diff --git a/src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java b/src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java index 5c30d2712f413e2228ac42590734e70c6592a86b..31d714187aac4f82f1eae3e5894de207278288df 100644 --- a/src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java +++ b/src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -660,7 +660,7 @@ public class XmlReaderContentHandler extends DefaultHandler { //Added the handling for Class tags to take care of maps //Makes an entry into the map upon end of class tag try{ - typeMap.put(Key_map,Class.forName(Value_map)); + typeMap.put(Key_map,sun.reflect.misc.ReflectUtil.forName(Value_map)); }catch(ClassNotFoundException ex) { throw new SAXException(MessageFormat.format(resBundle.handleGetObject("xmlrch.errmap").toString(), ex.getMessage())); diff --git a/src/share/classes/javax/sql/rowset/spi/SyncFactory.java b/src/share/classes/javax/sql/rowset/spi/SyncFactory.java index 6797dc0d397adf5ad54ccee16edb69bb8fb86d2d..308d1beef491c3ddb2487903de9da107ab4fe72a 100644 --- a/src/share/classes/javax/sql/rowset/spi/SyncFactory.java +++ b/src/share/classes/javax/sql/rowset/spi/SyncFactory.java @@ -35,6 +35,8 @@ import java.io.FileInputStream; import java.io.InputStream; import java.io.IOException; import java.io.FileNotFoundException; +import java.security.AccessController; +import java.security.PrivilegedAction; import javax.naming.*; @@ -348,7 +350,17 @@ public class SyncFactory { /* * Dependent on application */ - String strRowsetProperties = System.getProperty("rowset.properties"); + String strRowsetProperties; + try { + strRowsetProperties = AccessController.doPrivileged(new PrivilegedAction() { + public String run() { + return System.getProperty("rowset.properties"); + } + }, null, new PropertyPermission("rowset.properties","read")); + } catch (Exception ex) { + strRowsetProperties = null; + } + if (strRowsetProperties != null) { // Load user's implementation of SyncProvider // here. -Drowset.properties=/abc/def/pqr.txt @@ -393,7 +405,16 @@ public class SyncFactory { * load additional properties from -D command line */ properties.clear(); - String providerImpls = System.getProperty(ROWSET_SYNC_PROVIDER); + String providerImpls; + try { + providerImpls = AccessController.doPrivileged(new PrivilegedAction() { + public String run() { + return System.getProperty(ROWSET_SYNC_PROVIDER); + } + }, null, new PropertyPermission(ROWSET_SYNC_PROVIDER,"read")); + } catch (Exception ex) { + providerImpls = null; + } if (providerImpls != null) { int i = 0; diff --git a/src/share/classes/sun/security/provider/ByteArrayAccess.java b/src/share/classes/sun/security/provider/ByteArrayAccess.java index 1c7641372aba6652434775f494575aa8885319d7..e06832bf3c6ec71166bc061e5372ca6ba6ccd42d 100644 --- a/src/share/classes/sun/security/provider/ByteArrayAccess.java +++ b/src/share/classes/sun/security/provider/ByteArrayAccess.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,10 +43,8 @@ import sun.misc.Unsafe; * These are the only platforms we currently support, but other optimized * variants could be added as needed. * - * NOTE that because this code performs unchecked direct memory access, it - * MUST be restricted to trusted code. It is imperative that the caller protects - * against out of bounds memory access by performing the necessary bounds - * checks before calling methods in this class. + * NOTE that ArrayIndexOutOfBoundsException will be thrown if the bounds checks + * failed. * * This class may also be helpful in improving the performance of the * crypto code in the SunJCE provider. However, for now it is only accessible by @@ -103,6 +101,10 @@ final class ByteArrayAccess { * byte[] to int[] conversion, little endian byte order. */ static void b2iLittle(byte[] in, int inOfs, int[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len) || + (outOfs < 0) || ((out.length - outOfs) < len/4)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; len += inOfs; @@ -131,6 +133,10 @@ final class ByteArrayAccess { // Special optimization of b2iLittle(in, inOfs, out, 0, 64) static void b2iLittle64(byte[] in, int inOfs, int[] out) { + if ((inOfs < 0) || ((in.length - inOfs) < 64) || + (out.length < 16)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; out[ 0] = unsafe.getInt(in, (long)(inOfs )); @@ -176,6 +182,10 @@ final class ByteArrayAccess { * int[] to byte[] conversion, little endian byte order. */ static void i2bLittle(int[] in, int inOfs, byte[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len/4) || + (outOfs < 0) || ((out.length - outOfs) < len)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { outOfs += byteArrayOfs; len += outOfs; @@ -204,6 +214,9 @@ final class ByteArrayAccess { // Store one 32-bit value into out[outOfs..outOfs+3] in little endian order. static void i2bLittle4(int val, byte[] out, int outOfs) { + if ((outOfs < 0) || ((out.length - outOfs) < 4)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { unsafe.putInt(out, (long)(byteArrayOfs + outOfs), val); } else if (bigEndian && ((outOfs & 3) == 0)) { @@ -220,6 +233,10 @@ final class ByteArrayAccess { * byte[] to int[] conversion, big endian byte order. */ static void b2iBig(byte[] in, int inOfs, int[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len) || + (outOfs < 0) || ((out.length - outOfs) < len/4)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; len += inOfs; @@ -248,6 +265,10 @@ final class ByteArrayAccess { // Special optimization of b2iBig(in, inOfs, out, 0, 64) static void b2iBig64(byte[] in, int inOfs, int[] out) { + if ((inOfs < 0) || ((in.length - inOfs) < 64) || + (out.length < 16)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; out[ 0] = reverseBytes(unsafe.getInt(in, (long)(inOfs ))); @@ -293,6 +314,10 @@ final class ByteArrayAccess { * int[] to byte[] conversion, big endian byte order. */ static void i2bBig(int[] in, int inOfs, byte[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len/4) || + (outOfs < 0) || ((out.length - outOfs) < len)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { outOfs += byteArrayOfs; len += outOfs; @@ -321,6 +346,9 @@ final class ByteArrayAccess { // Store one 32-bit value into out[outOfs..outOfs+3] in big endian order. static void i2bBig4(int val, byte[] out, int outOfs) { + if ((outOfs < 0) || ((out.length - outOfs) < 4)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { unsafe.putInt(out, (long)(byteArrayOfs + outOfs), reverseBytes(val)); } else if (bigEndian && ((outOfs & 3) == 0)) { @@ -337,6 +365,10 @@ final class ByteArrayAccess { * byte[] to long[] conversion, big endian byte order. */ static void b2lBig(byte[] in, int inOfs, long[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len) || + (outOfs < 0) || ((out.length - outOfs) < len/8)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; len += inOfs; @@ -378,6 +410,10 @@ final class ByteArrayAccess { // Special optimization of b2lBig(in, inOfs, out, 0, 128) static void b2lBig128(byte[] in, int inOfs, long[] out) { + if ((inOfs < 0) || ((in.length - inOfs) < 128) || + (out.length < 16)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; out[ 0] = reverseBytes(unsafe.getLong(in, (long)(inOfs ))); @@ -406,6 +442,10 @@ final class ByteArrayAccess { * long[] to byte[] conversion, big endian byte order. */ static void l2bBig(long[] in, int inOfs, byte[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len/8) || + (outOfs < 0) || ((out.length - outOfs) < len)) { + throw new ArrayIndexOutOfBoundsException(); + } len += outOfs; while (outOfs < len) { long i = in[inOfs++]; @@ -419,5 +459,4 @@ final class ByteArrayAccess { out[outOfs++] = (byte)(i ); } } - } diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux index 935a10fc00a0be8dc92ae9b867fcdc52f4fef202..0204b5d682c3b0f4fc2987a70528b4b61393c116 100644 --- a/src/share/lib/security/java.security-linux +++ b/src/share/lib/security/java.security-linux @@ -181,6 +181,7 @@ package.access=sun.,\ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ @@ -225,6 +226,7 @@ package.definition=sun.,\ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx index c30834ad220563143993e17bc8f6fd6b493f1ca2..375c6d7aaf21481624ef060d2868e6ab22844d1d 100644 --- a/src/share/lib/security/java.security-macosx +++ b/src/share/lib/security/java.security-macosx @@ -182,6 +182,7 @@ package.access=sun.,\ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ @@ -226,6 +227,7 @@ package.definition=sun.,\ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris index 35414ba92445685bf2865141d2f870eb37ad2a03..234ed1018f4544ccd7b5cabdfe82a215add97e85 100644 --- a/src/share/lib/security/java.security-solaris +++ b/src/share/lib/security/java.security-solaris @@ -183,6 +183,7 @@ package.access=sun.,\ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ @@ -226,6 +227,7 @@ package.definition=sun.,\ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows index 88293ad60dadfe1c39642740fd2215aa0701e360..81da2f262cafd3f58f09b9e92c1b0162eb8540eb 100644 --- a/src/share/lib/security/java.security-windows +++ b/src/share/lib/security/java.security-windows @@ -182,6 +182,7 @@ package.access=sun.,\ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ @@ -226,6 +227,7 @@ package.definition=sun.,\ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ diff --git a/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c b/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c index 183d2f84d01856b15b5eeb8dd5b4a061de431966..51ec140cfbec2e29a2dc41190ba869b2a22e9e74 100644 --- a/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c +++ b/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c @@ -215,6 +215,11 @@ void LinLerp1D(register const cmsUInt16Number Value[], Output[0] = LinearInterp(rest, y0, y1); } +// To prevent out of bounds indexing +cmsINLINE cmsFloat32Number fclamp(cmsFloat32Number v) +{ + return v < 0.0f ? 