Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 5a0c7e18 编写于 作者: C coffeys
浏览文件
操作

Merge

上级 5c003d46 6088f409
隐藏空白更改
内联 并排
Showing with 938 addition and 270 deletion
.hgtags
浏览文件 @ 5a0c7e18
......@@ -312,6 +312,8 @@ be30cb2a3088f2b7b334b499f7eddbd5312312a7 jdk8u20-b23
dfb9f24d56b51e5a2ca26e77fc69a2464d51a4d3 jdk8u20-b24
dfb9f24d56b51e5a2ca26e77fc69a2464d51a4d3 jdk8u20-b25
dd229c5f57bff4e75a70908294a13072b9a48385 jdk8u20-b26
684a13a7d2ccc91d2ad709ecad1fddbcc992ee5a jdk8u20-b31
eb459e6ac74a7db7b49393e470d04b6d854dfa89 jdk8u20-b32
abca9f6f1a10e9f91b2538bbe7870f54f550d986 jdk8u25-b00
7d0627679c9fdeaaaa9fe15c7cc11af0763621ec jdk8u25-b01
b0277ec994b751ebb761814675352506cd56bcd6 jdk8u25-b02
......@@ -334,6 +336,21 @@ f07bc5dab84c67f5d1dccbab318ee1c5485c852d jdk8u25-b16
d067890f970f3a712f870f6311d20f3359b6eaf0 jdk8u25-b16
67b22a82345bfa1ae1492679bdf3c4d54f4eacde jdk8u25-b17
a4e88eaf15ea0569f3275a807a976fe0e04a086c jdk8u25-b18
556c79ef8a1d2fa38f79b3d3e102e80e0b0c9731 jdk8u25-b31
f935349e2c065487c745bc41f81ddc7869bd2d2d jdk8u31-b00
caebf6158e9d522df41a2c89a1602e5013bac401 jdk8u31-b01
b1cef4d76664564732004cf3aedb0cbaa1972683 jdk8u31-b02
649c7ba692012fd93c532fea133cf14785674387 jdk8u31-b03
ab6aa5ee3897ebfe4a04722a594fb2cecd6f3bef jdk8u31-b04
1e79baf89075967bddc64921d2680d8c1123f654 jdk8u31-b05
b6aeaae6dd9d3a17564130af142b4734c643267e jdk8u31-b06
34a484abc5d5391623294743d15e234a99d04dd7 jdk8u31-b07
ca1adc7c848370dda8dbf9e3a970c3e6427fb05b jdk8u31-b08
1c0cc3bbe07d52906d7ffbb72fa4733c327f1326 jdk8u31-b09
291505d802d9075e227f9ee865a67234e1d737cf jdk8u31-b10
a21dd7999d1e4ba612c951c2c78504d23eb7243a jdk8u31-b11
6a12f34816d2ee12368274fc21225384a8893426 jdk8u31-b12
1fbdd5d80d0671decd8acb5adb64866f609e986f jdk8u31-b13
e6ed015afbbf3459ba3297e270b4f3170e989c80 jdk8u40-b00
6e223d48080ef40f4ec11ecbcd19b4a20813b9eb jdk8u40-b01
4797cd0713b44b009525f1276d571ade7e24f3f5 jdk8u40-b02
......@@ -354,4 +371,6 @@ ffc348308de2e872f5d510d440604c3726a67a18 jdk8u40-b14
fc4f5546417071c70cffd89ca83302309f6f7da9 jdk8u40-b17
20a3e2135e0867e55af72f0c66a3de558bc613e2 jdk8u40-b18
5c31204d19e5976f025026db3d5c17331e8c44db jdk8u40-b19
7784dab075ed82be2275f4694164bbb9cc1cde3f jdk8u40-b20
564bca490631e4ed4f7993e6633ed9ee62067624 jdk8u40-b21
5c31204d19e5976f025026db3d5c17331e8c44db jdk8u60-b00
src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java
浏览文件 @ 5a0c7e18
......@@ -1067,16 +1067,9 @@ public class WindowsFileChooserUI extends BasicFileChooserUI {
directories.clear();
File[] baseFolders;
if (useShellFolder) {
baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
public File[] run() {
return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
}
});
} else {
baseFolders = fsv.getRoots();
}
File[] baseFolders = (useShellFolder)
? (File[]) ShellFolder.get("fileChooserComboBoxFolders")
: fsv.getRoots();
directories.addAll(Arrays.asList(baseFolders));
// Get the canonical (full) path. This has the side
......
src/share/classes/com/sun/jndi/ldap/BerDecoder.java
浏览文件 @ 5a0c7e18
......@@ -95,6 +95,9 @@ public final class BerDecoder extends Ber {
for( int i = 0; i < lengthbyte; i++) {
retval = (retval << 8) + (buf[offset++] & 0xff);
}
if (retval < 0) {
throw new DecodeException("Invalid length bytes");
}
return retval;
} else {
return lengthbyte;
......
src/share/classes/java/lang/ClassLoader.java
浏览文件 @ 5a0c7e18
......@@ -1365,7 +1365,10 @@ public abstract class ClassLoader {
return null;
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkClassLoaderPermission(this, Reflection.getCallerClass());
// Check access to the parent class loader
// If the caller's class loader is same as this class loader,
// permission check is performed.
checkClassLoaderPermission(parent, Reflection.getCallerClass());
}
return parent;
}
......@@ -1508,6 +1511,11 @@ public abstract class ClassLoader {
return caller.getClassLoader0();
}
/*
* Checks RuntimePermission("getClassLoader") permission
* if caller's class loader is not null and caller's class loader
* is not the same as or an ancestor of the given cl argument.
*/
static void checkClassLoaderPermission(ClassLoader cl, Class<?> caller) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
......
src/share/classes/java/net/MulticastSocket.java
浏览文件 @ 5a0c7e18
/*
* Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -569,7 +569,7 @@ class MulticastSocket extends DatagramSocket {
public NetworkInterface getNetworkInterface() throws SocketException {
NetworkInterface ni
= (NetworkInterface)getImpl().getOption(SocketOptions.IP_MULTICAST_IF2);
if (ni.getIndex() == 0) {
if ((ni.getIndex() == 0) || (ni.getIndex() == -1)) {
InetAddress[] addrs = new InetAddress[1];
addrs[0] = InetAddress.anyLocalAddress();
return new NetworkInterface(addrs[0].getHostName(), 0, addrs);
......
src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java
浏览文件 @ 5a0c7e18
......@@ -941,16 +941,9 @@ public class MetalFileChooserUI extends BasicFileChooserUI {
directories.clear();
File[] baseFolders;
if (useShellFolder) {
baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
public File[] run() {
return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
}
});
} else {
baseFolders = fsv.getRoots();
}
File[] baseFolders = (useShellFolder)
? (File[]) ShellFolder.get("fileChooserComboBoxFolders")
: fsv.getRoots();
directories.addAll(Arrays.asList(baseFolders));
// Get the canonical (full) path. This has the side
......
