Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9938:78ba01e56da9
Merge jdk7u261-b02
author | andrew |
---|---|
date | Mon, 13 Apr 2020 16:44:37 +0100 |
parents | 435a857daf61 (current diff) 60639d35dba6 (diff) |
children | 079d45855b58 |
files | .hgtags make/com/sun/java/pack/Makefile make/common/Defs-linux.gmk make/common/Defs-solaris.gmk make/common/Program.gmk src/share/classes/sun/security/ssl/ClientHandshaker.java src/share/classes/sun/security/ssl/SSLEngineImpl.java src/share/classes/sun/security/ssl/SSLSocketImpl.java src/solaris/native/sun/java2d/x11/XRBackendNative.c |
diffstat | 39 files changed, 405 insertions(+), 170 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Fri Feb 28 04:05:26 2020 +0000 +++ b/.hgtags Mon Apr 13 16:44:37 2020 +0100 @@ -712,3 +712,7 @@ ec18dc04c53cc88e732740341caf0d228cd4b90e jdk7u251-b01 cfc6f6b7d6ff93fcbaed0f1ca8400246e917a20c jdk7u251-b02 5cfb0b2d8b780765468b711932b55db1f4e8fef3 icedtea-2.6.21 +cfc6f6b7d6ff93fcbaed0f1ca8400246e917a20c jdk7u251-ga +cfc6f6b7d6ff93fcbaed0f1ca8400246e917a20c jdk7u261-b00 +8d14fd7dad21c252716267355a1f4b138c412f66 jdk7u261-b01 +ab6cd5af67f09df020e23680b94cfb9a3f0d890f jdk7u261-b02
--- a/make/com/sun/java/pack/Makefile Fri Feb 28 04:05:26 2020 +0000 +++ b/make/com/sun/java/pack/Makefile Mon Apr 13 16:44:37 2020 +0100 @@ -79,6 +79,14 @@ OTHER_LDLIBS += $(ZLIB_LIBS) OTHER_CXXFLAGS += $(ZLIB_CFLAGS) -DSYSTEM_ZLIB endif +# Add -fPIE in place of -fPIC for building executables + ifeq ($(CC_VERSION), gcc) + ifneq ($(ARCH_DATA_MODEL), 32) + LDDFLAGS += -pie + CFLAGS := $(subst -fPIC,-fPIE,$(CFLAGS)) + CXXFLAGS := $(subst -fPIC,-fPIE,$(CXXFLAGS)) + endif # ARCH_DATA_MODEL != 32 + endif # CC_VERSION gcc else OTHER_CXXFLAGS += -DNO_ZLIB -DUNPACK_JNI OTHER_LDLIBS += $(JVMLIB)
--- a/make/common/Defs-linux.gmk Fri Feb 28 04:05:26 2020 +0000 +++ b/make/common/Defs-linux.gmk Mon Apr 13 16:44:37 2020 +0100 @@ -280,6 +280,12 @@ CFLAGS_COMMON += -pipe endif +# Add buffer overflow protection, if available +_HAS_STACK_PROTECTOR:=$(shell $(CC) -dumpspecs | $(GREP) -- 'fstack-protector') +ifneq ($(_HAS_STACK_PROTECTOR),) + CFLAGS_COMMON += -fstack-protector +endif + # Linux 64bit machines use Dwarf2, which can be HUGE, have fastdebug use -g1 DEBUG_FLAG = -g ifeq ($(FASTDEBUG), true) @@ -386,6 +392,9 @@ LDFLAGS_DEFS_OPTION = -Xlinker -z -Xlinker defs LDFLAGS_COMMON += $(LDFLAGS_DEFS_OPTION) +LDFLAGS_RELRO_OPTION = -Xlinker -z -Xlinker relro +LDFLAGS_COMMON += $(LDFLAGS_RELRO_OPTION) + # # -L paths for finding and -ljava #
--- a/make/common/Defs-solaris.gmk Fri Feb 28 04:05:26 2020 +0000 +++ b/make/common/Defs-solaris.gmk Mon Apr 13 16:44:37 2020 +0100 @@ -442,6 +442,8 @@ # ifeq ($(CC_VERSION),gcc) LD_MAPFILE_FLAG = -Xlinker -M -Xlinker +LDFLAGS_RELRO_OPTION = -Xlinker -z -Xlinker relro +LDFLAGS_COMMON += $(LDFLAGS_RELRO_OPTION) else LD_MAPFILE_FLAG = -M endif @@ -531,6 +533,11 @@ # (See Rules.gmk) May need to wait for gcc 5? AUTOMATIC_PCH_OPTION = + # Add buffer overflow protection, if available + _HAS_STACK_PROTECTOR:=$(shell $(CC) -dumpspecs | $(GREP) -- 'fstack-protector') + ifneq ($(_HAS_STACK_PROTECTOR),) + CFLAGS_COMMON += -fstack-protector + endif else # Highest could be -xO5, but indications are that -xO5 should be reserved
--- a/make/common/Program.gmk Fri Feb 28 04:05:26 2020 +0000 +++ b/make/common/Program.gmk Mon Apr 13 16:44:37 2020 +0100 @@ -137,6 +137,15 @@ OTHER_LDLIBS += jli.lib endif # PLATFORM +# Add -fPIE in place of -fPIC for building executables +ifeq ($(CC_VERSION), gcc) + ifneq ($(ARCH_DATA_MODEL), 32) + LDFLAGS += -pie + CFLAGS := $(subst -fPIC,-fPIE,$(CFLAGS)) + CXXFLAGS := $(subst -fPIC,-fPIE,$(CXXFLAGS)) + endif # ARCH_DATA_MODEL != 32 +endif # CC_VERSION gcc + # # Applications expect to be able to link against libjawt without invoking # System.loadLibrary("jawt") first. This was the behaviour described in the
--- a/make/java/jexec/Makefile Fri Feb 28 04:05:26 2020 +0000 +++ b/make/java/jexec/Makefile Mon Apr 13 16:44:37 2020 +0100 @@ -61,6 +61,15 @@ OTHER_INCLUDES += -I$(SHARE_SRC)/bin endif # PLATFORM +# Add -fPIE in place of -fPIC for building executables +ifeq ($(CC_VERSION), gcc) + ifneq ($(ARCH_DATA_MODEL), 32) + LDFLAGS += -pie + CFLAGS := $(subst -fPIC,-fPIE,$(CFLAGS)) + CXXFLAGS := $(subst -fPIC,-fPIE,$(CXXFLAGS)) + endif # ARCH_DATA_MODEL != 32 +endif # CC_VERSION gcc + build: $(LIB_LOCATION)/$(PROGRAM) $(LIB_LOCATION)/$(PROGRAM):: $(FILES_o)
--- a/src/share/classes/com/sun/crypto/provider/JceKeyStore.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/com/sun/crypto/provider/JceKeyStore.java Mon Apr 13 16:44:37 2020 +0100 @@ -78,6 +78,12 @@ private static final class SecretKeyEntry { Date date; // the creation date of this entry SealedObject sealedKey; + + // Maximum possible length of sealedKey. Used to detect malicious + // input data. This field is set to the file length of the keystore + // at loading. It is useless when creating a new SecretKeyEntry + // to be store in a keystore. + int maxLength; } // Trusted certificate @@ -112,7 +118,7 @@ { Key key = null; - Object entry = entries.get(alias.toLowerCase()); + Object entry = entries.get(alias.toLowerCase(Locale.ENGLISH)); if (!