8218573: Better socket support

Reviewed-by: alanb, ahgross, chegar, igerasim

8218573: Better socket support
Reviewed-by: alanb, ahgross, chegar, igerasim
cf79f02c · michaelm · 835fb4e9 · cf79f02c · cf79f02c · cf79f02c
4 changed file
--- a/src/share/classes/java/net/NetPermission.java
+++ b/src/share/classes/java/net/NetPermission.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -150,6 +150,15 @@ stream handler that gets the actual bytes from someplace it does
 have access to. Thus it might be able to trick the system into
 creating a ProtectionDomain/CodeSource for a class even though
 that class really didn't come from that location.</td>
+ * </tr>
+ *
+ * <tr>
+ *   <th scope="row">setSocketImpl</th>
+ *   <td>The ability to create a sub-class of Socket or ServerSocket with a
+ *   user specified SocketImpl.</td>
+ *   <td>Malicious user-defined SocketImpls can change the behavior of
+ *   Socket and ServerSocket in surprising ways, by virtue of their
+ *   ability to access the protected fields of SocketImpl.</td>
 *   </tr>
 * </table>
 *

--- a/src/share/classes/java/net/ServerSocket.java
+++ b/src/share/classes/java/net/ServerSocket.java
@@ -31,6 +31,8 @@ import java.nio.channels.ServerSocketChannel;
 import java.security.AccessController;
 import java.security.PrivilegedExceptionAction;
+import sun.security.util.SecurityConstants;
 /**
 * This class implements server sockets. A server socket waits for
 * requests to come in over the network. It performs some operation
@@ -71,12 +73,25 @@ class ServerSocket implements java.io.Closeable {
    /**
     * Package-private constructor to create a ServerSocket associated with
     * the given SocketImpl.
+     *
+     * @throws     SecurityException if a security manager is set and
+     *             its {@code checkPermission} method doesn't allow
+     *             {@code NetPermission("setSocketImpl")}.
     */
    ServerSocket(SocketImpl impl) {
+        checkPermission();
        this.impl = impl;
        impl.setServerSocket(this);
    }
+    private static Void checkPermission() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(SecurityConstants.SET_SOCKETIMPL_PERMISSION);
+        }
+        return null;
+    }
    /**
     * Creates an unbound server socket.
     *

--- a/src/share/classes/java/net/Socket.java
+++ b/src/share/classes/java/net/Socket.java
@@ -25,6 +25,8 @@
 package java.net;
+import sun.security.util.SecurityConstants;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.IOException;
@@ -159,9 +161,14 @@ class Socket implements java.io.Closeable {
     *
     * @exception SocketException if there is an error in the underlying protocol,
     * such as a TCP error.
+     *
+     * @throws SecurityException if {@code impl} is non-null and a security manager is set
+     * and its {@code checkPermission} method doesn't allow {@code NetPermission("setSocketImpl")}.
+     *
     * @since   JDK1.1
     */
    protected Socket(SocketImpl impl) throws SocketException {
+        checkPermission(impl);
        this.impl = impl;
        if (impl != null) {
            checkOldImpl();
@@ -169,6 +176,17 @@ class Socket implements java.io.Closeable {
        }
    }
+    private static Void checkPermission(SocketImpl impl) {
+        if (impl == null) {
+            return null;
+        }
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(SecurityConstants.SET_SOCKETIMPL_PERMISSION);
+        }
+        return null;
+    }
    /**
     * Creates a stream socket and connects it to the specified port
     * number on the named host.

--- a/src/share/classes/sun/security/util/SecurityConstants.java
+++ b/src/share/classes/sun/security/util/SecurityConstants.java
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -176,6 +176,10 @@ public final class SecurityConstants {
    public static final NetPermission GET_RESPONSECACHE_PERMISSION =
       new NetPermission("getResponseCache");
+    // java.net.ServerSocket, java.net.Socket
+    public static final NetPermission SET_SOCKETIMPL_PERMISSION =
+       new NetPermission("setSocketImpl");
    // java.lang.SecurityManager, sun.applet.AppletPanel, sun.misc.Launcher
    public static final RuntimePermission CREATE_CLASSLOADER_PERMISSION =
        new RuntimePermission("createClassLoader");