Mercurial > hg > release > icedtea7-forest-2.1 > jdk
changeset 4901:02cba1c3572a
8007467: Improve robustness of JMX internal APIs
Reviewed-by: dfuchs, mchung, skoivu
author | sjiang |
---|---|
date | Tue, 19 Mar 2013 18:45:19 +0100 |
parents | b4d1ed547a75 |
children | d22aa05d0e4c |
files | src/share/classes/com/sun/jmx/mbeanserver/ConvertingMethod.java src/share/classes/com/sun/jmx/mbeanserver/DefaultMXBeanMappingFactory.java src/share/classes/com/sun/jmx/mbeanserver/StandardMBeanIntrospector.java src/share/classes/javax/management/openmbean/CompositeDataInvocationHandler.java src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java |
diffstat | 5 files changed, 26 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/jmx/mbeanserver/ConvertingMethod.java Fri Apr 05 15:39:25 2013 +0530 +++ b/src/share/classes/com/sun/jmx/mbeanserver/ConvertingMethod.java Tue Mar 19 18:45:19 2013 +0100 @@ -33,6 +33,7 @@ import javax.management.MBeanException; import javax.management.openmbean.OpenDataException; import javax.management.openmbean.OpenType; +import sun.reflect.misc.MethodUtil; final class ConvertingMethod { static ConvertingMethod from(Method m) { @@ -189,7 +190,7 @@ "from open values: " + e; throw new MBeanException(e, msg); } - final Object javaReturn = method.invoke(obj, javaParams); + final Object javaReturn = MethodUtil.invoke(method, obj, javaParams); try { return returnMapping.toOpenValue(javaReturn); } catch (OpenDataException e) {
--- a/src/share/classes/com/sun/jmx/mbeanserver/DefaultMXBeanMappingFactory.java Fri Apr 05 15:39:25 2013 +0530 +++ b/src/share/classes/com/sun/jmx/mbeanserver/DefaultMXBeanMappingFactory.java Tue Mar 19 18:45:19 2013 +0100 @@ -73,6 +73,8 @@ import javax.management.openmbean.TabularData; import javax.management.openmbean.TabularDataSupport; import javax.management.openmbean.TabularType; +import sun.reflect.misc.MethodUtil; +import sun.reflect.misc.ReflectUtil; /** * <p>A converter between Java types and the limited set of classes @@ -298,6 +300,7 @@ private static <T extends Enum<T>> MXBeanMapping makeEnumMapping(Class<?> enumClass, Class<T> fake) { + ReflectUtil.checkPackageAccess(enumClass); return new EnumMapping<T>(Util.<Class<T>>cast(enumClass)); } @@ -422,6 +425,7 @@ (c.getName().equals("com.sun.management.GcInfo") && c.getClassLoader() == null); + ReflectUtil.checkPackageAccess(c); final List<Method> methods = MBeanAnalyzer.eliminateCovariantMethods(Arrays.asList(c.getMethods())); final SortedMap<String,Method> getterMap = newSortedMap(); @@ -827,7 +831,7 @@ Object[] values = new Object[getters.length]; for (int i = 0; i < getters.length; i++) { try { - Object got = getters[i].invoke(value, (Object[]) null); + Object got = MethodUtil.invoke(getters[i], value, (Object[]) null); values[i] = getterMappings[i].toOpenValue(got); } catch (Exception e) { throw openDataException("Error calling getter for " + @@ -1010,7 +1014,7 @@ MXBeanMapping[] converters) throws InvalidObjectException { try { - return fromMethod.invoke(null, cd); + return MethodUtil.invoke(fromMethod, null, new Object[] {cd}); } catch (Exception e) { final String msg = "Failed to invoke from(CompositeData)"; throw invalidObjectException(msg, e); @@ -1106,13 +1110,15 @@ throws InvalidObjectException { Object o; try { - o = getTargetClass().newInstance(); + final Class<?> targetClass = getTargetClass(); + ReflectUtil.checkPackageAccess(targetClass); + o = targetClass.newInstance(); for (int i = 0; i < itemNames.length; i++) { if (cd.containsKey(itemNames[i])) { Object openItem = cd.get(itemNames[i]); Object javaItem = converters[i].fromOpenValue(openItem); - setters[i].invoke(o, javaItem); + MethodUtil.invoke(setters[i], o, new Object[] {javaItem}); } } } catch (Exception e) { @@ -1321,6 +1327,7 @@ } try { + ReflectUtil.checkPackageAccess(max.constructor.getDeclaringClass()); return max.constructor.newInstance(params); } catch (Exception e) { final String msg =