((entry instanceof PrivateKeyEntry) || (entry instanceof SecretKeyEntry))) { @@ -133,8 +139,8 @@ } key = keyProtector.recover(encrInfo); } else { - key = - keyProtector.unseal(((SecretKeyEntry)entry).sealedKey); + SecretKeyEntry ske = ((SecretKeyEntry)entry); + key = keyProtector.unseal(ske.sealedKey, ske.maxLength); } return key; @@ -155,7 +161,7 @@ { Certificate[] chain = null; - Object entry = entries.get(alias.toLowerCase()); + Object entry = entries.get(alias.toLowerCase(Locale.ENGLISH)); if ((entry instanceof PrivateKeyEntry) && (((PrivateKeyEntry)entry).chain != null)) { @@ -183,7 +189,7 @@ public Certificate engineGetCertificate(String alias) { Certificate cert = null; - Object entry = entries.get(alias.toLowerCase()); + Object entry = entries.get(alias.toLowerCase(Locale.ENGLISH)); if (entry != null) { if (entry instanceof TrustedCertEntry) { @@ -208,7 +214,7 @@ public Date engineGetCreationDate(String alias) { Date date = null; - Object entry = entries.get(alias.toLowerCase()); + Object entry = entries.get(alias.toLowerCase(Locale.ENGLISH)); if (entry != null) { // We have to create a new instance of java.util.Date because @@ -271,7 +277,7 @@ } // store the entry - entries.put(alias.toLowerCase(), entry); + entries.put(alias.toLowerCase(Locale.ENGLISH), entry); } else { SecretKeyEntry entry = new SecretKeyEntry(); @@ -279,7 +285,8 @@ // seal and store the key entry.sealedKey = keyProtector.seal(key); - entries.put(alias.toLowerCase(), entry); + entry.maxLength = Integer.MAX_VALUE; + entries.put(alias.toLowerCase(Locale.ENGLISH), entry); } } catch (Exception e) { @@ -327,7 +334,7 @@ entry.chain = null; } - entries.put(alias.toLowerCase(), entry); + entries.put(alias.toLowerCase(Locale.ENGLISH), entry); } } @@ -350,7 +357,7 @@ { synchronized(entries) { - Object entry = entries.get(alias.toLowerCase()); + Object entry = entries.get(alias.toLowerCase(Locale.ENGLISH)); if (entry != null) { if (entry instanceof PrivateKeyEntry) { throw new KeyStoreException("Cannot overwrite own " @@ -363,7 +370,7 @@ TrustedCertEntry trustedCertEntry = new TrustedCertEntry(); trustedCertEntry.cert = cert; trustedCertEntry.date = new Date(); - entries.put(alias.toLowerCase(), trustedCertEntry); + entries.put(alias.toLowerCase(Locale.ENGLISH), trustedCertEntry); } } @@ -378,7 +385,7 @@ throws KeyStoreException { synchronized(entries) { - entries.remove(alias.toLowerCase()); + entries.remove(alias.toLowerCase(Locale.ENGLISH)); } } @@ -399,7 +406,7 @@ * @return true if the alias exists, false otherwise */ public boolean engineContainsAlias(String alias) { - return entries.containsKey(alias.toLowerCase()); + return entries.containsKey(alias.toLowerCase(Locale.ENGLISH)); } /** @@ -421,7 +428,7 @@ public boolean engineIsKeyEntry(String alias) { boolean isKey = false; - Object entry = entries.get(alias.toLowerCase()); + Object entry = entries.get(alias.toLowerCase(Locale.ENGLISH)); if ((entry instanceof PrivateKeyEntry) || (entry instanceof SecretKeyEntry)) { isKey = true; @@ -439,7 +446,7 @@ */ public boolean engineIsCertificateEntry(String alias) { boolean isCert = false; - Object entry = entries.get(alias.toLowerCase()); + Object entry = entries.get(alias.toLowerCase(Locale.ENGLISH)); if (entry instanceof TrustedCertEntry) { isCert = true; } @@ -687,6 +694,10 @@ if (stream == null) return; + byte[] allData = IOUtils.readAllBytes(stream); + final int fullLength = allData.length; + + stream = new ByteArrayInputStream(allData); if (password != null) { md = getPreKeyedHash(password); dis = new DataInputStream(new DigestInputStream(stream, md)); @@ -826,11 +837,12 @@ @Override public Void run() { ObjectInputFilter.Config.setObjectInputFilter( - ois2, new DeserializationChecker()); + ois2, new DeserializationChecker(fullLength)); return null; } }); entry.sealedKey = (SealedObject)ois.readObject(); + entry.maxLength = fullLength; // NOTE: don't close ois here since we are still // using dis!!! } catch (ClassNotFoundException cnfe) { @@ -899,8 +911,17 @@ * deserialized. */ private static class DeserializationChecker implements ObjectInputFilter { + private static final int MAX_NESTED_DEPTH = 2; + // Full length of keystore, anything inside a SecretKeyEntry should not + // be bigger. Otherwise, must be illegal. + private final int fullLength; + + public DeserializationChecker(int fullLength) { + this.fullLength = fullLength; + } + @Override public ObjectInputFilter.Status checkInput(ObjectInputFilter.FilterInfo info) { @@ -909,6 +930,7 @@ long nestedDepth = info.depth(); if ((nestedDepth == 1 && info.serialClass() != SealedObjectForKeyProtector.class) || + info.arrayLength() > fullLength || (nestedDepth > MAX_NESTED_DEPTH && info.serialClass() != null && info.serialClass() != Object.class)) {
--- a/src/share/classes/com/sun/crypto/provider/KeyProtector.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/com/sun/crypto/provider/KeyProtector.java Mon Apr 13 16:44:37 2020 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -319,8 +319,11 @@ /** * Unseals the sealed key. + * + * @param maxLength Maximum possible length of so. + * If bigger, must be illegal. */ - Key unseal(SealedObject so) + Key unseal(SealedObject so, int maxLength) throws NoSuchAlgorithmException, UnrecoverableKeyException { SecretKey sKey = null; try { @@ -355,7 +358,7 @@ SunJCE.getInstance(), "PBEWithMD5AndTripleDES"); cipher.init(Cipher.DECRYPT_MODE, sKey, params); - return soForKeyProtector.getKey(cipher); + return soForKeyProtector.getKey(cipher, maxLength); } catch (NoSuchAlgorithmException ex) { // Note: this catch needed to be here because of the // later catch of GeneralSecurityException
--- a/src/share/classes/com/sun/crypto/provider/PBEKey.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/com/sun/crypto/provider/PBEKey.java Mon Apr 13 16:44:37 2020 +0100 @@ -29,6 +29,7 @@ import java.security.KeyRep; import java.security.spec.InvalidKeySpecException; import java.util.Arrays; +import java.util.Locale; import javax.crypto.SecretKey; import javax.crypto.spec.PBEKeySpec; @@ -93,7 +94,7 @@ for (int i = 1; i < this.key.length; i++) { retval += this.key[i] * i; } - return(retval ^= getAlgorithm().toLowerCase().hashCode()); + return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode()); } public boolean equals(Object obj) {