src/share/classes/sun/launcher/resources/launcher_de.properties
浏览文件 @ 5a0c7e18
......@@ -34,7 +34,7 @@ java.launcher.ergo.message1 =\ Die Standard-VM ist {0}
java.launcher.ergo.message2 =\ weil die Ausf\u00FChrung auf einem Server-Class-Rechner erfolgt.\n
# Translators please note do not translate the options themselves
java.launcher.opt.footer =\ -cp <Klassensuchpfad von Verzeichnissen und ZIP-/JAR-Dateien>\n -classpath <Klassensuchpfad von Verzeichnissen und ZIP-/JAR-Dateien>\n Eine durch {0} getrennte Liste mit Verzeichnissen, JAR-Archiven\n und ZIP-Archiven zur Suche nach Klassendateien.\n -D<name>=<value>\n Legt eine Systemeigenschaft fest\n -verbose:[class|gc|jni]\n Aktiviert die Verbose-Ausgabe\n -version Druckt Produktversion und beendet das Programm\n -version:<value>\n Erfordert die angegebene Version zur Ausf\u00FChrung\n -showversion Druckt Produktversion und f\u00E4hrt fort\n -jre-restrict-search | -no-jre-restrict-search\n Bezieht private JREs des Benutzers in Versionssuche ein bzw. schlie\u00DFt sie aus\n -? -help Druckt diese Hilfemeldung\n -X Druckt Hilfe zu Nicht-Standardoptionen\n -ea[:<packagename>...|:<classname>]\n -enableassertions[:<packagename>...|:<classname>]\n Aktiviert Assertionen mit angegebener Granularit\u00E4t\n -da[:<packagename>...|:<classname>]\n -disableassertions[:<packagename>...|:<classname>]\n Deaktiviert Assertionen mit angegebener Granularit\u00E4t\n -esa | -enablesystemassertions\n Aktiviert Systemassertionen\n -dsa | -disablesystemassertions\n Deaktiviert Systemassertionen\n -agentlib:<libname>[=<options>]\n L\u00E4dt native Agent Library <libname>, z.B. -agentlib:hprof\n siehe auch -agentlib:jdwp=help und -agentlib:hprof=help\n -agentpath:<pathname>[=<options>]\n L\u00E4dt native Agent Library nach vollem Pfadnamen\n -javaagent:<jarpath>[=<options>]\n L\u00E4dt Java-Programmiersprachen-Agent, siehe java.lang.instrument\n -splash:<imagepath>\n Zeigt Startbildschirm mit angegebenem Bild\nWeitere Einzelheiten finden Sie unter http://www.oracle.com/technetwork/java/javase/documentation/index.html
java.launcher.opt.footer =\ -cp <Klassensuchpfad von Verzeichnissen und ZIP-/JAR-Dateien>\n -classpath <Klassensuchpfad von Verzeichnissen und ZIP-/JAR-Dateien>\n Eine durch {0} getrennte Liste mit Verzeichnissen, JAR-Archiven\n und ZIP-Archiven zur Suche nach Klassendateien.\n -D<name>=<value>\n Legt eine Systemeigenschaft fest\n -verbose:[class|gc|jni]\n Aktiviert die Verbose-Ausgabe\n -version Druckt Produktversion und beendet das Programm\n -version:<value>\n Erfordert die angegebene Version zur Ausf\u00FChrung\n -showversion Druckt Produktversion und f\u00E4hrt fort\n -jre-restrict-search | -no-jre-restrict-search\n Bezieht private JREs des Benutzers in Versionssuche ein bzw. schlie\u00DFt sie aus\n -? -help Druckt diese Hilfemeldung\n -X Druckt Hilfe zu Nicht-Standardoptionen\n -ea[:<packagename>...|:<classname>]\n -enableassertions[:<packagename>...|:<classname>]\n Aktiviert Assertions mit angegebener Granularit\u00E4t\n -da[:<packagename>...|:<classname>]\n -disableassertions[:<packagename>...|:<classname>]\n Deaktiviert Assertions mit angegebener Granularit\u00E4t\n -esa | -enablesystemassertions\n Aktiviert Systemassertionen\n -dsa | -disablesystemassertions\n Deaktiviert Systemassertionen\n -agentlib:<libname>[=<options>]\n L\u00E4dt native Agent Library <libname>, z.B. -agentlib:hprof\n siehe auch -agentlib:jdwp=help und -agentlib:hprof=help\n -agentpath:<pathname>[=<options>]\n L\u00E4dt native Agent Library nach vollem Pfadnamen\n -javaagent:<jarpath>[=<options>]\n L\u00E4dt Java-Programmiersprachen-Agent, siehe java.lang.instrument\n -splash:<imagepath>\n Zeigt Startbildschirm mit angegebenem Bild\nWeitere Einzelheiten finden Sie unter http://www.oracle.com/technetwork/java/javase/documentation/index.html
# Translators please note do not translate the options themselves
java.launcher.X.usage=\ -Xmixed Ausf\u00FChrung im gemischten Modus (Standard)\n -Xint Nur Ausf\u00FChrung im interpretierten Modus\n -Xbootclasspath:<Verzeichnisse und ZIP-/JAR-Dateien durch {0} getrennt>\n Legt Suchpfad f\u00FCr Bootstrap-Klassen und Ressourcen fest\n -Xbootclasspath/a:<Verzeichnisse und ZIP-/JAR-Dateien durch {0} getrennt>\n H\u00E4ngt an das Ende des Bootstrap Classpath an\n -Xbootclasspath/p:<Verzeichnisse und ZIP-/JAR-Dateien durch {0} getrennt>\n Stellt Bootstrap Classpath voran\n -Xdiag Zeigt zus\u00E4tzliche Diagnosemeldungen an\n -Xnoclassgc Deaktiviert Klassen-Garbage Collection\n -Xincgc Aktiviert inkrementelle Garbage Collection\n -Xloggc:<file> Loggt GC-Status in einer Datei mit Zeitstempeln\n -Xbatch Deaktiviert Hintergrundkompilierung\n -Xms<size> Legt anf\u00E4ngliche Java Heap-Gr\u00F6\u00DFe fest\n -Xmx<size> Legt maximale Java Heap-Gr\u00F6\u00DFe fest\n -Xss<size> Legt Java-Threadstackgr\u00F6\u00DFe fest\n -Xprof Gibt CPU-Profiling-Daten aus\n -Xfuture Aktiviert strengste Pr\u00FCfungen, antizipiert zuk\u00FCnftigen Standardwert\n -Xrs Reduziert Verwendung von BS-Signalen durch Java/VM (siehe Dokumentation)\n -Xcheck:jni F\u00FChrt zus\u00E4tzliche Pr\u00FCfungen f\u00FCr JNI-Funktionen durch\n -Xshare:off Kein Versuch, gemeinsame Klassendaten zu verwenden\n -Xshare:auto Verwendet gemeinsame Klassendaten, wenn m\u00F6glich (Standard)\n -Xshare:on Erfordert die Verwendung gemeinsamer Klassendaten, sonst verl\u00E4uft der Vorgang nicht erfolgreich.\n -XshowSettings Zeigt alle Einstellungen und f\u00E4hrt fort\n -XshowSettings:all\n Zeigt alle Einstellungen und f\u00E4hrt fort\n -XshowSettings:vm Zeigt alle VM-bezogenen Einstellungen und f\u00E4hrt fort\n -XshowSettings:properties\n Zeigt alle Eigenschaftseinstellungen und f\u00E4hrt fort\n -XshowSettings:locale\n Zeigt alle gebietsschemabezogenen Einstellungen und f\u00E4hrt fort\n\nDie -X-Optionen sind keine Standardoptionen und k\u00F6nnen ohne Vorank\u00FCndigung ge\u00E4ndert werden.\n
......
src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
浏览文件 @ 5a0c7e18
......@@ -336,6 +336,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
/* try auth without calling Authenticator. Used for transparent NTLM authentication */
private boolean tryTransparentNTLMServer = true;
private boolean tryTransparentNTLMProxy = true;
private boolean useProxyResponseCode = false;
/* Used by Windows specific code */
private Object authObj;
......@@ -2243,6 +2244,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if (tryTransparentNTLMProxy) {
tryTransparentNTLMProxy =
NTLMAuthenticationProxy.supportsTransparentAuth;
/* If the platform supports transparent authentication
* then normally it's ok to do transparent auth to a proxy
* because we generally trust proxies (chosen by the user)
* But not in the case of 305 response where the server
* chose it. */
if (tryTransparentNTLMProxy && useProxyResponseCode) {
tryTransparentNTLMProxy = false;
}
}
a = null;
if (tryTransparentNTLMProxy) {
......@@ -2614,6 +2623,10 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
requests.set(0, method + " " + getRequestURI()+" " +
httpVersion, null);
connected = true;
// need to remember this in case NTLM proxy authentication gets
// used. We can't use transparent authentication when user
// doesn't know about proxy.
useProxyResponseCode = true;
} else {
// maintain previous headers, just change the name
// of the file we're getting
......
src/share/classes/sun/rmi/transport/Transport.java
浏览文件 @ 5a0c7e18
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -37,6 +37,10 @@ import java.rmi.server.RemoteCall;
import java.rmi.server.RemoteServer;
import java.rmi.server.ServerNotActiveException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import sun.rmi.runtime.Log;
import sun.rmi.server.Dispatcher;
import sun.rmi.server.UnicastServerRef;
......@@ -68,6 +72,15 @@ public abstract class Transport {
/** ObjID for DGCImpl */
private static final ObjID dgcID = new ObjID(ObjID.DGC_ID);
/** AccessControlContext for setting context ClassLoader */
private static final AccessControlContext SETCCL_ACC;
static {
Permissions perms = new Permissions();
perms.add(new RuntimePermission("setContextClassLoader"));
ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
SETCCL_ACC = new AccessControlContext(pd);
}
/**
* Returns a <I>Channel</I> that generates connections to the
* endpoint <I>ep</I>. A Channel is an object that creates and
......@@ -116,6 +129,16 @@ public abstract class Transport {
*/
protected abstract void checkAcceptPermission(AccessControlContext acc);
/**
* Sets the context class loader for the current thread.
*/
private static void setContextClassLoader(ClassLoader ccl) {
AccessController.doPrivileged((PrivilegedAction<Void>)() -> {
Thread.currentThread().setContextClassLoader(ccl);
return null;
}, SETCCL_ACC);
}
/**
* Service an incoming remote call. When a message arrives on the
* connection indicating the beginning of a remote call, the
......@@ -164,11 +187,10 @@ public abstract class Transport {
target.getAccessControlContext();
ClassLoader ccl = target.getContextClassLoader();
Thread t = Thread.currentThread();
ClassLoader savedCcl = t.getContextClassLoader();
ClassLoader savedCcl = Thread.currentThread().getContextClassLoader();
try {
t.setContextClassLoader(ccl);
setContextClassLoader(ccl);
currentTransport.set(this);
try {
java.security.AccessController.doPrivileged(
......@@ -183,7 +205,7 @@ public abstract class Transport {
throw (IOException) pae.getException();
}
} finally {
t.setContextClassLoader(savedCcl);
setContextClassLoader(savedCcl);
currentTransport.set(null);
}
......
src/share/classes/sun/rmi/transport/tcp/TCPTransport.java
浏览文件 @ 5a0c7e18
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -49,6 +49,9 @@ import java.rmi.server.ServerNotActiveException;
import java.rmi.server.UID;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
......@@ -123,6 +126,14 @@ public class TCPTransport extends Transport {
private static final ThreadLocal<ConnectionHandler>
threadConnectionHandler = new ThreadLocal<>();
/** an AccessControlContext with no permissions */
private static final AccessControlContext NOPERMS_ACC;
static {
Permissions perms = new Permissions();
ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
NOPERMS_ACC = new AccessControlContext(pd);
}
/** endpoints for this transport */
private final LinkedList<TCPEndpoint> epList;
/** number of objects exported on this transport */
......@@ -668,7 +679,10 @@ public class TCPTransport extends Transport {
t.setName("RMI TCP Connection(" +
connectionCount.incrementAndGet() +
")-" + remoteHost);
run0();
AccessController.doPrivileged((PrivilegedAction<Void>)() -> {
run0();
return null;
}, NOPERMS_ACC);
} finally {
t.setName(name);
}
......
