提交 2ddfb21a 编写于 作者: M michaelm

6893954: Subclasses of InetAddress may incorrectly interpret network addresses

Summary: runtime type checks and deserialization check
Reviewed-by: chegar, alanb, jccollet
上级 b60150ca
...@@ -118,6 +118,7 @@ class DatagramSocket implements java.io.Closeable { ...@@ -118,6 +118,7 @@ class DatagramSocket implements java.io.Closeable {
if (address == null) { if (address == null) {
throw new IllegalArgumentException("connect: null address"); throw new IllegalArgumentException("connect: null address");
} }
checkAddress (address, "connect");
if (isClosed()) if (isClosed())
return; return;
SecurityManager security = System.getSecurityManager(); SecurityManager security = System.getSecurityManager();
...@@ -363,13 +364,15 @@ class DatagramSocket implements java.io.Closeable { ...@@ -363,13 +364,15 @@ class DatagramSocket implements java.io.Closeable {
InetSocketAddress epoint = (InetSocketAddress) addr; InetSocketAddress epoint = (InetSocketAddress) addr;
if (epoint.isUnresolved()) if (epoint.isUnresolved())
throw new SocketException("Unresolved address"); throw new SocketException("Unresolved address");
InetAddress iaddr = epoint.getAddress();
int port = epoint.getPort();
checkAddress(iaddr, "bind");
SecurityManager sec = System.getSecurityManager(); SecurityManager sec = System.getSecurityManager();
if (sec != null) { if (sec != null) {
sec.checkListen(epoint.getPort()); sec.checkListen(port);
} }
try { try {
getImpl().bind(epoint.getPort(), getImpl().bind(port, iaddr);
epoint.getAddress());
} catch (SocketException e) { } catch (SocketException e) {
getImpl().close(); getImpl().close();
throw e; throw e;
...@@ -377,6 +380,15 @@ class DatagramSocket implements java.io.Closeable { ...@@ -377,6 +380,15 @@ class DatagramSocket implements java.io.Closeable {
bound = true; bound = true;
} }
void checkAddress (InetAddress addr, String op) {
if (addr == null) {
return;
}
if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
throw new IllegalArgumentException(op + ": invalid address type");
}
}
/** /**
* Connects the socket to a remote address for this socket. When a * Connects the socket to a remote address for this socket. When a
* socket is connected to a remote address, packets may only be * socket is connected to a remote address, packets may only be
...@@ -603,6 +615,7 @@ class DatagramSocket implements java.io.Closeable { ...@@ -603,6 +615,7 @@ class DatagramSocket implements java.io.Closeable {
synchronized (p) { synchronized (p) {
if (isClosed()) if (isClosed())
throw new SocketException("Socket is closed"); throw new SocketException("Socket is closed");
checkAddress (p.getAddress(), "send");
if (connectState == ST_NOT_CONNECTED) { if (connectState == ST_NOT_CONNECTED) {
// check the address is ok wiht the security manager on every send. // check the address is ok wiht the security manager on every send.
SecurityManager security = System.getSecurityManager(); SecurityManager security = System.getSecurityManager();
......
...@@ -35,6 +35,7 @@ import java.util.ArrayList; ...@@ -35,6 +35,7 @@ import java.util.ArrayList;
import java.security.AccessController; import java.security.AccessController;
import java.io.ObjectStreamException; import java.io.ObjectStreamException;
import java.io.IOException; import java.io.IOException;
import java.io.ObjectInputStream;
import sun.security.action.*; import sun.security.action.*;
import sun.net.InetAddressCachePolicy; import sun.net.InetAddressCachePolicy;
import sun.net.util.IPAddressUtil; import sun.net.util.IPAddressUtil;
...@@ -1472,6 +1473,23 @@ class InetAddress implements java.io.Serializable { ...@@ -1472,6 +1473,23 @@ class InetAddress implements java.io.Serializable {
return impl; return impl;
} }
private void readObjectNoData (ObjectInputStream s) throws
IOException, ClassNotFoundException {
if (getClass().getClassLoader() != null) {
throw new SecurityException ("invalid address type");
}
}
private void readObject (ObjectInputStream s) throws
IOException, ClassNotFoundException {
s.defaultReadObject ();
if (getClass().getClassLoader() != null) {
hostName = null;
address = 0;
throw new SecurityException ("invalid address type");
}
}
} }
/* /*
......