--- a/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java Mon Apr 13 16:44:37 2020 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,6 +32,7 @@ import javax.crypto.SecretKeyFactorySpi; import javax.crypto.spec.PBEKeySpec; import java.util.HashSet; +import java.util.Locale; /** * This class implements a key factory for PBE keys according to PKCS#5, @@ -56,24 +57,24 @@ static { validTypes = new HashSet<String>(17); - validTypes.add("PBEWithMD5AndDES".toUpperCase()); - validTypes.add("PBEWithSHA1AndDESede".toUpperCase()); - validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase()); - validTypes.add("PBEWithSHA1AndRC2_128".toUpperCase()); - validTypes.add("PBEWithSHA1AndRC4_40".toUpperCase()); - validTypes.add("PBEWithSHA1AndRC4_128".toUpperCase()); + validTypes.add("PBEWithMD5AndDES".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithSHA1AndDESede".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithSHA1AndRC2_128".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithSHA1AndRC4_40".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithSHA1AndRC4_128".toUpperCase(Locale.ENGLISH)); // Proprietary algorithm. - validTypes.add("PBEWithMD5AndTripleDES".toUpperCase()); - validTypes.add("PBEWithHmacSHA1AndAES_128".toUpperCase()); - validTypes.add("PBEWithHmacSHA224AndAES_128".toUpperCase()); - validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase()); - validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase()); - validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase()); - validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase()); - validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase()); - validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase()); - validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase()); - validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase()); + validTypes.add("PBEWithMD5AndTripleDES".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA1AndAES_128".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA224AndAES_128".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase(Locale.ENGLISH)); + validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase(Locale.ENGLISH)); } public static final class PBEWithMD5AndDES @@ -237,7 +238,7 @@ protected KeySpec engineGetKeySpec(SecretKey key, Class keySpecCl) throws InvalidKeySpecException { if ((key instanceof SecretKey) - && (validTypes.contains(key.getAlgorithm().toUpperCase())) + && (validTypes.contains(key.getAlgorithm().toUpperCase(Locale.ENGLISH))) && (key.getFormat().equalsIgnoreCase("RAW"))) { // Check if requested key spec is amongst the valid ones @@ -279,7 +280,7 @@ { try { if ((key != null) && - (validTypes.contains(key.getAlgorithm().toUpperCase())) && + (validTypes.contains(key.getAlgorithm().toUpperCase(Locale.ENGLISH))) && (key.getFormat().equalsIgnoreCase("RAW"))) { // Check if key originates from this factory
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Mon Apr 13 16:44:37 2020 +0100 @@ -30,6 +30,7 @@ import java.nio.CharBuffer; import java.nio.charset.Charset; import java.util.Arrays; +import java.util.Locale; import java.security.MessageDigest; import java.security.KeyRep; import java.security.GeneralSecurityException; @@ -148,7 +149,7 @@ @Override public int hashCode() { return Arrays.hashCode(password) * 41 + - prf.getAlgorithm().toLowerCase().hashCode(); + prf.getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode(); } @Override public boolean equals(Object obj) { @@ -226,7 +227,7 @@ for (int i = 1; i < this.key.length; i++) { retval += this.key[i] * i; } - return(retval ^= getAlgorithm().toLowerCase().hashCode()); + return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode()); } public boolean equals(Object obj) {
--- a/src/share/classes/com/sun/crypto/provider/SealedObjectForKeyProtector.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/com/sun/crypto/provider/SealedObjectForKeyProtector.java Mon Apr 13 16:44:37 2020 +0100 @@ -73,7 +73,7 @@ return params; } - final Key getKey(Cipher c) + final Key getKey(Cipher c, final int maxLength) throws IOException, ClassNotFoundException, IllegalBlockSizeException, BadPaddingException { @@ -83,7 +83,7 @@ @Override public Void run() { ObjectInputFilter.Config.setObjectInputFilter(ois, - DeserializationChecker.ONE_FILTER); + new DeserializationChecker(maxLength)); return null; } }); @@ -112,7 +112,7 @@ */ private static class DeserializationChecker implements ObjectInputFilter { - private static final ObjectInputFilter ONE_FILTER; + private static final ObjectInputFilter OWN_FILTER; static { String prop = AccessController.doPrivileged(new PrivilegedAction<String>() { @@ -126,26 +126,32 @@ } } }); - ONE_FILTER = new DeserializationChecker(prop == null ? null - : ObjectInputFilter.Config.createFilter(prop)); + OWN_FILTER = prop == null + ? null + : ObjectInputFilter.Config.createFilter(prop); } - private final ObjectInputFilter base; + // Maximum possible length of anything inside + private final int maxLength; - private DeserializationChecker(ObjectInputFilter base) { - this.base = base; + private DeserializationChecker(int maxLength) { + this.maxLength = maxLength; } @Override public ObjectInputFilter.Status checkInput( ObjectInputFilter.FilterInfo info) { + if (info.arrayLength() > maxLength) { + return Status.REJECTED; + } + if (info.serialClass() == Object.class) { return Status.UNDECIDED; } - if (base != null) { - Status result = base.checkInput(info); + if (OWN_FILTER != null) { + Status result = OWN_FILTER.checkInput(info); if (result != Status.UNDECIDED) { return result; }