src/share/classes/sun/security/jgss/GSSHeader.java
浏览文件 @ 5a0c7e18
......@@ -270,6 +270,9 @@ public class GSSHeader {
value <<= 8;
value += 0x0ff & in.read();
}
if (value < 0) {
throw new IOException("Invalid length bytes");
}
}
return value;
}
......
src/share/classes/sun/security/jgss/GSSNameImpl.java
浏览文件 @ 5a0c7e18
......@@ -257,10 +257,10 @@ public class GSSNameImpl implements GSSName {
((0xFF & bytes[pos++]) << 16) |
((0xFF & bytes[pos++]) << 8) |
(0xFF & bytes[pos++]));
if (pos > bytes.length - mechPortionLen) {
throw new GSSExceptionImpl(GSSException.BAD_NAME,
"Exported name mech name is corrupted!");
}
if (mechPortionLen < 0 || pos > bytes.length - mechPortionLen) {
throw new GSSExceptionImpl(GSSException.BAD_NAME,
"Exported name mech name is corrupted!");
}
byte[] mechPortion = new byte[mechPortionLen];
System.arraycopy(bytes, pos, mechPortion, 0, mechPortionLen);
......
src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
浏览文件 @ 5a0c7e18
......@@ -233,6 +233,9 @@ public class GSSNameElement implements GSSNameSpi {
((0xFF & nameVal[pos++]) << 16) |
((0xFF & nameVal[pos++]) << 8) |
(0xFF & nameVal[pos++]));
if (mechPortionLen < 0) {
throw new GSSException(GSSException.BAD_NAME);
}
byte[] mechPortion = new byte[mechPortionLen];
System.arraycopy(nameVal, pos, mechPortion, 0, mechPortionLen);
return mechPortion;
......
src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
浏览文件 @ 5a0c7e18
......@@ -118,7 +118,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
} else {
type = read(4);
}
length = read(4);
length = readLength4();
List<String> result = new ArrayList<String>();
/*
* DCE includes the principal's realm in the count; the new format
......@@ -127,7 +127,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
if (version == KRB5_FCC_FVNO_1)
length--;
for (int i = 0; i <= length; i++) {
namelength = read(4);
namelength = readLength4();
byte[] bytes = IOUtils.readFully(this, namelength, true);
result.add(new String(bytes));
}
......@@ -184,7 +184,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
keyType = read(2);
if (version == KRB5_FCC_FVNO_3)
read(2); /* keytype recorded twice in fvno 3 */
keyLen = read(4);
keyLen = readLength4();
byte[] bytes = IOUtils.readFully(this, keyLen, true);
return new EncryptionKey(bytes, keyType, new Integer(version));
}
......@@ -207,12 +207,12 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
HostAddress[] readAddr() throws IOException, KrbApErrException {
int numAddrs, addrType, addrLength;
numAddrs = read(4);
numAddrs = readLength4();
if (numAddrs > 0) {
List<HostAddress> addrs = new ArrayList<>();
for (int i = 0; i < numAddrs; i++) {
addrType = read(2);
addrLength = read(4);
addrLength = readLength4();
if (!(addrLength == 4 || addrLength == 16)) {
if (DEBUG) {
System.out.println("Incorrect address format.");
......@@ -231,13 +231,13 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
AuthorizationDataEntry[] readAuth() throws IOException {
int num, adtype, adlength;
num = read(4);
num = readLength4();
if (num > 0) {
List<AuthorizationDataEntry> auData = new ArrayList<>();
byte[] data = null;
for (int i = 0; i < num; i++) {
adtype = read(2);
adlength = read(4);
adlength = readLength4();
data = IOUtils.readFully(this, adlength, true);
auData.add(new AuthorizationDataEntry(adtype, data));
}
......@@ -248,7 +248,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
byte[] readData() throws IOException {
int length;
length = read(4);
length = readLength4();
if (length == 0) {
return null;
} else {
......
src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
浏览文件 @ 5a0c7e18
......@@ -151,43 +151,43 @@ public class FileCredentialsCache extends CredentialsCache
synchronized void init(PrincipalName principal, String name)
throws IOException, KrbException {
primaryPrincipal = principal;
CCacheOutputStream cos =
new CCacheOutputStream(new FileOutputStream(name));
version = KRB5_FCC_FVNO_3;
cos.writeHeader(primaryPrincipal, version);
cos.close();
try (FileOutputStream fos = new FileOutputStream(name);
CCacheOutputStream cos = new CCacheOutputStream(fos)) {
version = KRB5_FCC_FVNO_3;
cos.writeHeader(primaryPrincipal, version);
}
load(name);
}
synchronized void load(String name) throws IOException, KrbException {
PrincipalName p;
CCacheInputStream cis =
new CCacheInputStream(new FileInputStream(name));
version = cis.readVersion();
if (version == KRB5_FCC_FVNO_4) {
tag = cis.readTag();
} else {
tag = null;
if (version == KRB5_FCC_FVNO_1 || version == KRB5_FCC_FVNO_2) {
cis.setNativeByteOrder();
try (FileInputStream fis = new FileInputStream(name);
CCacheInputStream cis = new CCacheInputStream(fis)) {
version = cis.readVersion();
if (version == KRB5_FCC_FVNO_4) {
tag = cis.readTag();
} else {
tag = null;
if (version == KRB5_FCC_FVNO_1 || version == KRB5_FCC_FVNO_2) {
cis.setNativeByteOrder();
}
}
}
p = cis.readPrincipal(version);
p = cis.readPrincipal(version);
if (primaryPrincipal != null) {
if (!(primaryPrincipal.match(p))) {
throw new IOException("Primary principals don't match.");
}
} else
primaryPrincipal = p;
credentialsList = new Vector<Credentials> ();
while (cis.available() > 0) {
Credentials cred = cis.readCred(version);
if (cred != null) {
credentialsList.addElement(cred);
if (primaryPrincipal != null) {
if (!(primaryPrincipal.match(p))) {
throw new IOException("Primary principals don't match.");
}
} else
primaryPrincipal = p;
credentialsList = new Vector<Credentials>();
while (cis.available() > 0) {
Credentials cred = cis.readCred(version);
if (cred != null) {
credentialsList.addElement(cred);
}
}
}
cis.close();
}
......@@ -246,16 +246,16 @@ public class FileCredentialsCache extends CredentialsCache
* Saves the credentials cache file to the disk.
*/
public synchronized void save() throws IOException, Asn1Exception {
CCacheOutputStream cos
= new CCacheOutputStream(new FileOutputStream(cacheName));
cos.writeHeader(primaryPrincipal, version);
Credentials[] tmp = null;
if ((tmp = getCredsList()) != null) {
for (int i = 0; i < tmp.length; i++) {
cos.addCreds(tmp[i]);
try (FileOutputStream fos = new FileOutputStream(cacheName);
CCacheOutputStream cos = new CCacheOutputStream(fos)) {
cos.writeHeader(primaryPrincipal, version);
Credentials[] tmp = null;
if ((tmp = getCredsList()) != null) {
for (int i = 0; i < tmp.length; i++) {
cos.addCreds(tmp[i]);
}
}
}
cos.close();
}
boolean match(String[] s1, String[] s2) {
......
src/share/classes/sun/security/krb5/internal/util/KrbDataInputStream.java
浏览文件 @ 5a0c7e18
......@@ -56,15 +56,33 @@ public class KrbDataInputStream extends BufferedInputStream{
public KrbDataInputStream(InputStream is){
super(is);
}
/**
* Reads a length value which is represented in 4 bytes from
* this input stream. The value must be positive.
* @return the length value represented by this byte array.
* @throws IOException if there are not enough bytes or it represents
* a negative value
*/
final public int readLength4() throws IOException {
int len = read(4);
if (len < 0) {
throw new IOException("Invalid encoding");
}
return len;
}
/**
* Reads up to the specific number of bytes from this input stream.
* @param num the number of bytes to be read.
* @return the int value of this byte array.
* @exception IOException.
* @throws IOException if there are not enough bytes
*/
public int read(int num) throws IOException{
public int read(int num) throws IOException {
byte[] bytes = new byte[num];
read(bytes, 0, num);
if (read(bytes, 0, num) != num) {
throw new IOException("Premature end of stream reached");
}
int result = 0;
for (int i = 0; i < num; i++) {
if (bigEndian) {
......
src/share/classes/sun/security/ssl/ClientHandshaker.java
浏览文件 @ 5a0c7e18
......@@ -345,6 +345,13 @@ final class ClientHandshaker extends Handshaker {
break;
case HandshakeMessage.ht_finished:
// A ChangeCipherSpec record must have been received prior to
// reception of the Finished message (RFC 5246, 7.4.9).
if (!receivedChangeCipherSpec()) {
fatalSE(Alerts.alert_handshake_failure,
"Received Finished message before ChangeCipherSpec");
}
this.serverFinished(
new Finished(protocolVersion, input, cipherSuite));
break;
......
src/share/classes/sun/security/ssl/Handshaker.java
浏览文件 @ 5a0c7e18
......@@ -66,27 +66,27 @@ abstract class Handshaker {
ProtocolVersion protocolVersion;
// the currently active protocol version during a renegotiation
ProtocolVersion activeProtocolVersion;
ProtocolVersion activeProtocolVersion;
// security parameters for secure renegotiation.
boolean secureRenegotiation;
byte[] clientVerifyData;
byte[] serverVerifyData;
boolean secureRenegotiation;
byte[] clientVerifyData;
byte[] serverVerifyData;
// Is it an initial negotiation or a renegotiation?
boolean isInitialHandshake;
boolean isInitialHandshake;
// List of enabled protocols
private ProtocolList enabledProtocols;
private ProtocolList enabledProtocols;
// List of enabled CipherSuites
private CipherSuiteList enabledCipherSuites;
private CipherSuiteList enabledCipherSuites;
// The endpoint identification protocol
String identificationProtocol;
String identificationProtocol;
// The cryptographic algorithm constraints
private AlgorithmConstraints algorithmConstraints = null;
private AlgorithmConstraints algorithmConstraints = null;
// Local supported signature and algorithms
Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
......@@ -94,8 +94,6 @@ abstract class Handshaker {
// Peer supported signature and algorithms
Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs;
/*
/*
* List of active protocols
*
......@@ -103,7 +101,7 @@ abstract class Handshaker {
* contain only those protocols that have vaild cipher suites
* enabled.