--- a/src/share/classes/com/sun/jmx/mbeanserver/StandardMBeanIntrospector.java Fri Apr 05 15:39:25 2013 +0530 +++ b/src/share/classes/com/sun/jmx/mbeanserver/StandardMBeanIntrospector.java Tue Mar 19 18:45:19 2013 +0100 @@ -38,6 +38,7 @@ import javax.management.NotCompliantMBeanException; import javax.management.NotificationBroadcaster; import javax.management.NotificationBroadcasterSupport; +import sun.reflect.misc.MethodUtil; /** * @since 1.6 @@ -108,7 +109,7 @@ Object invokeM2(Method m, Object target, Object[] args, Object cookie) throws InvocationTargetException, IllegalAccessException, MBeanException { - return m.invoke(target, args); + return MethodUtil.invoke(m, target, args); } @Override
--- a/src/share/classes/javax/management/openmbean/CompositeDataInvocationHandler.java Fri Apr 05 15:39:25 2013 +0530 +++ b/src/share/classes/javax/management/openmbean/CompositeDataInvocationHandler.java Tue Mar 19 18:45:19 2013 +0100 @@ -174,6 +174,8 @@ the only non-final methods in Object that are not handled above are finalize and clone, and these are not overridden in generated proxies. */ + // this plain Method.invoke is called only if the declaring class + // is Object and so it's safe. return method.invoke(this, args); } }
--- a/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java Fri Apr 05 15:39:25 2013 +0530 +++ b/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java Tue Mar 19 18:45:19 2013 +0100 @@ -45,6 +45,9 @@ import javax.management.ImmutableDescriptor; import javax.management.MBeanAttributeInfo; import com.sun.jmx.remote.util.EnvHelp; +import sun.reflect.misc.ConstructorUtil; +import sun.reflect.misc.MethodUtil; +import sun.reflect.misc.ReflectUtil; /** * Describes an attribute of an open MBean. @@ -690,6 +693,7 @@ private static <T> T convertFromString(String s, OpenType<T> openType) { Class<T> c; try { + ReflectUtil.checkPackageAccess(openType.safeGetClassName()); c = cast(Class.forName(openType.safeGetClassName())); } catch (ClassNotFoundException e) { throw new NoClassDefFoundError(e.toString()); // can't happen @@ -698,6 +702,8 @@ // Look for: public static T valueOf(String) Method valueOf; try { + // It is safe to call this plain Class.getMethod because the class "c" + // was checked before by ReflectUtil.checkPackageAccess(openType.safeGetClassName()); valueOf = c.getMethod("valueOf", String.class); if (!Modifier.isStatic(valueOf.getModifiers()) || valueOf.getReturnType() != c) @@ -707,7 +713,7 @@ } if (valueOf != null) { try { - return c.cast(valueOf.invoke(null, s)); + return c.cast(MethodUtil.invoke(valueOf, null, new Object[] {s})); } catch (Exception e) { final String msg = "Could not convert \"" + s + "\" using method: " + valueOf; @@ -718,6 +724,8 @@ // Look for: public T(String) Constructor<T> con; try { + // It is safe to call this plain Class.getConstructor because the class "c" + // was checked before by ReflectUtil.checkPackageAccess(openType.safeGetClassName()); con = c.getConstructor(String.class); } catch (NoSuchMethodException e) { con = null;