From 5c89aa59bdf0811dec0ac7c93af8d0a4844c1d55 Mon Sep 17 00:00:00 2001 From: chegar Date: Mon, 8 Apr 2013 06:15:18 +0100 Subject: [PATCH] 8008593: Better URLClassLoader resource management Reviewed-by: alanb, sherman, hawtin --- make/java/zip/mapfile-vers | 1 + make/java/zip/reorder-i586 | 1 + make/java/zip/reorder-sparc | 1 + make/java/zip/reorder-sparcv9 | 1 + makefiles/mapfiles/libzip/mapfile-vers | 1 + makefiles/mapfiles/libzip/reorder-sparc | 1 + makefiles/mapfiles/libzip/reorder-sparcv9 | 1 + makefiles/mapfiles/libzip/reorder-x86 | 1 + src/share/classes/java/util/zip/ZipFile.java | 26 +++++++++++++-- .../sun/misc/JavaUtilZipFileAccess.java | 33 +++++++++++++++++++ src/share/classes/sun/misc/SharedSecrets.java | 11 +++++++ src/share/classes/sun/misc/URLClassPath.java | 21 ++++++++++-- src/share/native/java/util/zip/ZipFile.c | 8 +++++ src/share/native/java/util/zip/zip_util.c | 8 +++++ src/share/native/java/util/zip/zip_util.h | 1 + 15 files changed, 110 insertions(+), 6 deletions(-) create mode 100644 src/share/classes/sun/misc/JavaUtilZipFileAccess.java diff --git a/make/java/zip/mapfile-vers b/make/java/zip/mapfile-vers index ba6490cc3..383fedf2d 100644 --- a/make/java/zip/mapfile-vers +++ b/make/java/zip/mapfile-vers @@ -65,6 +65,7 @@ SUNWprivate_1.1 { Java_java_util_zip_ZipFile_initIDs; Java_java_util_zip_ZipFile_open; Java_java_util_zip_ZipFile_read; + Java_java_util_zip_ZipFile_startsWithLOC; ZIP_Close; ZIP_CRC32; diff --git a/make/java/zip/reorder-i586 b/make/java/zip/reorder-i586 index ee717ff2f..73ea67446 100644 --- a/make/java/zip/reorder-i586 +++ b/make/java/zip/reorder-i586 @@ -19,6 +19,7 @@ text: .text%ZIP_FreeEntry; text: .text%Java_java_util_zip_ZipFile_initIDs; text: .text%Java_java_util_zip_ZipFile_open; text: .text%Java_java_util_zip_ZipFile_getTotal; +text: .text%Java_java_util_zip_ZipFile_startsWithLOC; text: .text%Java_java_util_zip_ZipFile_getEntry; text: .text%Java_java_util_zip_ZipFile_freeEntry; text: .text%Java_java_util_zip_ZipFile_getEntryTime; diff --git a/make/java/zip/reorder-sparc b/make/java/zip/reorder-sparc index 176c7709e..a5cde391e 100644 --- a/make/java/zip/reorder-sparc +++ b/make/java/zip/reorder-sparc @@ -18,6 +18,7 @@ text: .text%ZIP_FreeEntry; text: .text%Java_java_util_zip_ZipFile_initIDs; text: .text%Java_java_util_zip_ZipFile_open; text: .text%Java_java_util_zip_ZipFile_getTotal; +text: .text%Java_java_util_zip_ZipFile_startsWithLOC; text: .text%Java_java_util_zip_ZipFile_getEntry; text: .text%Java_java_util_zip_ZipFile_freeEntry; text: .text%Java_java_util_zip_ZipFile_getEntryTime; diff --git a/make/java/zip/reorder-sparcv9 b/make/java/zip/reorder-sparcv9 index bf2d983ed..32ebae146 100644 --- a/make/java/zip/reorder-sparcv9 +++ b/make/java/zip/reorder-sparcv9 @@ -18,6 +18,7 @@ text: .text%ZIP_FreeEntry; text: .text%Java_java_util_zip_ZipFile_initIDs; text: .text%Java_java_util_zip_ZipFile_open; text: .text%Java_java_util_zip_ZipFile_getTotal; +text: .text%Java_java_util_zip_ZipFile_startsWithLOC; text: .text%Java_java_util_zip_ZipFile_getEntry; text: .text%Java_java_util_zip_ZipFile_freeEntry; text: .text%Java_java_util_zip_ZipFile_getEntryTime; diff --git a/makefiles/mapfiles/libzip/mapfile-vers b/makefiles/mapfiles/libzip/mapfile-vers index ba6490cc3..383fedf2d 