...@@ -289,6 +289,7 @@ class MulticastSocket extends DatagramSocket { ...@@ -289,6 +289,7 @@ class MulticastSocket extends DatagramSocket {
throw new SocketException("Socket is closed"); throw new SocketException("Socket is closed");
} }
checkAddress(mcastaddr, "joinGroup");
SecurityManager security = System.getSecurityManager(); SecurityManager security = System.getSecurityManager();
if (security != null) { if (security != null) {
security.checkMulticast(mcastaddr); security.checkMulticast(mcastaddr);
...@@ -323,6 +324,7 @@ class MulticastSocket extends DatagramSocket { ...@@ -323,6 +324,7 @@ class MulticastSocket extends DatagramSocket {
throw new SocketException("Socket is closed"); throw new SocketException("Socket is closed");
} }
checkAddress(mcastaddr, "leaveGroup");
SecurityManager security = System.getSecurityManager(); SecurityManager security = System.getSecurityManager();
if (security != null) { if (security != null) {
security.checkMulticast(mcastaddr); security.checkMulticast(mcastaddr);
...@@ -370,6 +372,7 @@ class MulticastSocket extends DatagramSocket { ...@@ -370,6 +372,7 @@ class MulticastSocket extends DatagramSocket {
if (oldImpl) if (oldImpl)
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "joinGroup");
SecurityManager security = System.getSecurityManager(); SecurityManager security = System.getSecurityManager();
if (security != null) { if (security != null) {
security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress()); security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress());
...@@ -416,6 +419,7 @@ class MulticastSocket extends DatagramSocket { ...@@ -416,6 +419,7 @@ class MulticastSocket extends DatagramSocket {
if (oldImpl) if (oldImpl)
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "leaveGroup");
SecurityManager security = System.getSecurityManager(); SecurityManager security = System.getSecurityManager();
if (security != null) { if (security != null) {
security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress()); security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress());
...@@ -441,6 +445,7 @@ class MulticastSocket extends DatagramSocket { ...@@ -441,6 +445,7 @@ class MulticastSocket extends DatagramSocket {
if (isClosed()) { if (isClosed()) {
throw new SocketException("Socket is closed"); throw new SocketException("Socket is closed");
} }
checkAddress(inf, "setInterface");
synchronized (infLock) { synchronized (infLock) {
getImpl().setOption(SocketOptions.IP_MULTICAST_IF, inf); getImpl().setOption(SocketOptions.IP_MULTICAST_IF, inf);
infAddress = inf; infAddress = inf;
...@@ -632,6 +637,7 @@ class MulticastSocket extends DatagramSocket { ...@@ -632,6 +637,7 @@ class MulticastSocket extends DatagramSocket {
throws IOException { throws IOException {
if (isClosed()) if (isClosed())
throw new SocketException("Socket is closed"); throw new SocketException("Socket is closed");
checkAddress(p.getAddress(), "send");
synchronized(ttlLock) { synchronized(ttlLock) {
synchronized(p) { synchronized(p) {
if (connectState == ST_NOT_CONNECTED) { if (connectState == ST_NOT_CONNECTED) {
......
...@@ -290,8 +290,12 @@ public final class NetworkInterface { ...@@ -290,8 +290,12 @@ public final class NetworkInterface {
* If the specified address is <tt>null</tt>. * If the specified address is <tt>null</tt>.
*/ */
public static NetworkInterface getByInetAddress(InetAddress addr) throws SocketException { public static NetworkInterface getByInetAddress(InetAddress addr) throws SocketException {
if (addr == null) if (addr == null) {
throw new NullPointerException(); throw new NullPointerException();
}
if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
throw new IllegalArgumentException ("invalid address type");
}
return getByInetAddress0(addr); return getByInetAddress0(addr);
} }
......