*/
private ProtocolList activeProtocols;
private ProtocolList activeProtocols;
/*
* List of active cipher suites
......@@ -111,39 +109,41 @@ abstract class Handshaker {
* Active cipher suites is a subset of enabled cipher suites, and will
* contain only those cipher suites available for the active protocols.
*/
private CipherSuiteList activeCipherSuites;
private CipherSuiteList activeCipherSuites;
// The server name indication and matchers
List<SNIServerName> serverNames =
Collections.<SNIServerName>emptyList();
Collection<SNIMatcher> sniMatchers =
Collections.<SNIMatcher>emptyList();
List<SNIServerName> serverNames = Collections.<SNIServerName>emptyList();
Collection<SNIMatcher> sniMatchers = Collections.<SNIMatcher>emptyList();
private boolean isClient;
private boolean needCertVerify;
private boolean isClient;
private boolean needCertVerify;
SSLSocketImpl conn = null;
SSLEngineImpl engine = null;
SSLSocketImpl conn = null;
SSLEngineImpl engine = null;
HandshakeHash handshakeHash;
HandshakeInStream input;
HandshakeOutStream output;
int state;
SSLContextImpl sslContext;
RandomCookie clnt_random, svr_random;
SSLSessionImpl session;
HandshakeHash handshakeHash;
HandshakeInStream input;
HandshakeOutStream output;
int state;
SSLContextImpl sslContext;
RandomCookie clnt_random, svr_random;
SSLSessionImpl session;
// current CipherSuite. Never null, initially SSL_NULL_WITH_NULL_NULL
CipherSuite cipherSuite;
CipherSuite cipherSuite;
// current key exchange. Never null, initially K_NULL
KeyExchange keyExchange;
KeyExchange keyExchange;
// True if this session is being resumed (fast handshake)
boolean resumingSession;
/* True if this session is being resumed (fast handshake) */
boolean resumingSession;
// True if it's OK to start a new SSL session
boolean enableNewSession;
/* True if it's OK to start a new SSL session */
boolean enableNewSession;
// True if session keys have been calculated and the caller may receive
// and process a ChangeCipherSpec message
private boolean sessKeysCalculated;
// Whether local cipher suites preference should be honored during
// handshaking?
......@@ -176,7 +176,7 @@ abstract class Handshaker {
// here instead of using this lock. Consider changing.
private Object thrownLock = new Object();
/* Class and subclass dynamic debugging support */
// Class and subclass dynamic debugging support
static final Debug debug = Debug.getInstance("ssl");
// By default, disable the unsafe legacy session renegotiation
......@@ -253,6 +253,7 @@ abstract class Handshaker {
this.serverVerifyData = serverVerifyData;
enableNewSession = true;
invalidated = false;
sessKeysCalculated = false;
setCipherSuite(CipherSuite.C_NULL);
setEnabledProtocols(enabledProtocols);
......@@ -359,6 +360,14 @@ abstract class Handshaker {
}
}
final boolean receivedChangeCipherSpec() {
if (conn != null) {
return conn.receivedChangeCipherSpec();
} else {
return engine.receivedChangeCipherSpec();
}
}
String getEndpointIdentificationAlgorithmSE() {
SSLParameters paras;
if (conn != null) {
......@@ -491,7 +500,9 @@ abstract class Handshaker {
if (activeProtocols.collection().isEmpty() ||
activeProtocols.max.v == ProtocolVersion.NONE.v) {
throw new SSLHandshakeException("No appropriate protocol");
throw new SSLHandshakeException(
"No appropriate protocol (protocol is disabled or " +
"cipher suites are inappropriate)");
}
if (activeCipherSuites == null) {
......@@ -670,6 +681,16 @@ abstract class Handshaker {
boolean enabledSSL20Hello = false;
ArrayList<ProtocolVersion> protocols = new ArrayList<>(4);
for (ProtocolVersion protocol : enabledProtocols.collection()) {
if (!algorithmConstraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
protocol.name, null)) {
if (debug != null && Debug.isOn("verbose")) {
System.out.println(
"Ignoring disabled protocol: " + protocol);
}
continue;
}
// Need not to check the SSL20Hello protocol.
if (protocol.v == ProtocolVersion.SSL20Hello.v) {
enabledSSL20Hello = true;
......@@ -1224,6 +1245,10 @@ abstract class Handshaker {
throw new ProviderException(e);
}
// Mark a flag that allows outside entities (like SSLSocket/SSLEngine)
// determine if a ChangeCipherSpec message could be processed.
sessKeysCalculated = true;
//
// Dump the connection keys as they're generated.
//
......@@ -1278,6 +1303,15 @@ abstract class Handshaker {
}
}
/**
* Return whether or not the Handshaker has derived session keys for
* this handshake. This is used for determining readiness to process
* an incoming ChangeCipherSpec message.
*/
boolean sessionKeysCalculated() {
return sessKeysCalculated;
}
private static void printHex(HexDumpEncoder dump, byte[] bytes) {
if (bytes == null) {
System.out.println("(key bytes not available)");
......
src/share/classes/sun/security/ssl/ProtocolVersion.java
浏览文件 @ 5a0c7e18
......@@ -25,6 +25,9 @@
package sun.security.ssl;
import java.util.*;
import java.security.CryptoPrimitive;
/**
* Type safe enum for an SSL/TLS protocol version. Instances are obtained
* using the static factory methods or by referencing the static members
......@@ -86,6 +89,11 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
// Default version for hello messages (SSLv2Hello)
final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30;
// Available protocols
//
// Including all supported protocols except the disabled ones.
final static Set<ProtocolVersion> availableProtocols;
// version in 16 bit MSB format as it appears in records and
// messages, i.e. 0x0301 for TLS 1.0
public final int v;
......@@ -96,6 +104,24 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
// name used in JSSE (e.g. TLSv1 for TLS 1.0)
final String name;
// Initialize the available protocols.
static {
Set<ProtocolVersion> protocols = new HashSet<>(5);
ProtocolVersion[] pvs = new ProtocolVersion[] {
SSL20Hello, SSL30, TLS10, TLS11, TLS12};
for (ProtocolVersion p : pvs) {
if (SSLAlgorithmConstraints.DEFAULT_SSL_ONLY.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
p.name, null)) {
protocols.add(p);
}
}
availableProtocols =
Collections.<ProtocolVersion>unmodifiableSet(protocols);
}
// private
private ProtocolVersion(int v, String name) {
this.v = v;
......
src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
浏览文件 @ 5a0c7e18
......@@ -55,6 +55,14 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
private boolean enabledX509DisabledAlgConstraints = true;
// the default algorithm constraints
final static AlgorithmConstraints DEFAULT =
new SSLAlgorithmConstraints(null);
// the default SSL only algorithm constraints
final static AlgorithmConstraints DEFAULT_SSL_ONLY =
new SSLAlgorithmConstraints((SSLSocket)null, false);
SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
userAlgConstraints = algorithmConstraints;
}
......