--- a/src/share/classes/com/sun/net/httpserver/Headers.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/com/sun/net/httpserver/Headers.java Mon Apr 13 16:44:37 2020 +0100 @@ -79,11 +79,14 @@ char[] b = key.toCharArray(); if (b[0] >= 'a' && b[0] <= 'z') { b[0] = (char)(b[0] - ('a' - 'A')); - } + } else if (b[0] == '\r' || b[0] == '\n') + throw new IllegalArgumentException("illegal character in key"); + for (int i=1; i<len; i++) { if (b[i] >= 'A' && b[i] <= 'Z') { b[i] = (char) (b[i] + ('a' - 'A')); - } + } else if (b[i] == '\r' || b[i] == '\n') + throw new IllegalArgumentException("illegal character in key"); } return new String(b); } @@ -125,6 +128,8 @@ } public List<String> put(String key, List<String> value) { + for (String v : value) + checkValue(v); return map.put (normalize(key), value); } @@ -136,6 +141,7 @@ * @param value the header value to add to the header */ public void add (String key, String value) { + checkValue(value); String k = normalize(key); List<String> l = map.get(k); if (l == null) { @@ -145,6 +151,30 @@ l.add (value); } + private static void checkValue(String value) { + int len = value.length(); + for (int i=0; i<len; i++) { + char c = value.charAt(i); + if (c == '\r') { + // is allowed if it is followed by \n and a whitespace char + if (i >= len - 2) { + throw new IllegalArgumentException("Illegal CR found in header"); + } + char c1 = value.charAt(i+1); + char c2 = value.charAt(i+2); + if (c1 != '\n') { + throw new IllegalArgumentException("Illegal char found after CR in header"); + } + if (c2 != ' ' && c2 != '\t') { + throw new IllegalArgumentException("No whitespace found after CRLF in header"); + } + i+=2; + } else if (c == '\n') { + throw new IllegalArgumentException("Illegal LF found in header"); + } + } + } + /** * sets the given value as the sole header value * for the given key. If the mapping does not
--- a/src/share/classes/java/io/ObjectInputStream.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/io/ObjectInputStream.java Mon Apr 13 16:44:37 2020 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1796,6 +1796,8 @@ break; case TC_REFERENCE: descriptor = (ObjectStreamClass) readHandle(unshared); + // Should only reference initialized class descriptors + descriptor.checkInitialized(); break; case TC_PROXYCLASSDESC: descriptor = readProxyDesc(unshared);
--- a/src/share/classes/java/io/ObjectStreamClass.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/io/ObjectStreamClass.java Mon Apr 13 16:44:37 2020 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -864,6 +864,17 @@ } /** + * Throws InvalidClassException if not initialized. + * To be called in cases where an uninitialized class descriptor indicates + * a problem in the serialization stream. + */ + final void checkInitialized() throws InvalidClassException { + if (!initialized) { + throw new InvalidClassException("Class descriptor should be initialized"); + } + } + + /** * Throws an InvalidClassException if object instances referencing this * class descriptor should not be allowed to deserialize. This method does * not apply to deserialization of enum constants. @@ -1122,6 +1133,9 @@ } catch (IllegalAccessException ex) { // should not occur, as access checks have been suppressed throw new InternalError(); + } catch (InstantiationError err) { + throw (InstantiationException) + new InstantiationException().initCause(err); } } else { throw new UnsupportedOperationException();
--- a/src/share/classes/java/lang/instrument/package.html Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/lang/instrument/package.html Mon Apr 13 16:44:37 2020 +0100 @@ -38,6 +38,13 @@ Provides services that allow Java programming language agents to instrument programs running on the JVM. The mechanism for instrumentation is modification of the byte-codes of methods. +<P> +Note: developers/admininstrators are responsible for verifying the trustworthiness of +content and structure of the Java Agents they deploy, since those are able to arbitrarily +transform the bytecode from other JAR files. Since that happens after the Jars containing +the bytecode have been verified as trusted, the trustworthiness of a Java Agent can determine +the trust towards the entire program. + <h2>Package Specification</h2> <P>
--- a/src/share/classes/java/lang/invoke/MethodType.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/lang/invoke/MethodType.java Mon Apr 13 16:44:37 2020 +0100 @@ -92,7 +92,8 @@ // The remaining fields are caches of various sorts: private MethodTypeForm form; // erased form, plus cached data about primitives - private MethodType wrapAlt; // alternative wrapped/unwrapped version + private Object wrapAlt; // alternative wrapped/unwrapped version and + // private communication for readObject and readResolve private Invokers invokers; // cache of handy higher-order adapters /** @@ -575,7 +576,7 @@ private static MethodType wrapWithPrims(MethodType pt) { assert(pt.hasPrimitives()); - MethodType wt = pt.wrapAlt; + MethodType wt = (MethodType)pt.wrapAlt; if (wt == null) { // fill in lazily wt = MethodTypeForm.canonicalize(pt, MethodTypeForm.WRAP, MethodTypeForm.WRAP); @@ -587,7 +588,7 @@ private static MethodType unwrapWithNoPrims(MethodType wt) { assert(!wt.hasPrimitives()); - MethodType uwt = wt.wrapAlt; + MethodType uwt = (MethodType)wt.wrapAlt; if (uwt == null) { // fill in lazily uwt = MethodTypeForm.canonicalize(wt, MethodTypeForm.UNWRAP, MethodTypeForm.UNWRAP); @@ -955,27 +956,18 @@ * @see #writeObject */ private void readObject(java.io.ObjectInputStream s) throws java.io.IOException, ClassNotFoundException { - // Assign temporary defaults in case this object escapes - MethodType_init(void.class, NO_PTYPES); + // Assign defaults in case this object escapes + UNSAFE.putObject(this, rtypeOffset, void.class); + UNSAFE.putObject(this, ptypesOffset, NO_PTYPES); s.defaultReadObject(); // requires serialPersistentFields to be an empty array Class<?