Mercurial > hg > release > icedtea7-forest-2.6 > jdk

changeset 9924:269d16463fb2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8227542: Manifest improved jar headers Reviewed-by: andrew
author mbalao
date Thu, 14 Nov 2019 15:06:11 -0800
parents 1ca2034e7079
children bf7ec0e106be
files src/share/classes/java/lang/instrument/package.html src/share/instrument/InvocationAdapter.c
diffstat 2 files changed, 29 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/lang/instrument/package.html	Tue Oct 29 14:07:27 2019 -0700
+++ b/src/share/classes/java/lang/instrument/package.html	Thu Nov 14 15:06:11 2019 -0800
@@ -38,6 +38,13 @@
 Provides services that allow Java programming language agents to instrument programs running on the JVM. 
 The mechanism for instrumentation is modification of the byte-codes of methods.
 
+<P>
+Note: developers/admininstrators are responsible for verifying the trustworthiness of
+content and structure of the Java Agents they deploy, since those are able to arbitrarily
+transform the bytecode from other JAR files. Since that happens after the Jars containing
+the bytecode have been verified as trusted, the trustworthiness of a Java Agent can determine
+the trust towards the entire program.
+
 <h2>Package Specification</h2>
 
 <P> 
--- a/src/share/instrument/InvocationAdapter.c	Tue Oct 29 14:07:27 2019 -0700
+++ b/src/share/instrument/InvocationAdapter.c	Thu Nov 14 15:06:11 2019 -0800
@@ -203,6 +203,17 @@
          */
         oldLen = (int)strlen(premainClass);
         newLen = modifiedUtf8LengthOfUtf8(premainClass, oldLen);
+        /*
+         * According to JVMS class name is represented as CONSTANT_Utf8_info,
+         * so its length is u2 (i.e. must be <= 0xFFFF).
+         */
+        if (newLen > 0xFFFF) {
+            fprintf(stderr, "-javaagent: Premain-Class value is too big\n");
+            free(jarfile);
+            if (options != NULL) free(options);
+            freeAttributes(attributes);
+            return JNI_ERR;
+        }
         if (newLen == oldLen) {
             premainClass = strdup(premainClass);
         } else {
@@ -362,6 +373,17 @@
          */
         oldLen = strlen(agentClass);
         newLen = modifiedUtf8LengthOfUtf8(agentClass, oldLen);
+        /*
+         * According to JVMS class name is represented as CONSTANT_Utf8_info,
+         * so its length is u2 (i.e. must be <= 0xFFFF).
+         */
+        if (newLen > 0xFFFF) {
+            fprintf(stderr, "Agent-Class value is too big\n");
+            free(jarfile);
+            if (options != NULL) free(options);
+            freeAttributes(attributes);
+            return AGENT_ERROR_BADJAR;
+        }
         if (newLen == oldLen) {
             agentClass = strdup(agentClass);
         } else {