Mercurial > hg > release > icedtea6-1.8

view patches/security/20110215/6981922.patch @ 2135:ad0f435608c3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add security updates from Oracle SSR. S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption S6907662, CVE-2010-4465: Swing timer-based security manager bypass S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries S6985453, CVE-2010-4471: Java2D font-related system property leak 2011-02-09 Andrew John Hughes <ahughes@redhat.com> * Makefile.am: Add new patches. * NEWS: Updated. * patches/icedtea-nio2.patch: Rejigged. * patches/security/20110215/6878713.patch, * patches/security/20110215/6907662.patch, * patches/security/20110215/6981922.patch, * patches/security/20110215/6983554.patch, * patches/security/20110215/6994263.patch, * patches/security/20110215/6985453.patch: Security updates from Oracle SSR.
author Andrew John Hughes <ahughes@redhat.com>
date Thu, 10 Feb 2011 08:34:04 +0000
parents
children
line wrap: on
line source

# HG changeset patch
# User michaelm
# Date 1296485276 28800
# Node ID 1da22d47056eebecb9aec43c8d79c0f9f54ff04b
# Parent  0933d8b8547a6c657b4d4f636ac6b94e70bb2e40
6981922: DNS cache poisoning by untrusted applets
Reviewed-by: chegar

diff --git a/make/sun/net/FILES_java.gmk b/make/sun/net/FILES_java.gmk
--- openjdk/jdk/make/sun/net/FILES_java.gmk
+++ openjdk/jdk/make/sun/net/FILES_java.gmk
@@ -34,6 +34,7 @@ FILES_java = \
 	sun/net/ProgressEvent.java \
 	sun/net/ProgressListener.java \
 	sun/net/ProgressMeteringPolicy.java \
+	sun/net/ResourceManager.java \
 	sun/net/TelnetInputStream.java \
 	sun/net/TelnetOutputStream.java \
 	sun/net/TelnetProtocolException.java \
diff --git a/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java b/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
--- openjdk/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
+++ openjdk/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
@@ -28,6 +28,7 @@ import java.io.IOException;
 import java.io.IOException;
 import java.io.InterruptedIOException;
 import java.util.Enumeration;
+import sun.net.ResourceManager;
 
 /**
  * Abstract datagram and multicast socket implementation base class.
@@ -65,8 +66,15 @@ abstract class AbstractPlainDatagramSock
      * Creates a datagram socket
      */
     protected synchronized void create() throws SocketException {
+        ResourceManager.beforeUdpCreate();
         fd = new FileDescriptor();
-        datagramSocketCreate();
+        try {
+            datagramSocketCreate();
+        } catch (SocketException ioe) {
+            ResourceManager.afterUdpClose();
+            fd = null;
+            throw ioe;
+        }
     }
 
     /**
@@ -211,6 +219,7 @@ abstract class AbstractPlainDatagramSock
     protected void close() {
         if (fd != null) {
             datagramSocketClose();
+            ResourceManager.afterUdpClose();
             fd = null;
         }
     }
diff --git a/src/share/classes/java/net/AbstractPlainSocketImpl.java b/src/share/classes/java/net/AbstractPlainSocketImpl.java
--- openjdk/jdk/src/share/classes/java/net/AbstractPlainSocketImpl.java
+++ openjdk/jdk/src/share/classes/java/net/AbstractPlainSocketImpl.java
@@ -33,6 +33,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.ByteArrayOutputStream;
 
 import sun.net.ConnectionResetException;
+import sun.net.ResourceManager;
 
 /**
  * Default Socket Implementation. This implementation does
@@ -69,6 +70,10 @@ abstract class AbstractPlainSocketImpl e
     private int resetState;
     private Object resetLock = new Object();
 