> returnType = (Class<?>) s.readObject(); Class<?>[] parameterArray = (Class<?>[]) s.readObject(); - parameterArray = parameterArray.clone(); // make sure it is unshared - // Assign deserialized values - MethodType_init(returnType, parameterArray); - } - - // Initialization of state for deserialization only - private void MethodType_init(Class<?> rtype, Class<?>[] ptypes) { - // In order to communicate these values to readResolve, we must - // store them into the implementation-specific final fields. - checkRtype(rtype); - checkPtypes(ptypes); - UNSAFE.putObject(this, rtypeOffset, rtype); - UNSAFE.putObject(this, ptypesOffset, ptypes); + // Verify all operands, and make sure ptypes is unshared + // Cache the new MethodType for readResolve + wrapAlt = new MethodType[]{MethodType.methodType(returnType, parameterArray)}; } // Support for resetting final fields while deserializing @@ -1000,12 +992,10 @@ // Do not use a trusted path for deserialization: // return makeImpl(rtype, ptypes, true); // Verify all operands, and make sure ptypes is unshared: - try { - return methodType(rtype, ptypes); - } finally { - // Re-assign defaults in case this object escapes - MethodType_init(void.class, NO_PTYPES); - } + // Return a new validated MethodType for the rtype and ptypes passed from readObject. + MethodType mt = ((MethodType[])wrapAlt)[0]; + wrapAlt = null; + return mt; } /**
--- a/src/share/classes/java/math/MutableBigInteger.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/math/MutableBigInteger.java Mon Apr 13 16:44:37 2020 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1311,8 +1311,8 @@ } /** - * Calculate the multiplicative inverse of this mod mod, where mod is odd. - * This and mod are not changed by the calculation. + * Calculate the multiplicative inverse of this modulo mod, where the mod + * argument is odd. This and mod are not changed by the calculation. * * This method implements an algorithm due to Richard Schroeppel, that uses * the same intermediate representation as Montgomery Reduction @@ -1366,8 +1366,18 @@ k += trailingZeros; } - while (c.sign < 0) - c.signedAdd(p); + if (c.compare(p) >= 0) { // c has a larger magnitude than p + MutableBigInteger remainder = c.divide(p, + new MutableBigInteger()); + // The previous line ignores the sign so we copy the data back + // into c which will restore the sign as needed (and converts + // it back to a SignedMutableBigInteger) + c.copyValue(remainder); + } + + if (c.sign < 0) { + c.signedAdd(p); + } return fixup(c, p, k); } @@ -1405,8 +1415,8 @@ } // In theory, c may be greater than p at this point (Very rare!) - while (c.compare(p) >= 0) - c.subtract(p); + if (c.compare(p) >= 0) + c = c.divide(p, new MutableBigInteger()); return c; }
--- a/src/share/classes/java/nio/ByteBufferAs-X-Buffer.java.template Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/nio/ByteBufferAs-X-Buffer.java.template Mon Apr 13 16:44:37 2020 +0100 @@ -72,7 +72,6 @@ public $Type$Buffer slice() { int pos = this.position(); int lim = this.limit(); - assert (pos <= lim); int rem = (pos <= lim ? lim - pos : 0); int off = (pos << $LG_BYTES_PER_VALUE$) + offset; assert (off >= 0);
--- a/src/share/classes/java/nio/Direct-X-Buffer.java.template Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/nio/Direct-X-Buffer.java.template Mon Apr 13 16:44:37 2020 +0100 @@ -206,7 +206,6 @@ public $Type$Buffer slice() { int pos = this.position(); int lim = this.limit(); - assert (pos <= lim); int rem = (pos <= lim ? lim - pos : 0); int off = (pos << $LG_BYTES_PER_VALUE$); assert (off >= 0);
--- a/src/share/classes/java/nio/Heap-X-Buffer.java.template Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/nio/Heap-X-Buffer.java.template Mon Apr 13 16:44:37 2020 +0100 @@ -95,12 +95,15 @@ } public $Type$Buffer slice() { + int pos = this.position(); + int lim = this.limit(); + int rem = (pos <= lim ? lim - pos : 0); return new Heap$Type$Buffer$RW$(hb, -1, 0, - this.remaining(), - this.remaining(), - this.position() + offset); + rem, + rem, + pos + offset); } public $Type$Buffer duplicate() { @@ -141,10 +144,11 @@ public $Type$Buffer get($type$[] dst, int offset, int length) { checkBounds(offset, length, dst.length); - if (length > remaining()) + int pos = position(); + if (length > limit() - pos) throw new BufferUnderflowException(); - System.arraycopy(hb, ix(position()), dst, offset, length); - position(position() + length); + System.arraycopy(hb, ix(pos), dst, offset, length); + position(pos + length); return this; } @@ -179,10 +183,11 @@ public $Type$Buffer put($type$[] src, int offset, int length) { #if[rw] checkBounds(offset, length, src.length); - if (length > remaining()) + int pos = position(); + if (length > limit() - pos) throw new BufferOverflowException(); - System.arraycopy(src, offset, hb, ix(position()), length); - position(position() + length); + System.arraycopy(src, offset, hb, ix(pos), length); + position(pos + length); return