src/share/classes/sun/security/ssl/SSLContextImpl.java
浏览文件 @ 5a0c7e18
......@@ -52,10 +52,6 @@ public abstract class SSLContextImpl extends SSLContextSpi {
private X509TrustManager trustManager;
private SecureRandom secureRandom;
// The default algrithm constraints
private AlgorithmConstraints defaultAlgorithmConstraints =
new SSLAlgorithmConstraints(null);
// supported and default protocols
private ProtocolList defaultServerProtocolList;
private ProtocolList defaultClientProtocolList;
......@@ -350,7 +346,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
if (suite.isAvailable() &&
suite.obsoleted > protocols.min.v &&
suite.supported <= protocols.max.v) {
if (defaultAlgorithmConstraints.permits(
if (SSLAlgorithmConstraints.DEFAULT.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
suite.name, null)) {
suites.add(suite);
......@@ -431,11 +427,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
*/
private abstract static class AbstractSSLContext extends SSLContextImpl {
// parameters
private final static SSLParameters defaultServerSSLParams;
private final static SSLParameters supportedSSLParams;
private static final SSLParameters defaultServerSSLParams;
private static final SSLParameters supportedSSLParams;
static {
// supported SSL parameters
supportedSSLParams = new SSLParameters();
// candidates for available protocols
ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
......@@ -443,7 +444,11 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS12.name
});
defaultServerSSLParams = supportedSSLParams;
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
} else {
supportedSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL20Hello.name,
......@@ -453,8 +458,18 @@ public abstract class SSLContextImpl extends SSLContextSpi {
ProtocolVersion.TLS12.name
});
defaultServerSSLParams = supportedSSLParams;
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL20Hello,
ProtocolVersion.SSL30,
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
}
defaultServerSSLParams = new SSLParameters();
defaultServerSSLParams.setProtocols(
getAvailableProtocols(candidates).toArray(new String[0]));
}
@Override
......@@ -466,6 +481,22 @@ public abstract class SSLContextImpl extends SSLContextSpi {
SSLParameters getSupportedSSLParams() {
return supportedSSLParams;
}
static List<String> getAvailableProtocols(
ProtocolVersion[] protocolCandidates) {
List<String> availableProtocols = Collections.<String>emptyList();
if (protocolCandidates != null && protocolCandidates.length != 0) {
availableProtocols = new ArrayList<>(protocolCandidates.length);
for (ProtocolVersion p : protocolCandidates) {
if (ProtocolVersion.availableProtocols.contains(p)) {
availableProtocols.add(p.name);
}
}
}
return availableProtocols;
}
}
/*
......@@ -474,21 +505,25 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
public static final class TLS10Context extends AbstractSSLContext {
private final static SSLParameters defaultClientSSLParams;
private static final SSLParameters defaultClientSSLParams;
static {
defaultClientSSLParams = new SSLParameters();
// candidates for available protocols
ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10
};
} else {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL30.name,
ProtocolVersion.TLS10.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL30,
ProtocolVersion.TLS10
};
}
defaultClientSSLParams = new SSLParameters();
defaultClientSSLParams.setProtocols(
getAvailableProtocols(candidates).toArray(new String[0]));
}
@Override
......@@ -503,23 +538,27 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
public static final class TLS11Context extends AbstractSSLContext {
private final static SSLParameters defaultClientSSLParams;
private static final SSLParameters defaultClientSSLParams;
static {
defaultClientSSLParams = new SSLParameters();
// candidates for available protocols
ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10,
ProtocolVersion.TLS11
};
} else {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL30.name,
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL30,
ProtocolVersion.TLS10,
ProtocolVersion.TLS11
};
}
defaultClientSSLParams = new SSLParameters();
defaultClientSSLParams.setProtocols(
getAvailableProtocols(candidates).toArray(new String[0]));
}
@Override
......@@ -534,25 +573,29 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
public static final class TLS12Context extends AbstractSSLContext {
private final static SSLParameters defaultClientSSLParams;
private static final SSLParameters defaultClientSSLParams;
static {
defaultClientSSLParams = new SSLParameters();
// candidates for available protocols
ProtocolVersion[] candidates;
if (SunJSSE.isFIPS()) {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name,
ProtocolVersion.TLS12.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
} else {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL30.name,
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name,
ProtocolVersion.TLS12.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL30,
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
}
defaultClientSSLParams = new SSLParameters();
defaultClientSSLParams.setProtocols(
getAvailableProtocols(candidates).toArray(new String[0]));
}
@Override
......@@ -567,8 +610,8 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* @see SSLContext
*/
private static class CustomizedSSLContext extends AbstractSSLContext {
private final static String PROPERTY_NAME = "jdk.tls.client.protocols";
private final static SSLParameters defaultClientSSLParams;
private static final String PROPERTY_NAME = "jdk.tls.client.protocols";
private static final SSLParameters defaultClientSSLParams;
private static IllegalArgumentException reservedException = null;
// Don't want a java.lang.LinkageError for illegal system property.
......@@ -578,60 +621,74 @@ public abstract class SSLContextImpl extends SSLContextSpi {
// the provider service. Instead, let's handle the initialization
// exception in constructor.
static {
// candidates for available protocols
ProtocolVersion[] candidates;
String property = AccessController.doPrivileged(
new GetPropertyAction(PROPERTY_NAME));
defaultClientSSLParams = new SSLParameters();
if (property == null || property.length() == 0) {
// the default enabled client TLS protocols
if (SunJSSE.isFIPS()) {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name,
ProtocolVersion.TLS12.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
} else {
defaultClientSSLParams.setProtocols(new String[] {
ProtocolVersion.SSL30.name,
ProtocolVersion.TLS10.name,
ProtocolVersion.TLS11.name,
ProtocolVersion.TLS12.name
});
candidates = new ProtocolVersion[] {
ProtocolVersion.SSL30,
ProtocolVersion.TLS10,
ProtocolVersion.TLS11,
ProtocolVersion.TLS12
};
}
} else {
// remove double quote marks from beginning/end of the property
if (property.charAt(0) == '"' &&
if (property.length() > 1 && property.charAt(0) == '"' &&
property.charAt(property.length() - 1) == '"') {
property = property.substring(1, property.length() - 1);
}
String[] protocols = property.split(",");
String[] protocols = null;
if (property != null && property.length() != 0) {
protocols = property.split(",");
} else {
reservedException = new IllegalArgumentException(
"No protocol specified in " +
PROPERTY_NAME + " system property");
protocols = new String[0];
}
candidates = new ProtocolVersion[protocols.length];
for (int i = 0; i < protocols.length; i++) {
protocols[i] = protocols[i].trim();
// Is it a supported protocol name?
try {
ProtocolVersion.valueOf(protocols[i]);
candidates[i] = ProtocolVersion.valueOf(protocols[i]);
} catch (IllegalArgumentException iae) {
reservedException = new IllegalArgumentException(
PROPERTY_NAME + ": " + protocols[i] +
" is not a standard SSL protocol name", iae);
PROPERTY_NAME + ": " + protocols[i] +
" is not a standard SSL/TLS protocol name", iae);
break;
}
}
if ((reservedException == null) && SunJSSE.isFIPS()) {
for (String protocol : protocols) {
if (ProtocolVersion.SSL20Hello.name.equals(protocol) ||
ProtocolVersion.SSL30.name.equals(protocol)) {
for (ProtocolVersion protocolVersion : candidates) {
if (ProtocolVersion.SSL20Hello.v == protocolVersion.v ||
ProtocolVersion.SSL30.v == protocolVersion.v) {
reservedException = new IllegalArgumentException(
PROPERTY_NAME + ": " + protocol +
PROPERTY_NAME + ": " + protocolVersion +
" is not FIPS compliant");
}
}
}
}
if (reservedException == null) {
defaultClientSSLParams.setProtocols(protocols);
}
defaultClientSSLParams = new SSLParameters();
if (reservedException == null) {
defaultClientSSLParams.setProtocols(
getAvailableProtocols(candidates).toArray(new String[0]));
}
}
......
src/share/classes/sun/security/ssl/SSLEngineImpl.java
浏览文件 @ 5a0c7e18
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -211,6 +211,11 @@ final public class SSLEngineImpl extends SSLEngine {
static final byte clauth_requested = 1;
static final byte clauth_required = 2;
/*
* Flag indicating that the engine has received a ChangeCipherSpec message.
*/
private boolean receivedCCS;
/*
* Flag indicating if the next record we receive MUST be a Finished
* message. Temporarily set during the handshake to ensure that
......@@ -372,6 +377,7 @@ final public class SSLEngineImpl extends SSLEngine {
*/
roleIsServer = true;
connectionState = cs_START;
receivedCCS = false;
// default server name indication
serverNames =
......@@ -1021,6 +1027,7 @@ final public class SSLEngineImpl extends SSLEngine {
if (handshaker.invalidated) {
handshaker = null;
receivedCCS = false;
// if state is cs_RENEGOTIATE, revert it to cs_DATA
if (connectionState == cs_RENEGOTIATE) {
connectionState = cs_DATA;
......@@ -1039,6 +1046,7 @@ final public class SSLEngineImpl extends SSLEngine {
}
handshaker = null;
connectionState = cs_DATA;
receivedCCS = false;
// No handshakeListeners here. That's a
// SSLSocket thing.
......@@ -1078,13 +1086,25 @@ final public class SSLEngineImpl extends SSLEngine {
case Record.ct_change_cipher_spec:
if ((connectionState != cs_HANDSHAKE
&& connectionState != cs_RENEGOTIATE)
|| inputRecord.available() != 1
|| !handshaker.sessionKeysCalculated()
|| receivedCCS) {
// For the CCS message arriving in the wrong state
fatal(Alerts.alert_unexpected_message,
"illegal change cipher spec msg, conn state = "
+ connectionState + ", handshake state = "
+ handshaker.state);
} else if (inputRecord.available() != 1
|| inputRecord.read() != 1) {
// For structural/content issues with the CCS
fatal(Alerts.alert_unexpected_message,
"illegal change cipher spec msg, state = "
+ connectionState);
"Malformed change cipher spec msg");
}
// Once we've received CCS, update the flag.
// If the remote endpoint sends it again in this handshake
// we won't process it.
receivedCCS = true;
//
// The first message after a change_cipher_spec
// record MUST be a "Finished" handshake record,
......@@ -2120,6 +2140,14 @@ final public class SSLEngineImpl extends SSLEngine {
}
}
/*
* Returns a boolean indicating whether the ChangeCipherSpec message
* has been received for this handshake.
*/
boolean receivedChangeCipherSpec() {
return receivedCCS;
}
/**
* Returns a printable representation of this end of the connection.
*/
......
src/share/classes/sun/security/ssl/SSLSocketImpl.java
浏览文件 @ 5a0c7e18
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -171,6 +171,12 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
*/
private volatile int connectionState;
/*
* Flag indicating that the engine's handshaker has done the necessary
* steps so the engine may process a ChangeCipherSpec message.