0.0f : (v > 1.0f ? 1.0f : v); +} // Floating-point version of 1D interpolation static @@ -227,13 +232,15 @@ void LinLerp1Dfloat(const cmsFloat32Number Value[], int cell0, cell1; const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table; + val2 = fclamp(Value[0]); + // if last value... - if (Value[0] == 1.0) { + if (val2 == 1.0) { Output[0] = LutTable[p -> Domain[0]]; return; } - val2 = p -> Domain[0] * Value[0]; + val2 *= p -> Domain[0]; cell0 = (int) floor(val2); cell1 = (int) ceil(val2); @@ -292,13 +299,15 @@ void Eval1InputFloat(const cmsFloat32Number Value[], cmsUInt32Number OutChan; const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table; + val2 = fclamp(Value[0]); + // if last value... - if (Value[0] == 1.0) { + if (val2 == 1.0) { Output[0] = LutTable[p -> Domain[0]]; return; } - val2 = p -> Domain[0] * Value[0]; + val2 *= p -> Domain[0]; cell0 = (int) floor(val2); cell1 = (int) ceil(val2); @@ -339,8 +348,8 @@ void BilinearInterpFloat(const cmsFloat32Number Input[], dxy; TotalOut = p -> nOutputs; - px = Input[0] * p->Domain[0]; - py = Input[1] * p->Domain[1]; + px = fclamp(Input[0]) * p->Domain[0]; + py = fclamp(Input[1]) * p->Domain[1]; x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0; y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0; @@ -454,20 +463,9 @@ void TrilinearInterpFloat(const cmsFloat32Number Input[], TotalOut = p -> nOutputs; // We need some clipping here - px = Input[0]; - py = Input[1]; - pz = Input[2]; - - if (px < 0) px = 0; - if (px > 1) px = 1; - if (py < 0) py = 0; - if (py > 1) py = 1; - if (pz < 0) pz = 0; - if (pz > 1) pz = 1; - - px *= p->Domain[0]; - py *= p->Domain[1]; - pz *= p->Domain[2]; + px = fclamp(Input[0]) * p->Domain[0]; + py = fclamp(Input[1]) * p->Domain[1]; + pz = fclamp(Input[2]) * p->Domain[2]; x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0; y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0; @@ -609,20 +607,9 @@ void TetrahedralInterpFloat(const cmsFloat32Number Input[], TotalOut = p -> nOutputs; // We need some clipping here - px = Input[0]; - py = Input[1]; - pz = Input[2]; - - if (px < 0) px = 0; - if (px > 1) px = 1; - if (py < 0) py = 0; - if (py > 1) py = 1; - if (pz < 0) pz = 0; - if (pz > 1) pz = 1; - - px *= p->Domain[0]; - py *= p->Domain[1]; - pz *= p->Domain[2]; + px = fclamp(Input[0]) * p->Domain[0]; + py = fclamp(Input[1]) * p->Domain[1]; + pz = fclamp(Input[2]) * p->Domain[2]; x0 = (int) _cmsQuickFloor(px); rx = (px - (cmsFloat32Number) x0); y0 = (int) _cmsQuickFloor(py); ry = (py - (cmsFloat32Number) y0); @@ -1039,8 +1026,7 @@ void Eval4InputsFloat(const cmsFloat32Number Input[], cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; @@ -1127,7 +1113,7 @@ void Eval5InputsFloat(const cmsFloat32Number Input[], cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; @@ -1214,7 +1200,7 @@ void Eval6InputsFloat(const cmsFloat32Number Input[], cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; @@ -1299,7 +1285,7 @@ void Eval7InputsFloat(const cmsFloat32Number Input[], cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; @@ -1384,7 +1370,7 @@ void Eval8InputsFloat(const cmsFloat32Number Input[], cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; diff --git a/test/java/lang/SecurityManager/CheckPackageAccess.java b/test/java/lang/SecurityManager/CheckPackageAccess.java index 7167bbb96c8311d06a2bfc9437396b35bdcf1338..4f848d51caf7e8fa093fbb11d53962f74ae1627d 100644 --- a/test/java/lang/SecurityManager/CheckPackageAccess.java +++ b/test/java/lang/SecurityManager/CheckPackageAccess.java @@ -23,7 +23,7 @@ /* * @test - * @bug 6741606 7146431 8000450 + * @bug 6741606 7146431 8000450 8022945 * @summary Make sure all restricted packages listed in the package.access * property in the java.security file are blocked * @run main/othervm CheckPackageAccess @@ -54,6 +54,7 @@ public class CheckPackageAccess { "com.sun.imageio.", "com.sun.istack.internal.", "com.sun.jmx.", + "com.sun.naming.internal.", "com.sun.proxy.", "com.sun.org.apache.bcel.internal.", "com.sun.org.apache.regexp.internal.",