMenu.show(frame, 0, 0); + Window popupWindow = (Window) + (popupMenu.getParent().getParent().getParent().getParent()); + isAlwaysOnTop1 = popupWindow.isAlwaysOnTop(); + System.out.println( + "Application: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop1); + popupMenu.setVisible(false); + } + }); + } + + private void testApplet() { + SwingUtilities.invokeLater(new Runnable() { + public void run() { + System.setSecurityManager(new SecurityManager()); + popupMenu.show(frame, 0, 0); + Window popupWindow = (Window) + (popupMenu.getParent().getParent().getParent().getParent()); + isAlwaysOnTop2 = popupWindow.isAlwaysOnTop(); + System.out.println( + "Applet: popupWindow.isAlwaysOnTop() = " + isAlwaysOnTop2); + popupMenu.setVisible(false); + } + }); + } + + private void checkResult() { + ((SunToolkit)(Toolkit.getDefaultToolkit())).realSync(); + if (!isAlwaysOnTop1 || isAlwaysOnTop2) { + throw new RuntimeException("Malicious applet can show always-on-top " + + "popup menu which has whole screen size"); + } + System.out.println("Test passed"); + } + + private void stopEDT() { + SwingUtilities.invokeLater(new Runnable() { + public void run() { + frame.dispose(); + } + }); + } +} + +