100644 --- a/makefiles/mapfiles/libzip/mapfile-vers +++ b/makefiles/mapfiles/libzip/mapfile-vers @@ -65,6 +65,7 @@ SUNWprivate_1.1 { Java_java_util_zip_ZipFile_initIDs; Java_java_util_zip_ZipFile_open; Java_java_util_zip_ZipFile_read; + Java_java_util_zip_ZipFile_startsWithLOC; ZIP_Close; ZIP_CRC32; diff --git a/makefiles/mapfiles/libzip/reorder-sparc b/makefiles/mapfiles/libzip/reorder-sparc index df4ea6db1..e32c7ce2e 100644 --- a/makefiles/mapfiles/libzip/reorder-sparc +++ b/makefiles/mapfiles/libzip/reorder-sparc @@ -18,6 +18,7 @@ text: .text%ZIP_FreeEntry; text: .text%Java_java_util_zip_ZipFile_initIDs; text: .text%Java_java_util_zip_ZipFile_open; text: .text%Java_java_util_zip_ZipFile_getTotal; +text: .text%Java_java_util_zip_ZipFile_startsWithLOC; text: .text%Java_java_util_zip_ZipFile_getEntry; text: .text%Java_java_util_zip_ZipFile_freeEntry; text: .text%Java_java_util_zip_ZipFile_getEntryTime; diff --git a/makefiles/mapfiles/libzip/reorder-sparcv9 b/makefiles/mapfiles/libzip/reorder-sparcv9 index f5c24f29f..c1e3237e8 100644 --- a/makefiles/mapfiles/libzip/reorder-sparcv9 +++ b/makefiles/mapfiles/libzip/reorder-sparcv9 @@ -18,6 +18,7 @@ text: .text%ZIP_FreeEntry; text: .text%Java_java_util_zip_ZipFile_initIDs; text: .text%Java_java_util_zip_ZipFile_open; text: .text%Java_java_util_zip_ZipFile_getTotal; +text: .text%Java_java_util_zip_ZipFile_startsWithLOC; text: .text%Java_java_util_zip_ZipFile_getEntry; text: .text%Java_java_util_zip_ZipFile_freeEntry; text: .text%Java_java_util_zip_ZipFile_getEntryTime; diff --git a/makefiles/mapfiles/libzip/reorder-x86 b/makefiles/mapfiles/libzip/reorder-x86 index 16bc0de93..f3cf4ff61 100644 --- a/makefiles/mapfiles/libzip/reorder-x86 +++ b/makefiles/mapfiles/libzip/reorder-x86 @@ -19,6 +19,7 @@ text: .text%ZIP_FreeEntry; text: .text%Java_java_util_zip_ZipFile_initIDs; text: .text%Java_java_util_zip_ZipFile_open; text: .text%Java_java_util_zip_ZipFile_getTotal; +text: .text%Java_java_util_zip_ZipFile_startsWithLOC; text: .text%Java_java_util_zip_ZipFile_getEntry; text: .text%Java_java_util_zip_ZipFile_freeEntry; text: .text%Java_java_util_zip_ZipFile_getEntryTime; diff --git a/src/share/classes/java/util/zip/ZipFile.java b/src/share/classes/java/util/zip/ZipFile.java index 969380933..b6dbc243d 100644 --- a/src/share/classes/java/util/zip/ZipFile.java +++ b/src/share/classes/java/util/zip/ZipFile.java @@ -54,9 +54,10 @@ import static java.util.zip.ZipConstants64.*; */ public class ZipFile implements ZipConstants, Closeable { - private long jzfile; // address of jzfile data - private String name; // zip file name - private int total; // total number of entries + private long jzfile; // address of jzfile data + private final String name; // zip file name + private final int total; // total number of entries + private final boolean locsig; // if zip file starts with LOCSIG (usually true) private volatile boolean closeRequested = false; private static final int STORED = ZipEntry.STORED; @@ -216,6 +217,7 @@ class ZipFile implements ZipConstants, Closeable { sun.misc.PerfCounter.getZipFileCount().increment(); this.name = name; this.total = getTotal(jzfile); + this.locsig = startsWithLOC(jzfile); } /** @@ -737,10 +739,28 @@ class ZipFile implements ZipConstants, Closeable { } } + static { + sun.misc.SharedSecrets.setJavaUtilZipFileAccess( + new sun.misc.JavaUtilZipFileAccess() { + public boolean startsWithLocHeader(ZipFile zip) { + return zip.startsWithLocHeader(); + } + } + ); + } + + /** + * Returns {@code true} if, and only if, the zip file begins with {@code + * LOCSIG}. + */ + private boolean startsWithLocHeader() { + return locsig; + } private static native long open(String name, int mode, long lastModified, boolean usemmap) throws IOException; private static native int getTotal(long jzfile); + private static native boolean startsWithLOC(long jzfile); private static native int read(long jzfile, long jzentry, long pos, byte[] b, int off, int len); diff --git a/src/share/classes/sun/misc/JavaUtilZipFileAccess.java b/src/share/classes/sun/misc/JavaUtilZipFileAccess.java new file mode 100644 index 000000000..0534f3400 --- /dev/null +++ b/src/share/classes/sun/misc/JavaUtilZipFileAccess.java @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.misc; + +import java.util.zip.ZipFile; + +public interface JavaUtilZipFileAccess { + public boolean startsWithLocHeader(ZipFile zip); +} + diff --git a/src/share/classes/sun/misc/SharedSecrets.java b/src/share/classes/sun/misc/SharedSecrets.java index 42ac25a0b..e17575b52 100644 --- a/src/share/classes/sun/misc/SharedSecrets.java +++ b/src/share/classes/sun/misc/SharedSecrets.java @@ -52,6 +52,7 @@ public class SharedSecrets { private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess; private static JavaSecurityAccess javaSecurityAccess; + private static JavaUtilZipFileAccess javaUtilZipFileAccess; private static JavaAWTAccess javaAWTAccess; public static JavaUtilJarAccess javaUtilJarAccess() { @@ -152,6 +153,16 @@ public class SharedSecrets { return javaSecurityAccess; } + public static JavaUtilZipFileAccess getJavaUtilZipFileAccess() { + if (javaUtilZipFileAccess == null) + unsafe.ensureClassInitialized(java.util.zip.ZipFile.class); + return javaUtilZipFileAccess; + } + + public static void setJavaUtilZipFileAccess(JavaUtilZipFileAccess access) { + javaUtilZipFileAccess = access; + } + public static void setJavaAWTAccess(JavaAWTAccess jaa) { javaAWTAccess = jaa; } diff --git a/src/share/classes/sun/misc/URLClassPath.java b/src/share/classes/sun/misc/URLClassPath.java index 068bd7289..6c5e2c1b9 100644 --- a/src/share/classes/sun/misc/URLClassPath.java +++ b/src/share/classes/sun/misc/URLClassPath.java @@ -64,6 +64,7 @@ public class URLClassPath { final static String USER_AGENT_JAVA_VERSION = "UA-Java-Version"; final static String JAVA_VERSION; private static final boolean DEBUG; + private static final boolean DISABLE_JAR_CHECKING; /** * Used by launcher to indicate that checking of the JAR file "Profile" @@ -76,6 +77,9 @@ public class URLClassPath { new sun.security.action.GetPropertyAction("java.version")); DEBUG = (java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction("sun.misc.URLClassPath.debug")) != null); + String p = java.security.AccessController.doPrivileged( + new sun.security.action.GetPropertyAction("sun.misc.URLClassPath.disableJarChecking")); + DISABLE_JAR_CHECKING = p != null ? p.equals("true") || p.equals("") : false; } /* The original search path of URLs. */ @@ -544,7 +548,7 @@ public class URLClassPath { * in a