*/
private boolean receivedCCS;
/*
* Flag indicating if the next record we receive MUST be a Finished
* message. Temporarily set during the handshake to ensure that
......@@ -587,6 +593,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
*/
roleIsServer = isServer;
connectionState = cs_START;
receivedCCS = false;
/*
* default read and write side cipher and MAC support
......@@ -1045,6 +1052,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
if (handshaker.invalidated) {
handshaker = null;
receivedCCS = false;
// if state is cs_RENEGOTIATE, revert it to cs_DATA
if (connectionState == cs_RENEGOTIATE) {
connectionState = cs_DATA;
......@@ -1060,6 +1068,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
handshakeSession = null;
handshaker = null;
connectionState = cs_DATA;
receivedCCS = false;
//
// Tell folk about handshake completion, but do
......@@ -1107,13 +1116,24 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
case Record.ct_change_cipher_spec:
if ((connectionState != cs_HANDSHAKE
&& connectionState != cs_RENEGOTIATE)
|| r.available() != 1
|| r.read() != 1) {
|| !handshaker.sessionKeysCalculated()
|| receivedCCS) {
// For the CCS message arriving in the wrong state
fatal(Alerts.alert_unexpected_message,
"illegal change cipher spec msg, state = "
+ connectionState);
"illegal change cipher spec msg, conn state = "
+ connectionState + ", handshake state = "
+ handshaker.state);
} else if (r.available() != 1 || r.read() != 1) {
// For structural/content issues with the CCS
fatal(Alerts.alert_unexpected_message,
"Malformed change cipher spec msg");
}
// Once we've received CCS, update the flag.
// If the remote endpoint sends it again in this handshake
// we won't process it.
receivedCCS = true;
//
// The first message after a change_cipher_spec
// record MUST be a "Finished" handshake record,
......@@ -2550,6 +2570,14 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
}
}
/*
* Returns a boolean indicating whether the ChangeCipherSpec message
* has been received for this handshake.
*/
boolean receivedChangeCipherSpec() {
return receivedCCS;
}
//
// We allocate a separate thread to deliver handshake completion
// events. This ensures that the notifications don't block the
......
src/share/classes/sun/security/ssl/ServerHandshaker.java
浏览文件 @ 5a0c7e18
......@@ -287,6 +287,13 @@ final class ServerHandshaker extends Handshaker {
break;
case HandshakeMessage.ht_finished:
// A ChangeCipherSpec record must have been received prior to
// reception of the Finished message (RFC 5246, 7.4.9).
if (!receivedChangeCipherSpec()) {
fatalSE(Alerts.alert_handshake_failure,
"Received Finished message before ChangeCipherSpec");
}
this.clientFinished(
new Finished(protocolVersion, input, cipherSuite));
break;
......
src/share/classes/sun/security/util/DerIndefLenConverter.java
浏览文件 @ 5a0c7e18
......@@ -156,12 +156,18 @@ class DerIndefLenConverter {
}
if (isLongForm(lenByte)) {
lenByte &= LEN_MASK;
if (lenByte > 4)
if (lenByte > 4) {
throw new IOException("Too much data");
if ((dataSize - dataPos) < (lenByte + 1))
}
if ((dataSize - dataPos) < (lenByte + 1)) {
throw new IOException("Too little data");
for (int i = 0; i < lenByte; i++)
}
for (int i = 0; i < lenByte; i++) {
curLen = (curLen << 8) + (data[dataPos++] & 0xff);
}
if (curLen < 0) {
throw new IOException("Invalid length bytes");
}
} else {
curLen = (lenByte & LEN_MASK);
}
......@@ -188,10 +194,15 @@ class DerIndefLenConverter {
}
if (isLongForm(lenByte)) {
lenByte &= LEN_MASK;
for (int i = 0; i < lenByte; i++)
for (int i = 0; i < lenByte; i++) {
curLen = (curLen << 8) + (data[dataPos++] & 0xff);
} else
}
if (curLen < 0) {
throw new IOException("Invalid length bytes");
}
} else {
curLen = (lenByte & LEN_MASK);
}
writeLength(curLen);
writeValue(curLen);
}
......
src/share/classes/sun/security/util/DerInputStream.java
浏览文件 @ 5a0c7e18
......@@ -566,6 +566,10 @@ public class DerInputStream {
value <<= 8;
value += 0x0ff & in.read();
}
if (value < 0) {
throw new IOException("DerInputStream.getLength(): "
+ "Invalid length bytes");
}
}
return value;
}
......
src/share/classes/sun/swing/FilePane.java
浏览文件 @ 5a0c7e18
......@@ -1979,20 +1979,24 @@ public class FilePane extends JPanel implements PropertyChangeListener {
return false;
}
if (f instanceof ShellFolder) {
return f.canWrite();
} else {
if (usesShellFolder(getFileChooser())) {
try {
return ShellFolder.getShellFolder(f).canWrite();
} catch (FileNotFoundException ex) {
// File doesn't exist
return false;
}
} else {
// Ordinary file
try {
if (f instanceof ShellFolder) {
return f.canWrite();
} else {
if (usesShellFolder(getFileChooser())) {
try {
return ShellFolder.getShellFolder(f).canWrite();
} catch (FileNotFoundException ex) {
// File doesn't exist
return false;
}
} else {
// Ordinary file
return f.canWrite();
}
}
} catch (SecurityException e) {
return false;
}
}
......
src/share/classes/sun/swing/WindowsPlacesBar.java
浏览文件 @ 5a0c7e18
......@@ -81,11 +81,7 @@ public class WindowsPlacesBar extends JToolBar
setBackground(bgColor);
FileSystemView fsv = fc.getFileSystemView();
files = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
public File[] run() {
return (File[]) ShellFolder.get("fileChooserShortcutPanelFolders");
}
});
files = (File[]) ShellFolder.get("fileChooserShortcutPanelFolders");
buttons = new JToggleButton[files.length];
buttonGroup = new ButtonGroup();
......
src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java
浏览文件 @ 5a0c7e18
......@@ -769,16 +769,9 @@ public class SynthFileChooserUIImpl extends SynthFileChooserUI {
fireIntervalRemoved(this, 0, oldSize);
}
File[] baseFolders;
if (useShellFolder) {
baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
public File[] run() {
return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
}
});
} else {
baseFolders = fsv.getRoots();
}
File[] baseFolders = (useShellFolder)
? (File[]) ShellFolder.get("fileChooserComboBoxFolders")
: fsv.getRoots();
directories.addAll(Arrays.asList(baseFolders));
// Get the canonical (full) path. This has the side
......
src/share/lib/security/java.security-aix
浏览文件 @ 5a0c7e18
......@@ -210,8 +210,8 @@ package.access=sun.,\
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
jdk.nashorn.tools.
jdk.nashorn.tools.,\
com.sun.activation.registries.
#
# List of comma-separated packages that start with or equal this string
......@@ -257,8 +257,8 @@ package.definition=sun.,\
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
jdk.nashorn.tools.
jdk.nashorn.tools.,\
com.sun.activation.registries.
#
# Determines whether this properties file can be appended to
......@@ -479,8 +479,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
......@@ -495,4 +499,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
src/share/lib/security/java.security-linux
浏览文件 @ 5a0c7e18
......@@ -479,8 +479,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
......@@ -495,4 +499,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
src/share/lib/security/java.security-macosx
浏览文件 @ 5a0c7e18
......@@ -482,8 +482,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
......@@ -498,4 +502,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
src/share/lib/security/java.security-solaris
浏览文件 @ 5a0c7e18
......@@ -481,8 +481,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
......@@ -497,4 +501,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
src/share/lib/security/java.security-windows
浏览文件 @ 5a0c7e18
......@@ -482,8 +482,12 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including cipher
# suites selection, peer authentication and key exchange mechanisms.
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
......@@ -498,4 +502,5 @@ jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
src/share/native/sun/font/layout/ContextualSubstSubtables.cpp
浏览文件 @ 5a0c7e18
......@@ -583,6 +583,8 @@ le_uint32 ChainingContextualSubstitutionFormat2Subtable::process(const LETableRe
LEReferenceTo<ChainSubClassRuleTable>
chainSubClassRuleTable(chainSubClassSetTable, success, chainSubClassRuleTableOffset);
le_uint16 backtrackGlyphCount = SWAPW(chainSubClassRuleTable->backtrackGlyphCount);
LEReferenceToArrayOf<le_uint16> backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount);
if( LE_FAILURE(success) ) { return 0; }
le_uint16 inputGlyphCount = SWAPW(chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount]) - 1;
LEReferenceToArrayOf<le_uint16> inputClassArray(base, success, &chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount + 1],inputGlyphCount+2); // +2 for the lookaheadGlyphCount count
le_uint16 lookaheadGlyphCount = SWAPW(inputClassArray.getObject(inputGlyphCount, success));
......@@ -599,8 +601,6 @@ le_uint32 ChainingContextualSubstitutionFormat2Subtable::process(const LETableRe
}
tempIterator.prev();
LEReferenceToArrayOf<le_uint16> backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount);
if( LE_FAILURE(success) ) { return 0; }
if (! matchGlyphClasses(backtrackClassArray, backtrackGlyphCount,
&tempIterator, backtrackClassDefinitionTable, success, TRUE)) {
continue;
......
src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp
浏览文件 @ 5a0c7e18
......@@ -45,6 +45,9 @@ le_uint32 CursiveAttachmentSubtable::process(const LEReferenceTo<CursiveAttachme
le_int32 coverageIndex = getGlyphCoverage(base, glyphID, success);
le_uint16 eeCount = SWAPW(entryExitCount);
LEReferenceToArrayOf<EntryExitRecord>
entryExitRecordsArrayRef(base, success, entryExitRecords, coverageIndex);
if (coverageIndex < 0 || coverageIndex >= eeCount || LE_FAILURE(success)) {
glyphIterator->setCursiveGlyph();
return 0;
......
src/share/native/sun/font/layout/Features.cpp
浏览文件 @ 5a0c7e18
......@@ -40,6 +40,9 @@ U_NAMESPACE_BEGIN
LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const
{
LEReferenceToArrayOf<FeatureRecord>
featureRecordArrayRef(base, success, featureRecordArray, featureIndex);
if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) {
return LEReferenceTo<FeatureTable>();
}
......
