提交 179ae840 编写于 作者: U uta

8016046: (process) Strict validation of input should be security manager case only [win].

Reviewed-by: alanb, ahgross
上级 9cbd3827
...@@ -170,7 +170,19 @@ final class ProcessImpl extends Process { ...@@ -170,7 +170,19 @@ final class ProcessImpl extends Process {
return matchList.toArray(new String[matchList.size()]); return matchList.toArray(new String[matchList.size()]);
} }
private static String createCommandLine(boolean isCmdFile, private static final int VERIFICATION_CMD_BAT = 0;
private static final int VERIFICATION_WIN32 = 1;
private static final int VERIFICATION_LEGACY = 2;
private static final char ESCAPE_VERIFICATION[][] = {
// We guarantee the only command file execution for implicit [cmd.exe] run.
// http://technet.microsoft.com/en-us/library/bb490954.aspx
{' ', '\t', '<', '>', '&', '|', '^'},
{' ', '\t', '<', '>'},
{' ', '\t'}
};
private static String createCommandLine(int verificationType,
final String executablePath, final String executablePath,
final String cmd[]) final String cmd[])
{ {
...@@ -181,9 +193,8 @@ final class ProcessImpl extends Process { ...@@ -181,9 +193,8 @@ final class ProcessImpl extends Process {
for (int i = 1; i < cmd.length; ++i) { for (int i = 1; i < cmd.length; ++i) {
cmdbuf.append(' '); cmdbuf.append(' ');
String s = cmd[i]; String s = cmd[i];
if (needsEscaping(isCmdFile, s)) { if (needsEscaping(verificationType, s)) {
cmdbuf.append('"'); cmdbuf.append('"').append(s);
cmdbuf.append(s);
// The code protects the [java.exe] and console command line // The code protects the [java.exe] and console command line
// parser, that interprets the [\"] combination as an escape // parser, that interprets the [\"] combination as an escape
...@@ -197,7 +208,7 @@ final class ProcessImpl extends Process { ...@@ -197,7 +208,7 @@ final class ProcessImpl extends Process {
// command line parser. The case of the [""] tail escape // command line parser. The case of the [""] tail escape
// sequence could not be realized due to the argument validation // sequence could not be realized due to the argument validation
// procedure. // procedure.
if (!isCmdFile && s.endsWith("\\")) { if ((verificationType != VERIFICATION_CMD_BAT) && s.endsWith("\\")) {
cmdbuf.append('\\'); cmdbuf.append('\\');
} }
cmdbuf.append('"'); cmdbuf.append('"');
...@@ -208,11 +219,6 @@ final class ProcessImpl extends Process { ...@@ -208,11 +219,6 @@ final class ProcessImpl extends Process {
return cmdbuf.toString(); return cmdbuf.toString();
} }
// We guarantee the only command file execution for implicit [cmd.exe] run.
// http://technet.microsoft.com/en-us/library/bb490954.aspx
private static final char CMD_BAT_ESCAPE[] = {' ', '\t', '<', '>', '&', '|', '^'};
private static final char WIN32_EXECUTABLE_ESCAPE[] = {' ', '\t', '<', '>'};
private static boolean isQuoted(boolean noQuotesInside, String arg, private static boolean isQuoted(boolean noQuotesInside, String arg,
String errorMessage) { String errorMessage) {
int lastPos = arg.length() - 1; int lastPos = arg.length() - 1;
...@@ -235,7 +241,7 @@ final class ProcessImpl extends Process { ...@@ -235,7 +241,7 @@ final class ProcessImpl extends Process {
return false; return false;
} }
private static boolean needsEscaping(boolean isCmdFile, String arg) { private static boolean needsEscaping(int verificationType, String arg) {
// Switch off MS heuristic for internal ["]. // Switch off MS heuristic for internal ["].
// Please, use the explicit [cmd.exe] call // Please, use the explicit [cmd.exe] call
// if you need the internal ["]. // if you need the internal ["].
...@@ -243,13 +249,12 @@ final class ProcessImpl extends Process { ...@@ -243,13 +249,12 @@ final class ProcessImpl extends Process {
// For [.exe] or [.com] file the unpaired/internal ["] // For [.exe] or [.com] file the unpaired/internal ["]
// in the argument is not a problem. // in the argument is not a problem.