this; #else[rw] throw new ReadOnlyBufferException(); @@ -195,19 +200,22 @@ if (src == this) throw new IllegalArgumentException(); Heap$Type$Buffer sb = (Heap$Type$Buffer)src; - int n = sb.remaining(); - if (n > remaining()) + int pos = position(); + int sbpos = sb.position(); + int n = sb.limit() - sbpos; + if (n > limit() - pos) throw new BufferOverflowException(); - System.arraycopy(sb.hb, sb.ix(sb.position()), - hb, ix(position()), n); - sb.position(sb.position() + n); - position(position() + n); + System.arraycopy(sb.hb, sb.ix(sbpos), + hb, ix(pos), n); + sb.position(sbpos + n); + position(pos + n); } else if (src.isDirect()) { int n = src.remaining(); - if (n > remaining()) + int pos = position(); + if (n > limit() - pos) throw new BufferOverflowException(); - src.get(hb, ix(position()), n); - position(position() + n); + src.get(hb, ix(pos), n); + position(pos + n); } else { super.put(src); } @@ -219,8 +227,10 @@ public $Type$Buffer compact() { #if[rw] - System.arraycopy(hb, ix(position()), hb, ix(0), remaining()); - position(remaining()); + int pos = position(); + int rem = limit() - pos; + System.arraycopy(hb, ix(pos), hb, ix(0), rem); + position(rem); limit(capacity()); discardMark(); return this; @@ -278,8 +288,9 @@ } public CharBuffer asCharBuffer() { - int size = this.remaining() >> 1; - int off = offset + position(); + int pos = position(); + int size = (limit() - pos) >> 1; + int off = offset + pos; return (bigEndian ? (CharBuffer)(new ByteBufferAsCharBuffer$RW$B(this, -1, @@ -329,8 +340,9 @@ } public ShortBuffer asShortBuffer() { - int size = this.remaining() >> 1; - int off = offset + position(); + int pos = position(); + int size = (limit() - pos) >> 1; + int off = offset + pos; return (bigEndian ? (ShortBuffer)(new ByteBufferAsShortBuffer$RW$B(this, -1, @@ -380,8 +392,9 @@ } public IntBuffer asIntBuffer() { - int size = this.remaining() >> 2; - int off = offset + position(); + int pos = position(); + int size = (limit() - pos) >> 2; + int off = offset + pos; return (bigEndian ? (IntBuffer)(new ByteBufferAsIntBuffer$RW$B(this, -1, @@ -431,8 +444,9 @@ } public LongBuffer asLongBuffer() { - int size = this.remaining() >> 3; - int off = offset + position(); + int pos = position(); + int size = (limit() - pos) >> 3; + int off = offset + pos; return (bigEndian ? (LongBuffer)(new ByteBufferAsLongBuffer$RW$B(this, -1, @@ -482,8 +496,9 @@ } public FloatBuffer asFloatBuffer() { - int size = this.remaining() >> 2; - int off = offset + position(); + int pos = position(); + int size = (limit() - pos) >> 2; + int off = offset + pos; return (bigEndian ? (FloatBuffer)(new ByteBufferAsFloatBuffer$RW$B(this, -1, @@ -533,8 +548,9 @@ } public DoubleBuffer asDoubleBuffer() { - int size = this.remaining() >> 3; - int off = offset + position(); + int pos = position(); + int size = (limit() - pos) >> 3; + int off = offset + pos; return (bigEndian ? (DoubleBuffer)(new ByteBufferAsDoubleBuffer$RW$B(this, -1,
--- a/src/share/classes/java/nio/StringCharBuffer.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/nio/StringCharBuffer.java Mon Apr 13 16:44:37 2020 +0100 @@ -42,12 +42,15 @@ } public CharBuffer slice() { + int pos = this.position(); + int lim = this.limit(); + int rem = (pos <= lim ? lim - pos : 0); return new StringCharBuffer(str, -1, 0, - this.remaining(), - this.remaining(), - offset + this.position()); + rem, + rem, + offset + pos); } private StringCharBuffer(CharSequence s,
--- a/src/share/classes/java/util/Scanner.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/java/util/Scanner.java Mon Apr 13 16:44:37 2020 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -473,7 +473,7 @@ // here but what can we do? The final authority will be // whatever parse method is invoked, so ultimately the // Scanner will do the right thing - String digit = "((?i)["+radixDigits+"]|\\p{javaDigit})"; + String digit = "((?i)["+radixDigits+"\\p{javaDigit}])"; String groupedNumeral = "("+non0Digit+digit+"?"+digit+"?("+ groupSeparator+digit+digit+digit+")+)"; // digit++ is the possessive form which is necessary for reducing @@ -523,7 +523,7 @@ private Pattern decimalPattern; private void buildFloatAndDecimalPattern() { // \\p{javaDigit} may not be perfect, see above - String digit = "([0-9]|(\\p{javaDigit}))"; + String digit = "(([0-9\\p{javaDigit}]))"; String exponent = "([eE][+-]?"+digit+"+)?"; String groupedNumeral = "("+non0Digit+digit+"?"+digit+"?("+ groupSeparator+digit+digit+digit+")+)"; @@ -1237,25 +1237,25 @@ // These must be literalized to avoid collision with regex // metacharacters such as dot or parenthesis - groupSeparator = "\\" + dfs.getGroupingSeparator(); - decimalSeparator = "\\" + dfs.getDecimalSeparator(); + groupSeparator = "\\x{" + Integer.toHexString(dfs.getGroupingSeparator()) + "}"; + decimalSeparator = "\\x{" + Integer.toHexString(dfs.getDecimalSeparator()) + "}"; // Quoting the nonzero length locale-specific things // to avoid potential conflict with metacharacters - nanString = "\\Q" + dfs.getNaN() + "\\E"; - infinityString = "\\Q" + dfs.getInfinity() + "\\E"; + nanString = Pattern.quote(dfs.getNaN()); + infinityString = Pattern.quote(dfs.getInfinity()); positivePrefix = df.getPositivePrefix(); if (positivePrefix.length() > 0) - positivePrefix = "\\Q" + positivePrefix + "\\E"; + positivePrefix = Pattern.quote(positivePrefix); negativePrefix = df.getNegativePrefix(); if (negativePrefix.length() > 0) - negativePrefix = "\\Q" + negativePrefix + "\\E"; + negativePrefix = Pattern.quote(negativePrefix); positiveSuffix = df.getPositiveSuffix(); if (positiveSuffix.length() > 0) - positiveSuffix = "\\Q" + positiveSuffix + "\\E"; + positiveSuffix = Pattern.quote(positiveSuffix); negativeSuffix = df.getNegativeSuffix(); if (negativeSuffix.length() > 0) - negativeSuffix = "\\Q" + negativeSuffix + "\\E"; + negativeSuffix = Pattern.quote(negativeSuffix); // Force rebuilding and recompilation of locale dependent // primitive patterns
