提交 08f7cdd9 编写于 作者: C chegar

6992859: InetAddressCachePolicy.setIfNotSet() fails

Reviewed-by: michaelm
上级 16263640
...@@ -25,7 +25,6 @@ ...@@ -25,7 +25,6 @@
package sun.net; package sun.net;
import java.net.InetAddress;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.security.Security; import java.security.Security;
...@@ -57,7 +56,7 @@ public final class InetAddressCachePolicy { ...@@ -57,7 +56,7 @@ public final class InetAddressCachePolicy {
* caching. For security reasons, this caching is made forever when * caching. For security reasons, this caching is made forever when
* a security manager is set. * a security manager is set.
*/ */
private static int cachePolicy; private static int cachePolicy = FOREVER;
/* The Java-level namelookup cache policy for negative lookups: /* The Java-level namelookup cache policy for negative lookups:
* *
...@@ -67,31 +66,24 @@ public final class InetAddressCachePolicy { ...@@ -67,31 +66,24 @@ public final class InetAddressCachePolicy {
* default value is 0. It can be set to some other value for * default value is 0. It can be set to some other value for
* performance reasons. * performance reasons.
*/ */
private static int negativeCachePolicy; private static int negativeCachePolicy = NEVER;
/* /*
* Whether or not the cache policy for successful lookups was set * Whether or not the cache policy for successful lookups was set
* using a property (cmd line). * using a property (cmd line).
*/ */
private static boolean set = false; private static boolean propertySet;
/* /*
* Whether or not the cache policy for negative lookups was set * Whether or not the cache policy for negative lookups was set
* using a property (cmd line). * using a property (cmd line).
*/ */
private static boolean negativeSet = false; private static boolean propertyNegativeSet;
/* /*
* Initialize * Initialize
*/ */
static { static {
set = false;
negativeSet = false;
cachePolicy = FOREVER;
negativeCachePolicy = 0;
Integer tmp = null; Integer tmp = null;
try { try {
...@@ -110,7 +102,7 @@ public final class InetAddressCachePolicy { ...@@ -110,7 +102,7 @@ public final class InetAddressCachePolicy {
if (cachePolicy < 0) { if (cachePolicy < 0) {
cachePolicy = FOREVER; cachePolicy = FOREVER;
} }
set = true; propertySet = true;
} else { } else {
tmp = java.security.AccessController.doPrivileged tmp = java.security.AccessController.doPrivileged
(new sun.security.action.GetIntegerAction(cachePolicyPropFallback)); (new sun.security.action.GetIntegerAction(cachePolicyPropFallback));
...@@ -119,7 +111,14 @@ public final class InetAddressCachePolicy { ...@@ -119,7 +111,14 @@ public final class InetAddressCachePolicy {
if (cachePolicy < 0) { if (cachePolicy < 0) {
cachePolicy = FOREVER; cachePolicy = FOREVER;
} }
set = true; propertySet = true;
} else {
/* No properties defined for positive caching. If there is no
* security manager then use the default positive cache value.
*/
if (System.getSecurityManager() == null) {
cachePolicy = DEFAULT_POSITIVE;
}
} }
} }
...@@ -140,7 +139,7 @@ public final class InetAddressCachePolicy { ...@@ -140,7 +139,7 @@ public final class InetAddressCachePolicy {
if (negativeCachePolicy < 0) { if (negativeCachePolicy < 0) {
negativeCachePolicy = FOREVER; negativeCachePolicy = FOREVER;
} }
negativeSet = true; propertyNegativeSet = true;
} else { } else {
tmp = java.security.AccessController.doPrivileged tmp = java.security.AccessController.doPrivileged
(new sun.security.action.GetIntegerAction(negativeCachePolicyPropFallback)); (new sun.security.action.GetIntegerAction(negativeCachePolicyPropFallback));
...@@ -149,17 +148,13 @@ public final class InetAddressCachePolicy { ...@@ -149,17 +148,13 @@ public final class InetAddressCachePolicy {
if (negativeCachePolicy < 0) { if (negativeCachePolicy < 0) {
negativeCachePolicy = FOREVER; negativeCachePolicy = FOREVER;
} }
negativeSet = true; propertyNegativeSet = true;
} }
} }
} }
public static synchronized int get() { public static synchronized int get() {
if (!set && System.getSecurityManager() == null) { return cachePolicy;
return DEFAULT_POSITIVE;
} else {
return cachePolicy;
}
} }
public static synchronized int getNegative() { public static synchronized int getNegative() {
...@@ -174,21 +169,17 @@ public final class InetAddressCachePolicy { ...@@ -174,21 +169,17 @@ public final class InetAddressCachePolicy {
* should be cached * should be cached
*/ */
public static synchronized void setIfNotSet(int newPolicy) { public static synchronized void setIfNotSet(int newPolicy) {
/* /*
* When setting the new value we may want to signal that the * When setting the new value we may want to signal that the
* cache should be flushed, though this doesn't seem strictly * cache should be flushed, though this doesn't seem strictly
* necessary. * necessary.
*/ */
if (!propertySet) {
if (!set) {
checkValue(newPolicy, cachePolicy); checkValue(newPolicy, cachePolicy);
cachePolicy = newPolicy; cachePolicy = newPolicy;
} }
} }
/** /**
* Sets the cache policy for negative lookups if the user has not * Sets the cache policy for negative lookups if the user has not
* already specified a cache policy for it using a * already specified a cache policy for it using a
...@@ -197,14 +188,12 @@ public final class InetAddressCachePolicy { ...@@ -197,14 +188,12 @@ public final class InetAddressCachePolicy {
* should be cached * should be cached
*/ */
public static synchronized void setNegativeIfNotSet(int newPolicy) { public static synchronized void setNegativeIfNotSet(int newPolicy) {
/* /*
* When setting the new value we may want to signal that the * When setting the new value we may want to signal that the
* cache should be flushed, though this doesn't seem strictly * cache should be flushed, though this doesn't seem strictly
* necessary. * necessary.
*/ */
if (!propertyNegativeSet) {
if (!negativeSet) {
// Negative caching does not seem to have any security // Negative caching does not seem to have any security
// implications. // implications.
// checkValue(newPolicy, negativeCachePolicy); // checkValue(newPolicy, negativeCachePolicy);
...@@ -213,13 +202,11 @@ public final class InetAddressCachePolicy { ...@@ -213,13 +202,11 @@ public final class InetAddressCachePolicy {
} }
private static void checkValue(int newPolicy, int oldPolicy) { private static void checkValue(int newPolicy, int oldPolicy) {
/* /*
* If malicious code gets a hold of this method, prevent * If malicious code gets a hold of this method, prevent
* setting the cache policy to something laxer or some * setting the cache policy to something laxer or some
* invalid negative value. * invalid negative value.
*/ */
if (newPolicy == FOREVER) if (newPolicy == FOREVER)
return; return;
...@@ -229,7 +216,6 @@ public final class InetAddressCachePolicy { ...@@ -229,7 +216,6 @@ public final class InetAddressCachePolicy {
throw new throw new
SecurityException("can't make InetAddress cache more lax"); SecurityException("can't make InetAddress cache more lax");
} }
} }
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册