Mercurial > hg > release > icedtea6-1.9

view patches/security/20111018/7096936.patch @ 2352:941103576384

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add first batch of security patches. S7000600, CVE-2011-3547: InputStream skip() information leak S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine S7055902, CVE-2011-3521: IIOP deserialization code execution S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks S7064341, CVE-2011-3389: JSSE S7070134, CVE-2011-3558: Hotspot unspecified issue S7077466, CVE-2011-3556: RMI DGC server remote code execution S7083012, CVE-2011-3557: RMI registry privileged code execution S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection 2011-10-13 Andrew John Hughes <ahughes@redhat.com> * Makefile.am: Add patches. * NEWS: List security updates. * patches/icedtea-rhino.patch: Change after 7046823 is applied. * patches/security/20111018/7000600.patch, * patches/security/20111018/7019773.patch, * patches/security/20111018/7023640.patch, * patches/security/20111018/7032417.patch, * patches/security/20111018/7046823.patch, * patches/security/20111018/7055902.patch, * patches/security/20111018/7057857.patch, * patches/security/20111018/7064341.patch, * patches/security/20111018/7070134.patch, * patches/security/20111018/7083012.patch, * patches/security/20111018/7096936.patch: First batch of security patches.
author Andrew John Hughes <ahughes@redhat.com>
date Thu, 13 Oct 2011 15:04:46 +0100
parents
children
line wrap: on
line source

# HG changeset patch
# User coffeys
# Date 1317840677 -3600
# Node ID 4a17cd579c2b59a955e2dc7069e4c65778a3b47a
# Parent  9a4fc5068e5f2d8e04facd272cc17900f54ef00c
7096936: issue in jsse/runtime
Reviewed-by: xuelei, wetmore

diff --git a/src/share/classes/com/sun/net/ssl/HttpsURLConnection.java b/src/share/classes/com/sun/net/ssl/HttpsURLConnection.java
--- openjdk/jdk/src/share/classes/com/sun/net/ssl/HttpsURLConnection.java
+++ openjdk/jdk/src/share/classes/com/sun/net/ssl/HttpsURLConnection.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -179,6 +179,12 @@ class HttpsURLConnection extends HttpURL
             throw new IllegalArgumentException(
                 "no SSLSocketFactory specified");
         }
+
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkSetFactory();
+        }
+
         sslSocketFactory = sf;
     }
 
diff --git a/src/share/classes/javax/net/ssl/HttpsURLConnection.java b/src/share/classes/javax/net/ssl/HttpsURLConnection.java
--- openjdk/jdk/src/share/classes/javax/net/ssl/HttpsURLConnection.java
+++ openjdk/jdk/src/share/classes/javax/net/ssl/HttpsURLConnection.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -368,6 +368,10 @@ class HttpsURLConnection extends HttpURL
                 "no SSLSocketFactory specified");
         }
 
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkSetFactory();
+        }
         sslSocketFactory = sf;
     }