Mercurial > hg > release > icedtea6-1.9
view patches/security/20111018/7046823.patch @ 2352:941103576384
Add first batch of security patches.
S7000600, CVE-2011-3547: InputStream skip() information leak
S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager
S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
S7055902, CVE-2011-3521: IIOP deserialization code execution
S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
S7064341, CVE-2011-3389: JSSE
S7070134, CVE-2011-3558: Hotspot unspecified issue
S7077466, CVE-2011-3556: RMI DGC server remote code execution
S7083012, CVE-2011-3557: RMI registry privileged code execution
S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
2011-10-13 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am: Add patches.
* NEWS: List security updates.
* patches/icedtea-rhino.patch: Change
after 7046823 is applied.
* patches/security/20111018/7000600.patch,
* patches/security/20111018/7019773.patch,
* patches/security/20111018/7023640.patch,
* patches/security/20111018/7032417.patch,
* patches/security/20111018/7046823.patch,
* patches/security/20111018/7055902.patch,
* patches/security/20111018/7057857.patch,
* patches/security/20111018/7064341.patch,
* patches/security/20111018/7070134.patch,
* patches/security/20111018/7083012.patch,
* patches/security/20111018/7096936.patch:
First batch of security patches.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Thu, 13 Oct 2011 15:04:46 +0100 |
parents | |
children |
line wrap: on
line source
diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2010-06-21 22:15:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2011-10-13 00:09:54.314773784 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import sun.org.mozilla.javascript.internal.*; import java.lang.reflect.Method; import java.io.*; +import java.security.*; import java.util.*; @@ -45,6 +46,8 @@ private static final boolean DEBUG = false; + private AccessControlContext accCtxt; + /* Scope where standard JavaScript objects and our * extensions to it are stored. Note that these are not * user defined engine level global variables. These are @@ -63,6 +66,10 @@ static { ContextFactory.initGlobal(new ContextFactory() { + /** + * Create new Context instance to be associated with the current thread. + */ + @Override protected Context makeContext() { Context cx = super.makeContext(); cx.setClassShutter(RhinoClassShutter.getInstance()); @@ -70,6 +77,41 @@ return cx; } + + /** + * Execute top call to script or function. When the runtime is about to + * execute a script or function that will create the first stack frame + * with scriptable code, it calls this method to perform the real call. + * In this way execution of any script happens inside this function. + */ + @Override + protected Object doTopCall(final Callable callable, + final Context cx, final Scriptable scope, + final Scriptable thisObj, final Object[] args) { + AccessControlContext accCtxt = null; + Scriptable global = ScriptableObject.getTopLevelScope(scope); + Scriptable globalProto = global.getPrototype(); + if (globalProto instanceof RhinoTopLevel) { + accCtxt = ((RhinoTopLevel)globalProto).getAccessContext(); + } + + if (accCtxt != null) { + return AccessController.doPrivileged(new PrivilegedAction<Object>() { + public Object run() { + return superDoTopCall(callable, cx, scope, thisObj, args); + } + }, accCtxt); + } else { + return superDoTopCall(callable, cx, scope, thisObj, args); + } + } + + private Object superDoTopCall(Callable callable, + Context cx, Scriptable scope, + Scriptable thisObj, Object[] args) { + return super.doTopCall(callable, cx, scope, thisObj, args); + } + public boolean hasFeature(Context cx, int feature) { // we do not support E4X (ECMAScript for XML)! if (feature == Context.FEATURE_E4X) { @@ -87,6 +129,10 @@ */ public RhinoScriptEngine() { + if (System.getSecurityManager() != null) { + accCtxt = AccessController.getContext(); + } + Context cx = enterContext(); try { topLevel = new RhinoTopLevel(cx, this); @@ -314,6 +360,10 @@ factory = fac; } + AccessControlContext getAccessContext() { + return accCtxt; + } + Object[] wrapArguments(Object[] args) { if (args == null) { return Context.emptyArgs; diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java --- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2010-06-21 22:15:15.000000000 +0100 +++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2011-10-13 00:10:22.419234150 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ package com.sun.script.javascript; import sun.org.mozilla.javascript.internal.*; +import java.security.AccessControlContext; import javax.script.*; /** @@ -47,7 +48,10 @@ "var org = Packages.org; \n"; RhinoTopLevel(Context cx, RhinoScriptEngine engine) { - super(cx); + // second boolean parameter to super constructor tells whether + // to seal standard JavaScript objects or not. If security manager + // is present, we seal the standard objects. + super(cx, System.getSecurityManager() != null); this.engine = engine; @@ -164,5 +168,9 @@ return engine; } + AccessControlContext getAccessContext() { + return engine.getAccessContext(); + } + private RhinoScriptEngine engine; }