--- a/src/share/classes/javax/crypto/spec/SecretKeySpec.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/javax/crypto/spec/SecretKeySpec.java Mon Apr 13 16:44:37 2020 +0100 @@ -27,6 +27,7 @@ import java.security.MessageDigest; import java.security.spec.KeySpec; +import java.util.Locale; import javax.crypto.SecretKey; /** @@ -195,7 +196,8 @@ if (this.algorithm.equalsIgnoreCase("TripleDES")) return (retval ^= "desede".hashCode()); else - return (retval ^= this.algorithm.toLowerCase().hashCode()); + return (retval ^= + this.algorithm.toLowerCase(Locale.ENGLISH).hashCode()); } /**
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java Mon Apr 13 16:44:37 2020 +0100 @@ -152,9 +152,15 @@ "support DOM Level 2 and be namespace aware"); } if (tag.equals("KeyInfo")) { - return new DOMKeyInfo(element, new UnmarshalContext(), getProvider()); + try { + return new DOMKeyInfo(element, new UnmarshalContext(), getProvider()); + } catch (MarshalException me) { + throw me; + } catch (Exception e) { + throw new MarshalException(e); + } } else { - throw new MarshalException("invalid KeyInfo tag: " + tag); + throw new MarshalException("Invalid KeyInfo tag: " + tag); } }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java Mon Apr 13 16:44:37 2020 +0100 @@ -190,9 +190,15 @@ "support DOM Level 2 and be namespace aware"); } if (tag.equals("Signature")) { - return new DOMXMLSignature(element, context, getProvider()); + try { + return new DOMXMLSignature(element, context, getProvider()); + } catch (MarshalException me) { + throw me; + } catch (Exception e) { + throw new MarshalException(e); + } } else { - throw new MarshalException("invalid Signature tag: " + tag); + throw new MarshalException("Invalid Signature tag: " + tag); } }
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java Mon Apr 13 16:44:37 2020 +0100 @@ -1258,7 +1258,7 @@ */ HandshakeMessage getKickstartMessage() throws SSLException { // session ID of the ClientHello message - SessionId sessionId = SSLSessionImpl.nullSession.getSessionId(); + SessionId sessionId = new SessionId(new byte[0]); // a list of cipher suites sent by the client CipherSuiteList cipherSuites = getActiveCipherSuites();
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java Mon Apr 13 16:44:37 2020 +0100 @@ -349,7 +349,7 @@ } sslContext = ctx; - sess = SSLSessionImpl.nullSession; + sess = new SSLSessionImpl(); handshakeSession = null; /*
--- a/src/share/classes/sun/security/ssl/SSLSessionImpl.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/sun/security/ssl/SSLSessionImpl.java Mon Apr 13 16:44:37 2020 +0100 @@ -77,11 +77,6 @@ */ final class SSLSessionImpl extends ExtendedSSLSession { - /* - * we only really need a single null session - */ - static final SSLSessionImpl nullSession = new SSLSessionImpl(); - // compression methods private static final byte compression_null = 0; @@ -150,7 +145,7 @@ * be used either by a client or by a server, as a connection is * first opened and before handshaking begins. */ - private SSLSessionImpl() { + SSLSessionImpl() { this(ProtocolVersion.NONE, CipherSuite.C_NULL, null, new SessionId(false, null), null, -1, false, null); } @@ -638,14 +633,6 @@ * no connections will be able to rejoin this session. */ synchronized public void invalidate() { - // - // Can't invalidate the NULL session -- this would be - // attempted when we get a handshaking error on a brand - // new connection, with no "real" session yet. - // - if (this == nullSession) { - return; - } invalidated = true; if (debug != null && Debug.isOn("session")) { System.out.println("%% Invalidated: " + this);
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java Mon Apr 13 16:44:37 2020 +0100 @@ -558,7 +558,7 @@ */ private void init(SSLContextImpl context, boolean isServer) { sslContext = context; - sess = SSLSessionImpl.nullSession; + sess = new SSLSessionImpl(); handshakeSession = null; /*
--- a/src/share/instrument/InvocationAdapter.c Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/instrument/InvocationAdapter.c Mon Apr 13 16:44:37 2020 +0100 @@ -203,6 +203,17 @@ */ oldLen = (int)strlen(premainClass); newLen = modifiedUtf8LengthOfUtf8(premainClass, oldLen); + /* + * According to JVMS class name is represented as CONSTANT_Utf8_info, + * so its length is u2 (i.e. must be <= 0xFFFF). + */ + if (newLen > 0xFFFF) { + fprintf(stderr, "-javaagent: Premain-Class value is too big\n"); + free(jarfile); + if (options != NULL) free(options); + freeAttributes(attributes); + return JNI_ERR; + } if (newLen == oldLen) { premainClass = strdup(premainClass); } else { @@ -362,6 +373,17 @@ */ oldLen = strlen(agentClass); newLen = modifiedUtf8LengthOfUtf8(agentClass, oldLen); + /* + * According to JVMS class name is represented as CONSTANT_Utf8_info, + * so its length is u2 (i.e. must be <= 0xFFFF). + */ + if (newLen > 0xFFFF) { + fprintf(stderr, "Agent-Class value is too big\n"); + free(jarfile); + if (options != NULL) free(options); + freeAttributes(attributes); + return AGENT_ERROR_BADJAR; + } if (newLen == oldLen) { agentClass = strdup(agentClass); } else {