boolean argIsQuoted = isQuoted(isCmdFile, arg, boolean argIsQuoted = isQuoted(
"Argument has embedded quote, use the explicit CMD.EXE call."); (verificationType == VERIFICATION_CMD_BAT),
arg, "Argument has embedded quote, use the explicit CMD.EXE call.");
if (!argIsQuoted) { if (!argIsQuoted) {
char testEscape[] = isCmdFile char testEscape[] = ESCAPE_VERIFICATION[verificationType];
? CMD_BAT_ESCAPE
: WIN32_EXECUTABLE_ESCAPE;
for (int i = 0; i < testEscape.length; ++i) { for (int i = 0; i < testEscape.length; ++i) {
if (arg.indexOf(testEscape[i]) >= 0) { if (arg.indexOf(testEscape[i]) >= 0) {
return true; return true;
...@@ -315,24 +320,26 @@ final class ProcessImpl extends Process { ...@@ -315,24 +320,26 @@ final class ProcessImpl extends Process {
{ {
String cmdstr; String cmdstr;
SecurityManager security = System.getSecurityManager(); SecurityManager security = System.getSecurityManager();
boolean allowAmbigousCommands = false; boolean allowAmbiguousCommands = false;
if (security == null) { if (security == null) {
String value = System.getProperty("jdk.lang.Process.allowAmbigousCommands"); allowAmbiguousCommands = true;
String value = System.getProperty("jdk.lang.Process.allowAmbiguousCommands");
if (value != null) if (value != null)
allowAmbigousCommands = !"false".equalsIgnoreCase(value); allowAmbiguousCommands = !"false".equalsIgnoreCase(value);
} }
if (allowAmbigousCommands) { if (allowAmbiguousCommands) {
// Legacy mode. // Legacy mode.
// Normalize path if possible. // Normalize path if possible.
String executablePath = new File(cmd[0]).getPath(); String executablePath = new File(cmd[0]).getPath();
// No worry about internal and unpaired ["] . // No worry about internal, unpaired ["], and redirection/piping.
if (needsEscaping(false, executablePath) ) if (needsEscaping(VERIFICATION_LEGACY, executablePath) )
executablePath = quoteString(executablePath); executablePath = quoteString(executablePath);
cmdstr = createCommandLine( cmdstr = createCommandLine(
false, //legacy mode doesn't worry about extended verification //legacy mode doesn't worry about extended verification
VERIFICATION_LEGACY,
executablePath, executablePath,
cmd); cmd);
} else { } else {
...@@ -369,7 +376,9 @@ final class ProcessImpl extends Process { ...@@ -369,7 +376,9 @@ final class ProcessImpl extends Process {
// [.exe] extension heuristic. // [.exe] extension heuristic.
cmdstr = createCommandLine( cmdstr = createCommandLine(
// We need the extended verification procedure for CMD files. // We need the extended verification procedure for CMD files.
isShellFile(executablePath), isShellFile(executablePath)
? VERIFICATION_CMD_BAT
: VERIFICATION_WIN32,
quoteString(executablePath), quoteString(executablePath),
cmd); cmd);
} }
......
...@@ -24,15 +24,18 @@ ...@@ -24,15 +24,18 @@
/** /**
* @test * @test
* @bug 8012453 * @bug 8012453 8016046
* @run main/othervm ExecCommand * @run main/othervm ExecCommand
* @summary workaround for legacy applications with Runtime.getRuntime().exec(String command) * @summary workaround for legacy applications with Runtime.getRuntime().exec(String command)
*/ */
import java.io.BufferedWriter; import java.io.BufferedWriter;
import java.io.File; import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileWriter; import java.io.FileWriter;
import java.io.IOException; import java.io.IOException;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.security.AccessControlException; import java.security.AccessControlException;
public class ExecCommand { public class ExecCommand {
...@@ -57,16 +60,22 @@ public class ExecCommand { ...@@ -57,16 +60,22 @@ public class ExecCommand {
if ( ncmd.equals(".\\Program") if ( ncmd.equals(".\\Program")
|| ncmd.equals("\".\\Program") || ncmd.equals("\".\\Program")
|| ncmd.equals(".\\Program Files\\do.cmd") || ncmd.equals(".\\Program Files\\do.cmd")
|| ncmd.equals(".\\Program.cmd")) || ncmd.equals(".\\Program.cmd")
|| ncmd.equals("cmd"))
{ {
return; return;
} }
super.checkExec(cmd); super.checkExec(cmd);
} }
@Override public void checkDelete(String file) {}
@Override public void checkRead(String file) {}
} }
// Parameters for the Runtime.exec calls // Parameters for the Runtime.exec calls
private static final String TEST_RTE_ARG[] = { private static final String TEST_RTE_ARG[] = {
"cmd /C dir > dirOut.txt",
"cmd /C dir > \".\\Program Files\\dirOut.txt\"",
".\\Program Files\\do.cmd", ".\\Program Files\\do.cmd",
"\".\\Program Files\\doNot.cmd\" arg", "\".\\Program Files\\doNot.cmd\" arg",
"\".\\Program Files\\do.cmd\" arg", "\".\\Program Files\\do.cmd\" arg",
...@@ -83,14 +92,28 @@ public class ExecCommand { ...@@ -83,14 +92,28 @@ public class ExecCommand {
// Golden image for results // Golden image for results