...@@ -122,6 +122,9 @@ class Socket implements java.io.Closeable { ...@@ -122,6 +122,9 @@ class Socket implements java.io.Closeable {
if (p.type() == Proxy.Type.SOCKS) { if (p.type() == Proxy.Type.SOCKS) {
SecurityManager security = System.getSecurityManager(); SecurityManager security = System.getSecurityManager();
InetSocketAddress epoint = (InetSocketAddress) p.address(); InetSocketAddress epoint = (InetSocketAddress) p.address();
if (epoint.getAddress() != null) {
checkAddress (epoint.getAddress(), "Socket");
}
if (security != null) { if (security != null) {
if (epoint.isUnresolved()) if (epoint.isUnresolved())
security.checkConnect(epoint.getHostName(), security.checkConnect(epoint.getHostName(),
...@@ -558,15 +561,16 @@ class Socket implements java.io.Closeable { ...@@ -558,15 +561,16 @@ class Socket implements java.io.Closeable {
throw new IllegalArgumentException("Unsupported address type"); throw new IllegalArgumentException("Unsupported address type");
InetSocketAddress epoint = (InetSocketAddress) endpoint; InetSocketAddress epoint = (InetSocketAddress) endpoint;
InetAddress addr = epoint.getAddress ();
int port = epoint.getPort();
checkAddress(addr, "connect");
SecurityManager security = System.getSecurityManager(); SecurityManager security = System.getSecurityManager();
if (security != null) { if (security != null) {
if (epoint.isUnresolved()) if (epoint.isUnresolved())
security.checkConnect(epoint.getHostName(), security.checkConnect(epoint.getHostName(), port);
epoint.getPort());
else else
security.checkConnect(epoint.getAddress().getHostAddress(), security.checkConnect(addr.getHostAddress(), port);
epoint.getPort());
} }
if (!created) if (!created)
createImpl(true); createImpl(true);
...@@ -574,10 +578,9 @@ class Socket implements java.io.Closeable { ...@@ -574,10 +578,9 @@ class Socket implements java.io.Closeable {
impl.connect(epoint, timeout); impl.connect(epoint, timeout);
else if (timeout == 0) { else if (timeout == 0) {
if (epoint.isUnresolved()) if (epoint.isUnresolved())
impl.connect(epoint.getAddress().getHostName(), impl.connect(addr.getHostName(), port);
epoint.getPort());
else else
impl.connect(epoint.getAddress(), epoint.getPort()); impl.connect(addr, port);
} else } else
throw new UnsupportedOperationException("SocketImpl.connect(addr, timeout)"); throw new UnsupportedOperationException("SocketImpl.connect(addr, timeout)");
connected = true; connected = true;
...@@ -614,14 +617,25 @@ class Socket implements java.io.Closeable { ...@@ -614,14 +617,25 @@ class Socket implements java.io.Closeable {
InetSocketAddress epoint = (InetSocketAddress) bindpoint; InetSocketAddress epoint = (InetSocketAddress) bindpoint;
if (epoint != null && epoint.isUnresolved()) if (epoint != null && epoint.isUnresolved())
throw new SocketException("Unresolved address"); throw new SocketException("Unresolved address");
if (bindpoint == null) if (epoint == null) {
getImpl().bind(InetAddress.anyLocalAddress(), 0); epoint = new InetSocketAddress(0);
else }
getImpl().bind(epoint.getAddress(), InetAddress addr = epoint.getAddress();
epoint.getPort()); int port = epoint.getPort();
checkAddress (addr, "bind");
getImpl().bind (addr, port);
bound = true; bound = true;
} }
private void checkAddress (InetAddress addr, String op) {
if (addr == null) {
return;
}
if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
throw new IllegalArgumentException(op + ": invalid address type");
}
}
/** /**
* set the flags after an accept() call. * set the flags after an accept() call.
*/ */
......
...@@ -68,6 +68,9 @@ class Net { // package-private ...@@ -68,6 +68,9 @@ class Net { // package-private
InetSocketAddress isa = (InetSocketAddress)sa; InetSocketAddress isa = (InetSocketAddress)sa;
if (isa.isUnresolved()) if (isa.isUnresolved())
throw new UnresolvedAddressException(); // ## needs arg throw new UnresolvedAddressException(); // ## needs arg
InetAddress addr = isa.getAddress();
if (!(addr instanceof Inet4Address || addr instanceof Inet6Address))
throw new IllegalArgumentException("Invalid address type");
return isa; return isa;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册