--- a/src/share/native/sun/awt/splashscreen/splashscreen_gfx_impl.c Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/native/sun/awt/splashscreen/splashscreen_gfx_impl.c Mon Apr 13 16:44:37 2020 +0100 @@ -206,7 +206,7 @@ int depthBytes = format->depthBytes; pRect->pBits = pBits; - INCPN(byte_t, pRect->pBits, y * stride + x * depthBytes); + INCPN(byte_t, pRect->pBits, (intptr_t) y * stride + x * depthBytes); pRect->numLines = height; pRect->numSamples = width; pRect->stride = stride * jump;
--- a/src/share/native/sun/security/ec/impl/mpi.c Fri Feb 28 04:05:26 2020 +0000 +++ b/src/share/native/sun/security/ec/impl/mpi.c Mon Apr 13 16:44:37 2020 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2020, Oracle and/or its affiliates. All rights reserved. * Use is subject to license terms. * * This library is free software; you can redistribute it and/or @@ -34,7 +34,7 @@ * Netscape Communications Corporation * Douglas Stebila <douglas@stebila.ca> of Sun Laboratories. * - * Last Modified Date from the Original Code: June 2014 + * Last Modified Date from the Original Code: Nov 2019 *********************************************************************** */ /* Arbitrary precision integer arithmetic library */ @@ -2134,7 +2134,10 @@ } } if (res >= 0) { - while (MP_SIGN(c) != MP_ZPOS) { + if (s_mp_cmp(c, p) >= 0) { + MP_CHECKOK( mp_div(c, p, NULL, c)); + } + if (MP_SIGN(c) != MP_ZPOS) { MP_CHECKOK( mp_add(c, p, c) ); } res = k;
--- a/src/solaris/native/sun/awt/multiVis.c Fri Feb 28 04:05:26 2020 +0000 +++ b/src/solaris/native/sun/awt/multiVis.c Mon Apr 13 16:44:37 2020 +0100 @@ -425,9 +425,9 @@ bytes_per_line = ximage->bytes_per_line; if (format == ZPixmap) - ximage->data = malloc(height*bytes_per_line); + ximage->data = malloc((size_t) height * bytes_per_line); else - ximage->data = malloc(height*bytes_per_line*depth); + ximage->data = malloc((size_t) height * bytes_per_line * depth); ximage->bits_per_pixel = depth; /** Valid only if format is ZPixmap ***/
--- a/src/solaris/native/sun/java2d/x11/X11PMBlitLoops.c Fri Feb 28 04:05:26 2020 +0000 +++ b/src/solaris/native/sun/java2d/x11/X11PMBlitLoops.c Mon Apr 13 16:44:37 2020 +0100 @@ -257,7 +257,7 @@ return; } dstScan = image->bytes_per_line; - image->data = malloc(dstScan * height); + image->data = malloc((size_t) dstScan * height); if (image->data == NULL) { XFree(image); AWT_UNLOCK();
--- a/src/solaris/native/sun/java2d/x11/X11TextRenderer_md.c Fri Feb 28 04:05:26 2020 +0000 +++ b/src/solaris/native/sun/java2d/x11/X11TextRenderer_md.c Mon Apr 13 16:44:37 2020 +0100 @@ -154,7 +154,7 @@ height = bottom - top; top -= clipTop; left -= clipLeft; - pPix = ((jubyte *) theImage->data) + (left >> 3) + top * scan; + pPix = ((jubyte *) theImage->data) + (left >> 3) + (intptr_t) top * scan; left &= 0x07; if (theImage->bitmap_bit_order == MSBFirst) { left = 0x80 >> left;
--- a/src/solaris/native/sun/java2d/x11/XRBackendNative.c Fri Feb 28 04:05:26 2020 +0000 +++ b/src/solaris/native/sun/java2d/x11/XRBackendNative.c Mon Apr 13 16:44:37 2020 +0100 @@ -653,7 +653,7 @@ if (ea != 1.0f) { for (line=0; line < height; line++) { for (pix=0; pix < width; pix++) { - int index = maskScan*line + pix + maskOff; + size_t index = (size_t) maskScan * line + pix + maskOff; mask[index] = (((unsigned char) mask[index])*ea); } } @@ -678,8 +678,8 @@ if (imageFits) { for (line=0; line < height; line++) { for (pix=0; pix < width; pix++) { - img->data[line*img->bytes_per_line + pix] = - (unsigned char) (mask[maskScan*line + pix + maskOff]); + img->data[(size_t) line * img->bytes_per_line + pix] = + (unsigned char) (mask[(size_t) maskScan * line + pix + maskOff]); } } } else {
--- a/src/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java Fri Feb 28 04:05:26 2020 +0000 +++ b/src/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java Mon Apr 13 16:44:37 2020 +0100 @@ -34,8 +34,8 @@ import sun.security.krb5.internal.*; import sun.security.krb5.internal.ccache.*; import java.io.IOException; -import java.time.Instant; import java.io.FileInputStream; +import java.util.Calendar; /** * Maintains user-specific options or default settings when the user requests @@ -267,6 +267,8 @@ } private KerberosTime getTime(int s) { - return new KerberosTime(Instant.now().plusSeconds(s)); + Calendar cal = Calendar.getInstance(); + cal.add(Calendar.SECOND, s); + return new KerberosTime(cal.getTime()); } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/math/BigInteger/ModInvTime.java Mon Apr 13 16:44:37 2020 +0100 @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8225603 + * @summary Tests whether modInverse() completes in a reasonable time + * @run main/othervm ModInvTime + */ +import java.math.BigInteger; + +public class ModInvTime { + public static void main(String[] args) throws InterruptedException { + BigInteger prime = new BigInteger("39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643"); + BigInteger s = new BigInteger("9552729729729327851382626410162104591956625415831952158766936536163093322096473638446154604799898109762512409920799"); + System.out.format("int length: %d, modulus length: %d%n", + s.bitLength(), prime.bitLength()); + + System.out.println("Computing modular inverse ..."); + BigInteger mi = s.modInverse(prime); + System.out.format("Modular inverse: %s%n", mi); + check(s, prime, mi); + + BigInteger ns = s.negate(); + BigInteger nmi = ns.modInverse(prime); + System.out.format("Modular inverse of negation: %s%n", nmi); + check(ns, prime, nmi); + } + + public static void check(BigInteger val, BigInteger mod, BigInteger inv) { + BigInteger r = inv.multiply(val).remainder(mod); + if (r.signum() == -1) + r = r.add(mod); + if (!r.equals(BigInteger.ONE)) + throw new RuntimeException("Numerically incorrect modular inverse"); + } +}