src/share/native/sun/font/layout/LETableReference.h
浏览文件 @ 5a0c7e18
......@@ -470,7 +470,12 @@ _TRTRACE("INFO: new RTAO")
#endif
const T& getObject(le_uint32 i, LEErrorCode &success) const {
return *getAlias(i,success);
const T *ret = getAlias(i, success);
if (LE_FAILURE(success) || ret==NULL) {
return *(new T(0));
} else {
return *ret;
}
}
/**
......
src/share/native/sun/font/layout/LigatureSubstSubtables.cpp
浏览文件 @ 5a0c7e18
......@@ -64,6 +64,9 @@ le_uint32 LigatureSubstitutionSubtable::process(const LETableReference &base, Gl
LEReferenceTo<LigatureTable> ligTable(ligSetTable, success, ligTableOffset);
if(LE_FAILURE(success)) { return 0; }
le_uint16 compCount = SWAPW(ligTable->compCount) - 1;
LEReferenceToArrayOf<TTGlyphID>
componentArrayRef(base, success, ligTable->componentArray, compCount);
if (LE_FAILURE(success)) { return 0; }
le_int32 startPosition = glyphIterator->getCurrStreamPosition();
TTGlyphID ligGlyph = SWAPW(ligTable->ligGlyph);
le_uint16 comp;
......
src/share/native/sun/font/layout/MultipleSubstSubtables.cpp
浏览文件 @ 5a0c7e18
......@@ -61,6 +61,8 @@ le_uint32 MultipleSubstitutionSubtable::process(const LETableReference &base, Gl
le_int32 coverageIndex = getGlyphCoverage(base, glyph, success);
le_uint16 seqCount = SWAPW(sequenceCount);
LEReferenceToArrayOf<Offset>
sequenceTableOffsetArrayRef(base, success, sequenceTableOffsetArray, seqCount);
if (LE_FAILURE(success)) {
return 0;
......
src/solaris/native/java/net/NetworkInterface.c
浏览文件 @ 5a0c7e18
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -570,9 +570,14 @@ JNIEXPORT jint JNICALL Java_java_net_NetworkInterface_getMTU0(JNIEnv *env, jclas
jboolean isCopy;
int ret = -1;
int sock;
const char* name_utf;
const char* name_utf = NULL;
name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
if (name != NULL) {
name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
} else {
JNU_ThrowNullPointerException(env, "network interface name is NULL");
return ret;
}
if (name_utf == NULL) {
if (!(*env)->ExceptionCheck(env))
JNU_ThrowOutOfMemoryError(env, NULL);
......@@ -600,7 +605,12 @@ static int getFlags0(JNIEnv *env, jstring name) {
const char* name_utf;
int flags = 0;
name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
if (name != NULL) {
name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
} else {
JNU_ThrowNullPointerException(env, "network interface name is NULL");
return -1;
}
if (name_utf == NULL) {
if (!(*env)->ExceptionCheck(env))
JNU_ThrowOutOfMemoryError(env, NULL);
......@@ -1474,7 +1484,12 @@ static int getMTU(JNIEnv *env, int sock, const char *ifname) {
struct ifreq if2;
memset((char *) &if2, 0, sizeof(if2));
strcpy(if2.ifr_name, ifname);
if (ifname != NULL) {
strcpy(if2.ifr_name, ifname);
} else {
JNU_ThrowNullPointerException(env, "network interface name is NULL");
return -1;
}
if (ioctl(sock, SIOCGIFMTU, (char *)&if2) < 0) {
NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException", "IOCTL SIOCGIFMTU failed");
......
src/solaris/native/java/net/PlainDatagramSocketImpl.c
浏览文件 @ 5a0c7e18
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -1474,10 +1474,12 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) {
static jmethodID ni_ctrID;
static jfieldID ni_indexID;
static jfieldID ni_addrsID;
static jfieldID ni_nameID;
jobjectArray addrArray;
jobject addr;
jobject ni;
jobject ni_name;
struct in_addr in;
struct in_addr *inP = &in;
......@@ -1527,6 +1529,8 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) {
ni_addrsID = (*env)->GetFieldID(env, c, "addrs",
"[Ljava/net/InetAddress;");
CHECK_NULL_RETURN(ni_addrsID, NULL);
ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;");
CHECK_NULL_RETURN(ni_nameID, NULL);
ni_class = (*env)->NewGlobalRef(env, c);
CHECK_NULL_RETURN(ni_class, NULL);
}
......@@ -1548,6 +1552,10 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) {
CHECK_NULL_RETURN(addrArray, NULL);
(*env)->SetObjectArrayElement(env, addrArray, 0, addr);
(*env)->SetObjectField(env, ni, ni_addrsID, addrArray);
ni_name = (*env)->NewStringUTF(env, "");
if (ni_name != NULL) {
(*env)->SetObjectField(env, ni, ni_nameID, ni_name);
}
return ni;
}
......@@ -1564,14 +1572,16 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) {
static jfieldID ni_indexID;
static jfieldID ni_addrsID;
static jclass ia_class;
static jfieldID ni_nameID;
static jmethodID ia_anyLocalAddressID;
int index;
int index = 0;
int len = sizeof(index);
jobjectArray addrArray;
jobject addr;
jobject ni;
jobject ni_name;
if (JVM_GetSockOpt(fd, IPPROTO_IPV6, IPV6_MULTICAST_IF,
(char*)&index, &len) < 0) {
......@@ -1600,6 +1610,8 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) {
"anyLocalAddress",
"()Ljava/net/InetAddress;");
CHECK_NULL_RETURN(ia_anyLocalAddressID, NULL);
ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;");
CHECK_NULL_RETURN(ni_nameID, NULL);
ni_class = (*env)->NewGlobalRef(env, c);
CHECK_NULL_RETURN(ni_class, NULL);
}
......@@ -1660,6 +1672,10 @@ jobject getMulticastInterface(JNIEnv *env, jobject this, int fd, jint opt) {
CHECK_NULL_RETURN(addrArray, NULL);
(*env)->SetObjectArrayElement(env, addrArray, 0, addr);
(*env)->SetObjectField(env, ni, ni_addrsID, addrArray);
ni_name = (*env)->NewStringUTF(env, "");
if (ni_name != NULL) {
(*env)->SetObjectField(env, ni, ni_nameID, ni_name);
}
return ni;
}
#endif
......
src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java
浏览文件 @ 5a0c7e18
......@@ -36,6 +36,7 @@ import java.security.PrivilegedAction;
import java.util.*;
import java.util.List;
import java.util.concurrent.*;
import java.util.stream.Stream;
import static sun.awt.shell.Win32ShellFolder2.*;
import sun.awt.OSInfo;
......@@ -251,7 +252,7 @@ public class Win32ShellFolderManager2 extends ShellFolderManager {
if (file == null) {
file = getDesktop();
}
return file;
return checkFile(file);
} else if (key.equals("roots")) {
// Should be "History" and "Desktop" ?
if (roots == null) {
......@@ -262,11 +263,11 @@ public class Win32ShellFolderManager2 extends ShellFolderManager {
roots = (File[])super.get(key);
}
}
return roots;
return checkFiles(roots);
} else if (key.equals("fileChooserComboBoxFolders")) {
Win32ShellFolder2 desktop = getDesktop();
if (desktop != null) {
if (desktop != null && checkFile(desktop) != null) {
ArrayList<File> folders = new ArrayList<File>();
Win32ShellFolder2 drives = getDrives();
......@@ -277,7 +278,7 @@ public class Win32ShellFolderManager2 extends ShellFolderManager {
folders.add(desktop);
// Add all second level folders
File[] secondLevelFolders = desktop.listFiles();
File[] secondLevelFolders = checkFiles(desktop.listFiles());
Arrays.sort(secondLevelFolders);
for (File secondLevelFolder : secondLevelFolders) {
Win32ShellFolder2 folder = (Win32ShellFolder2) secondLevelFolder;
......@@ -285,7 +286,7 @@ public class Win32ShellFolderManager2 extends ShellFolderManager {
folders.add(folder);
// Add third level for "My Computer"
if (folder.equals(drives)) {
File[] thirdLevelFolders = folder.listFiles();
File[] thirdLevelFolders = checkFiles(folder.listFiles());
if (thirdLevelFolders != null && thirdLevelFolders.length > 0) {
List<File> thirdLevelFoldersList = Arrays.asList(thirdLevelFolders);
......@@ -295,7 +296,7 @@ public class Win32ShellFolderManager2 extends ShellFolderManager {
}
}
}
return folders.toArray(new File[folders.size()]);
return checkFiles(folders);
} else {
return super.get(key);
}
......@@ -332,7 +333,7 @@ public class Win32ShellFolderManager2 extends ShellFolderManager {
}
}
}
return folders.toArray(new File[folders.size()]);
return checkFiles(folders);
} else if (key.startsWith("fileChooserIcon ")) {
String name = key.substring(key.indexOf(" ") + 1);
......@@ -378,6 +379,41 @@ public class Win32ShellFolderManager2 extends ShellFolderManager {
return null;
}
private File checkFile(File file) {
SecurityManager sm = System.getSecurityManager();
return (sm == null || file == null) ? file : checkFile(file, sm);
}
private File checkFile(File file, SecurityManager sm) {
try {
sm.checkRead(file.getPath());
return file;
} catch (SecurityException se) {
return null;
}
}
private File[] checkFiles(File[] files) {
SecurityManager sm = System.getSecurityManager();
if (sm == null || files == null || files.length == 0) {
return files;
}
return checkFiles(Arrays.stream(files), sm);
}
private File[] checkFiles(List<File> files) {
SecurityManager sm = System.getSecurityManager();
if (sm == null || files.isEmpty()) {
return files.toArray(new File[files.size()]);
}
return checkFiles(files.stream(), sm);
}
private File[] checkFiles(Stream<File> filesStream, SecurityManager sm) {
return filesStream.filter((file) -> checkFile(file, sm) != null)
.toArray(File[]::new);
}
/**
* Does <code>dir</code> represent a "computer" such as a node on the network, or
* "My Computer" on the desktop.