hurry. */ JarURLConnection juc = (JarURLConnection)uc; - jarfile = juc.getJarFile(); + jarfile = JarLoader.checkJar(juc.getJarFile()); } } catch (Exception e) { return null; @@ -609,6 +613,8 @@ public class URLClassPath { private URLStreamHandler handler; private HashMap lmap; private boolean closed = false; + private static final sun.misc.JavaUtilZipFileAccess zipAccess = + sun.misc.SharedSecrets.getJavaUtilZipFileAccess(); /* * Creates a new JarLoader for the specified URL referring to @@ -713,6 +719,14 @@ public class URLClassPath { } } + /* Throws if the given jar file is does not start with the correct LOC */ + static JarFile checkJar(JarFile jar) throws IOException { + if (System.getSecurityManager() != null && !DISABLE_JAR_CHECKING + && !zipAccess.startsWithLocHeader(jar)) + throw new IOException("Invalid Jar file"); + return jar; + } + private JarFile getJarFile(URL url) throws IOException { // Optimize case where url refers to a local jar file if (isOptimizable(url)) { @@ -720,11 +734,12 @@ public class URLClassPath { if (!p.exists()) { throw new FileNotFoundException(p.getPath()); } - return new JarFile (p.getPath()); + return checkJar(new JarFile(p.getPath())); } URLConnection uc = getBaseURL().openConnection(); uc.setRequestProperty(USER_AGENT_JAVA_VERSION, JAVA_VERSION); - return ((JarURLConnection)uc).getJarFile(); + JarFile jarFile = ((JarURLConnection)uc).getJarFile(); + return checkJar(jarFile); } /* diff --git a/src/share/native/java/util/zip/ZipFile.c b/src/share/native/java/util/zip/ZipFile.c index 5c2c442c6..d66cccb74 100644 --- a/src/share/native/java/util/zip/ZipFile.c +++ b/src/share/native/java/util/zip/ZipFile.c @@ -137,6 +137,14 @@ Java_java_util_zip_ZipFile_getTotal(JNIEnv *env, jclass cls, jlong zfile) return zip->total; } +JNIEXPORT jboolean JNICALL +Java_java_util_zip_ZipFile_startsWithLOC(JNIEnv *env, jclass cls, jlong zfile) +{ + jzfile *zip = jlong_to_ptr(zfile); + + return zip->locsig; +} + JNIEXPORT void JNICALL Java_java_util_zip_ZipFile_close(JNIEnv *env, jclass cls, jlong zfile) { diff --git a/src/share/native/java/util/zip/zip_util.c b/src/share/native/java/util/zip/zip_util.c index 99bf07cd9..079244161 100644 --- a/src/share/native/java/util/zip/zip_util.c +++ b/src/share/native/java/util/zip/zip_util.c @@ -831,6 +831,14 @@ ZIP_Put_In_Cache0(const char *name, ZFILE zfd, char **pmsg, jlong lastModified, return NULL; } + // Assumption, zfd refers to start of file. Trivially, reuse errbuf. + if (readFully(zfd, errbuf, 4) != -1) { // errors will be handled later + if (GETSIG(errbuf) == LOCSIG) + zip->locsig = JNI_TRUE; + else + zip->locsig = JNI_FALSE; + } + len = zip->len = IO_Lseek(zfd, 0, SEEK_END); if (len <= 0) { if (len == 0) { /* zip file is empty */ diff --git a/src/share/native/java/util/zip/zip_util.h b/src/share/native/java/util/zip/zip_util.h index 5782eaacf..124e3f77e 100644 --- a/src/share/native/java/util/zip/zip_util.h +++ b/src/share/native/java/util/zip/zip_util.h @@ -210,6 +210,7 @@ typedef struct jzfile { /* Zip file */ start of the file. */ jboolean usemmap; /* if mmap is used. */ #endif + jboolean locsig; /* if zip file starts with LOCSIG */ cencache cencache; /* CEN header cache */ ZFILE zfd; /* open file descriptor */ void *lock; /* read lock */ -- GitLab