+   /* whether this Socket is a stream (TCP) socket or not (UDP)
+    */
+    private boolean stream;
+
     /**
      * Load net library into runtime.
      */
@@ -83,7 +88,19 @@ abstract class AbstractPlainSocketImpl e
      */
     protected synchronized void create(boolean stream) throws IOException {
         fd = new FileDescriptor();
-        socketCreate(stream);
+        this.stream = stream;
+        if (!stream) {
+            ResourceManager.beforeUdpCreate();
+            try {
+                socketCreate(false);
+            } catch (IOException ioe) {
+                ResourceManager.afterUdpClose();
+                fd = null;
+                throw ioe;
+            }
+        } else {
+            socketCreate(true);
+        }
         if (socket != null)
             socket.setCreated();
         if (serverSocket != null)
@@ -458,6 +475,9 @@ abstract class AbstractPlainSocketImpl e
     protected void close() throws IOException {
         synchronized(fdLock) {
             if (fd != null) {
+                if (!stream) {
+                    ResourceManager.afterUdpClose();
+                }
                 if (fdUseCount == 0) {
                     if (closePending) {
                         return;
diff --git a/src/share/classes/sun/net/ResourceManager.java b/src/share/classes/sun/net/ResourceManager.java
new file mode 100644
--- /dev/null
+++ openjdk/jdk/src/share/classes/sun/net/ResourceManager.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.net;
+
+import java.net.SocketException;
+import java.util.concurrent.atomic.AtomicInteger;
+import sun.security.action.GetPropertyAction;
+
+/**
+ * Manages count of total number of UDP sockets and ensures
+ * that exception is thrown if we try to create more than the
+ * configured limit.
+ *
+ * This functionality could be put in NetHooks some time in future.
+ */
+
+public class ResourceManager {
+
+    /* default maximum number of udp sockets per VM
+     * when a security manager is enabled.
+     * The default is 1024 which is high enough to be useful
+     * but low enough to be well below the maximum number
+     * of port numbers actually available on all OSes for
+     * such sockets (5000 on some versions of windows)
+     */
+
+    private static final int DEFAULT_MAX_SOCKETS = 1024;
+    private static final int maxSockets;
+    private static final AtomicInteger numSockets;
+
+    static {
+        String prop = java.security.AccessController.doPrivileged(
+            new GetPropertyAction("sun.net.maxDatagramSockets")
+        );
+        int defmax = DEFAULT_MAX_SOCKETS;
+        try {
+            if (prop != null) {
+                defmax = Integer.parseInt(prop);
+            }
+        } catch (NumberFormatException e) {}
+        maxSockets = defmax;
+        numSockets = new AtomicInteger(0);
+    }
+
+    public static void beforeUdpCreate() throws SocketException {
+        if (System.getSecurityManager() != null) {
+            if (numSockets.incrementAndGet() > maxSockets) {
+                numSockets.decrementAndGet();
+                throw new SocketException("maximum number of DatagramSockets reached");
+            }
+        }
+    }
+
+    public static void afterUdpClose() {
+        if (System.getSecurityManager() != null) {
+            numSockets.decrementAndGet();
+        }
+    }
+}
diff --git a/src/share/classes/sun/nio/ch/DatagramChannelImpl.java b/src/share/classes/sun/nio/ch/DatagramChannelImpl.java
--- openjdk/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java
+++ openjdk/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java
@@ -32,6 +32,7 @@ import java.nio.channels.*;
 import java.nio.channels.*;
 import java.nio.channels.spi.*;
 import java.lang.ref.SoftReference;
+import sun.net.ResourceManager;
 
 
 /**
@@ -98,9 +99,15 @@ class DatagramChannelImpl
         throws IOException
     {
         super(sp);
-        this.fd = Net.socket(false);
-        this.fdVal = IOUtil.fdVal(fd);
-        this.state = ST_UNCONNECTED;
+        ResourceManager.beforeUdpCreate();
+        try {
+            this.fd = Net.socket(false);
+            this.fdVal = IOUtil.fdVal(fd);
+            this.state = ST_UNCONNECTED;
+        } catch (IOException ioe) {
+            ResourceManager.afterUdpClose();
+            throw ioe;
+        }
     }
 
     public DatagramChannelImpl(SelectorProvider sp, FileDescriptor fd)
@@ -587,6 +594,7 @@ class DatagramChannelImpl
     protected void implCloseSelectableChannel() throws IOException {
         synchronized (stateLock) {
             nd.preClose(fd);
+            ResourceManager.afterUdpClose();
             long th;
             if ((th = readerThread) != 0)
                 NativeThread.signal(th);
diff --git a/src/share/classes/sun/nio/ch/Net.java b/src/share/classes/sun/nio/ch/Net.java
--- openjdk/jdk/src/share/classes/sun/nio/ch/Net.java
+++ openjdk/jdk/src/share/classes/sun/nio/ch/Net.java
@@ -111,7 +111,7 @@ class Net {                             
 
     // -- Socket operations --
 
-    static FileDescriptor socket(boolean stream) {
+    static FileDescriptor socket(boolean stream) throws IOException {
         return IOUtil.newFD(socket0(stream, false));
     }