......
test/javax/swing/JFileChooser/8062561/bug8062561.java 0 → 100644
浏览文件 @ 5a0c7e18
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.awt.Robot;
import java.awt.event.KeyEvent;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.util.concurrent.TimeUnit;
import javax.swing.JFileChooser;
import javax.swing.SwingUtilities;
import javax.swing.filechooser.FileSystemView;
import sun.awt.OSInfo;
/**
* @test
* @bug 8062561
* @summary File system view returns null default directory
* @run main/othervm bug8062561 GENERATE_POLICY
* @run main/othervm/policy=security.policy bug8062561 CHECK_DEFAULT_DIR run
*/
public class bug8062561 {
private static final String POLICY_FILE = "security2.policy";
private static volatile boolean fileChooserIsShown = false;
public static void main(String[] args) throws Exception {
String test = args[0];
switch (test) {
case "GENERATE_POLICY":
generatePolicyFile();
break;
case "CHECK_DEFAULT_DIR":
checkDefaultDirectory();
break;
case "CHECK_FILE_CHOOSER":
checkFileChooser();
break;
default:
throw new RuntimeException("Wrong argument!");
}
}
private static void checkDefaultDirectory() {
if (System.getSecurityManager() == null) {
throw new RuntimeException("Security manager is not set!");
}
File defaultDirectory = FileSystemView.getFileSystemView().
getDefaultDirectory();
if (defaultDirectory != null) {
throw new RuntimeException("File system default directory is null!");
}
}
private static volatile JFileChooser fileChooser;
private static void checkFileChooser() throws Exception {
if (System.getSecurityManager() == null) {
throw new RuntimeException("Security manager is not set!");
}
Robot robot = new Robot();
robot.setAutoDelay(50);
SwingUtilities.invokeLater(new Runnable() {
public void run() {
fileChooser = new JFileChooser();
fileChooser.showOpenDialog(null);
fileChooserIsShown = true;
System.out.println("Start file chooser: " + fileChooserIsShown);
}
});
long time = System.currentTimeMillis();
while (fileChooser == null) {
if (System.currentTimeMillis() - time >= 10000) {
throw new RuntimeException("FileChoser is not shown!");
}
Thread.sleep(500);
}
Thread.sleep(500);
robot.keyPress(KeyEvent.VK_ESCAPE);
robot.keyRelease(KeyEvent.VK_ESCAPE);
System.exit(0);
}
private static void generatePolicyFile() throws Exception {
if (System.getSecurityManager() != null) {
throw new RuntimeException("Security manager should be null!");
}
if (!OSInfo.getOSType().equals(OSInfo.OSType.WINDOWS)) {
return;
}
File defaultDirectory = FileSystemView.getFileSystemView().
getDefaultDirectory();
if (defaultDirectory == null) {
throw new RuntimeException("Default directory is null!");
}
File policyFile = new File(POLICY_FILE);
if (!policyFile.exists()) {
policyFile.createNewFile();
}
try (PrintWriter writer = new PrintWriter(policyFile, "UTF-8")) {
writer.println("grant {");
String documents = defaultDirectory.getCanonicalPath();
documents = documents.replace('\\', '/');
// Documents permission
writer.print(" permission java.io.FilePermission");
writer.print(" \"" + documents + "\",");
writer.println(" \"read\";");
// Desktop permission
writer.print(" permission java.io.FilePermission");
writer.print(" \"" + documents.replace("Documents", "Desktop") + "\",");
writer.println(" \"read\";");
// robot permission // "java.awt.AWTPermission" "createRobot"
writer.print(" permission java.awt.AWTPermission");
writer.println(" \"createRobot\";");
writer.println("};");
}
performTest();
}
private static void performTest() throws Exception {
String javaPath = System.getProperty("java.home", "");
String command = javaPath + File.separator + "bin" + File.separator + "java"
+ " -Djava.security.manager -Djava.security.policy=" + POLICY_FILE
+ " bug8062561 CHECK_FILE_CHOOSER";
System.out.println(command);
boolean processExit = false;
Process process = Runtime.getRuntime().exec(command);
try {
processExit = process.waitFor(20, TimeUnit.SECONDS);
} catch (IllegalThreadStateException e) {
throw new RuntimeException(e);
}
System.out.println("[RESULT] : "
+ "The sub process has cleanly exited : PASS");
InputStream errorStream = process.getErrorStream();
System.out.println("========= Child process stderr ========");
boolean exception = dumpStream(errorStream);
if (exception) {
throw new RuntimeException("[RESULT] :"
+ " Exception in child process : FAIL");
}
System.out.println("=======================================");
InputStream processInputStream = process.getInputStream();
System.out.println("========= Child process output ========");
dumpStream(processInputStream);
System.out.println("=======================================");
if (!processExit) {
process.destroy();
throw new RuntimeException("[RESULT] : "
+ "The sub process has not exited : FAIL");
}
}
public static boolean dumpStream(InputStream in) throws IOException {
String tempString;
int count = in.available();
boolean exception = false;
while (count > 0) {
byte[] b = new byte[count];
in.read(b);
tempString = new String(b);
if (!exception) {
exception = tempString.indexOf("Exception") != -1;
}
System.out.println(tempString);
count = in.available();
}
return exception;
}
}
test/javax/swing/JFileChooser/8062561/security.policy 0 → 100644
浏览文件 @ 5a0c7e18
grant {
permission java.util.PropertyPermission "user.home", "read";
};
test/javax/swing/JFileChooser/8062561/security2.policy 0 → 100644
浏览文件 @ 5a0c7e18
// Autogenerated file
\ No newline at end of file
test/sun/security/ec/TestEC.java
浏览文件 @ 5a0c7e18
......@@ -68,6 +68,10 @@ public class TestEC {
}
public static void main0(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
Provider p = Security.getProvider("SunEC");
if (p == null) {
......
test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
浏览文件 @ 5a0c7e18
......@@ -43,6 +43,10 @@ public class ClientJSSEServerJSSE extends PKCS11Test {
private static String[] cmdArgs;
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
cmdArgs = args;
main(new ClientJSSEServerJSSE());
}
......
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java
浏览文件 @ 5a0c7e18
......@@ -32,6 +32,7 @@
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
import java.security.Security;
public class HttpsProtocols implements HostnameVerifier {
......@@ -177,6 +178,10 @@ public class HttpsProtocols implements HostnameVerifier {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
......
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
浏览文件 @ 5a0c7e18
......@@ -35,6 +35,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
import java.security.Security;
public class CustomizedDefaultProtocols {
static enum ContextVersion {
......@@ -93,6 +94,10 @@ public class CustomizedDefaultProtocols {
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
......
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
浏览文件 @ 5a0c7e18
......@@ -34,6 +34,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
import java.security.Security;
public class DefaultEnabledProtocols {
static enum ContextVersion {
......@@ -92,6 +93,10 @@ public class DefaultEnabledProtocols {
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
......
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
浏览文件 @ 5a0c7e18
......@@ -35,6 +35,7 @@
import javax.net.*;
import javax.net.ssl.*;
import java.util.Arrays;
import java.security.Security;
public class NoOldVersionContext {
static enum ContextVersion {
......@@ -93,6 +94,10 @@ public class NoOldVersionContext {
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
boolean failed = false;
for (ContextVersion cv : ContextVersion.values()) {
System.out.println("Checking SSLContext of " + cv.contextVersion);
......
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/DelegatedTaskWrongException.java
浏览文件 @ 5a0c7e18
......@@ -115,6 +115,9 @@ public class DelegatedTaskWrongException {
}
public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
DelegatedTaskWrongException test;
......
test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java
浏览文件 @ 5a0c7e18
......@@ -21,6 +21,11 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 4416068 4478803 4479736
......@@ -31,9 +36,6 @@
* 4701722 protocol mismatch exceptions should be consistent between
* SSLv3 and TLSv1
* @run main/othervm testEnabledProtocols
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @author Ram Marti
*/
......@@ -120,6 +122,10 @@ public class testEnabledProtocols {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
......
test/sun/security/ssl/javax/net/ssl/ServerName/SSLEngineExplorer.java
浏览文件 @ 5a0c7e18
......@@ -44,6 +44,7 @@ import java.nio.*;
import java.net.*;
import java.util.*;
import java.nio.channels.*;
import java.security.Security;
public class SSLEngineExplorer extends SSLEngineService {
......@@ -231,6 +232,10 @@ public class SSLEngineExplorer extends SSLEngineService {
volatile int serverPort = 0;
public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
if (debug)
System.setProperty("javax.net.debug", "all");
......
test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketExplorer.java
浏览文件 @ 5a0c7e18
......@@ -45,6 +45,7 @@ import java.nio.channels.*;
import java.util.*;
import java.net.*;
import javax.net.ssl.*;
import java.security.Security;
public class SSLSocketExplorer {
......@@ -224,6 +225,10 @@ public class SSLSocketExplorer {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + keyStoreFile;
......
test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java
浏览文件 @ 5a0c7e18
......@@ -29,9 +29,15 @@
* @run main/othervm/timeout=300 ClientJSSEServerJSSE
*/
import java.security.Security;
public class ClientJSSEServerJSSE {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
CipherTest.main(new JSSEFactory(), args);
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册