private static final String TEST_RTE_GI[][] = { private static final String TEST_RTE_GI[][] = {
//Pure system | Legacy mode | Legacy mode & SM //Def Legacy mode, Enforced mode, Set Legacy mode, Set Legacy mode & SM
// [cmd /C dir > dirOut.txt]
new String[]{"Success",
"IOException", // [cmd /C dir ">" dirOut.txt] no redirection
"Success",
"IOException"}, //SM - no legacy mode, bad command
// [cmd /C dir > ".\Program Files\dirOut.txt"]
new String[]{"Success",
"IOException", // [cmd /C dir ">" ".\Program Files\dirOut.txt"] no redirection
"Success",
"IOException"}, //SM - no legacy mode, bad command
// [.\Program File\do.cmd] // [.\Program File\do.cmd]
new String[]{"IOException", // [.\Program] not found new String[]{"Success",
"IOException", // [.\Program] not found
"Success", "Success",
"IOException"}, //SM - no legacy mode [.\Program] - OK "IOException"}, //SM - no legacy mode [.\Program] - OK
// [".\Program File\doNot.cmd" arg] // [".\Program File\doNot.cmd" arg]
new String[]{"Success", new String[]{"Success",
"Success",
"Success", "Success",
"AccessControlException"}, //SM - [".\Program] - OK, "AccessControlException"}, //SM - [".\Program] - OK,
// [.\\Program Files\\doNot.cmd] - Fail // [.\\Program Files\\doNot.cmd] - Fail
...@@ -98,15 +121,28 @@ public class ExecCommand { ...@@ -98,15 +121,28 @@ public class ExecCommand {
// [".\Program File\do.cmd" arg] // [".\Program File\do.cmd" arg]
// AccessControlException // AccessControlException
new String[]{"Success", new String[]{"Success",
"Success",
"Success", "Success",
"Success"}, //SM - [".\Program] - OK, "Success"}, //SM - [".\Program] - OK,
// [.\\Program Files\\do.cmd] - OK // [.\\Program Files\\do.cmd] - OK
// compatibility // compatibility
new String[]{"Success", "Success", "Success"}, //[".\Program.cmd"] new String[]{"Success", "Success", "Success", "Success"}, //[".\Program.cmd"]
new String[]{"Success", "Success", "Success"} //[.\Program.cmd] new String[]{"Success", "Success", "Success", "Success"} //[.\Program.cmd]
}; };
private static void deleteOut(String path) {
try {
Files.delete(FileSystems.getDefault().getPath(path));
} catch (IOException ex) {
//that is OK
}
}
private static void checkOut(String path) throws FileNotFoundException {
if (Files.notExists(FileSystems.getDefault().getPath(path)))
throw new FileNotFoundException(path);
}
public static void main(String[] _args) throws Exception { public static void main(String[] _args) throws Exception {
if (!System.getProperty("os.name").startsWith("Windows")) { if (!System.getProperty("os.name").startsWith("Windows")) {
return; return;
...@@ -126,20 +162,51 @@ public class ExecCommand { ...@@ -126,20 +162,51 @@ public class ExecCommand {
} }
// action // action
for (int k = 0; k < 3; ++k) { for (int k = 0; k < 4; ++k) {
switch (k) { switch (k) {
case 0:
// the "jdk.lang.Process.allowAmbiguousCommands" is undefined
// "true" by default with the legacy verification procedure
break;
case 1: case 1:
System.setProperty("jdk.lang.Process.allowAmbigousCommands", ""); System.setProperty("jdk.lang.Process.allowAmbiguousCommands", "false");
break; break;
case 2: case 2:
System.setProperty("jdk.lang.Process.allowAmbiguousCommands", "");
break;
case 3:
System.setSecurityManager( new SecurityMan() ); System.setSecurityManager( new SecurityMan() );
break; break;
} }
for (int i = 0; i < TEST_RTE_ARG.length; ++i) { for (int i = 0; i < TEST_RTE_ARG.length; ++i) {
String outRes; String outRes;
try { try {
// tear up
switch (i) {
case 0:
// [cmd /C dir > dirOut.txt]
deleteOut(".\\dirOut.txt");
break;
case 1:
// [cmd /C dir > ".\Program Files\dirOut.txt"]
deleteOut(".\\Program Files\\dirOut.txt");
break;
}
Process exec = Runtime.getRuntime().exec(TEST_RTE_ARG[i]); Process exec = Runtime.getRuntime().exec(TEST_RTE_ARG[i]);
exec.waitFor(); exec.waitFor();
//exteded check
switch (i) {
case 0:
// [cmd /C dir > dirOut.txt]
checkOut(".\\dirOut.txt");
break;
case 1:
// [cmd /C dir > ".\Program Files\dirOut.txt"]
checkOut(".\\Program Files\\dirOut.txt");
break;
}
outRes = "Success"; outRes = "Success";
} catch (IOException ioe) { } catch (IOException ioe) {
outRes = "IOException: " + ioe.getMessage(); outRes = "IOException: " + ioe.getMessage();
...@@ -150,8 +217,8 @@ public class ExecCommand { ...@@ -150,8 +217,8 @@ public class ExecCommand {
} }
if (!outRes.startsWith(TEST_RTE_GI[i][k])) { if (!outRes.startsWith(TEST_RTE_GI[i][k])) {
throw new Error("Unexpected output! Step" + k + "" + i throw new Error("Unexpected output! Step" + k + ":" + i
+ " \nArgument: " + TEST_RTE_ARG[i] + "\nArgument: " + TEST_RTE_ARG[i]
+ "\nExpected: " + TEST_RTE_GI[i][k] + "\nExpected: " + TEST_RTE_GI[i][k]
+ "\n Output: " + outRes); + "\n Output: " + outRes);
} else { } else {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册