diff --git a/.hgtags b/.hgtags index 20942b24a9ea55a93b673541a7a23eebc22ab8f1..8bcba947fc9551d17a6a6886dcd7e63fd90f0149 100644 --- a/.hgtags +++ b/.hgtags @@ -695,3 +695,4 @@ f5d0aadb4d1ca74eda4e98cc0030f1618ef4c870 jdk8u131-b07 c0091a673d766ce2e76a945bab6de325fe78dd88 jdk8u131-b10 3ab471c4760a808e39406303ff33a25a542b9c75 jdk8u131-b11 a160009bbe1417d85f1c0eec890fdb17391b3637 jdk8u141-b00 +e95a13de2d36050302a1af422967f5260fc8eabd jdk8u141-b01 diff --git a/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java b/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java index 882067dfe4d6dde4b7ee2bc888d4698eaaaa2fe6..73f6b3357685556a4eaeb913807fed4abb481146 100644 --- a/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java +++ b/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java @@ -34,6 +34,10 @@ */ package java.util.concurrent; + +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.concurrent.locks.AbstractQueuedSynchronizer; import java.util.concurrent.locks.Condition; import java.util.concurrent.locks.ReentrantLock; @@ -569,6 +573,9 @@ public class ThreadPoolExecutor extends AbstractExecutorService { private static final RuntimePermission shutdownPerm = new RuntimePermission("modifyThread"); + /* The context to be used when executing the finalizer, or null. */ + private final AccessControlContext acc; + /** * Class Worker mainly maintains interrupt control state for * threads running tasks, along with other minor bookkeeping. @@ -1307,6 +1314,9 @@ public class ThreadPoolExecutor extends AbstractExecutorService { throw new IllegalArgumentException(); if (workQueue == null || threadFactory == null || handler == null) throw new NullPointerException(); + this.acc = System.getSecurityManager() == null ? + null : + AccessController.getContext(); this.corePoolSize = corePoolSize; this.maximumPoolSize = maximumPoolSize; this.workQueue = workQueue; @@ -1472,9 +1482,18 @@ public class ThreadPoolExecutor extends AbstractExecutorService { /** * Invokes {@code shutdown} when this executor is no longer * referenced and it has no threads. + * + *

This method is invoked with privileges that are restricted by + * the security context of the caller that invokes the constructor. */ protected void finalize() { - shutdown(); + SecurityManager sm = System.getSecurityManager(); + if (sm == null || acc == null) { + shutdown(); + } else { + PrivilegedAction pa = () -> { shutdown(); return null; }; + AccessController.doPrivileged(pa, acc); + } } /** diff --git a/src/share/classes/java/util/jar/JarVerifier.java b/src/share/classes/java/util/jar/JarVerifier.java index cf255c3337c6038d82ad355622125a709a787615..6e6eec5530688cdf719c3fd28afdda11878f85cd 100644 --- a/src/share/classes/java/util/jar/JarVerifier.java +++ b/src/share/classes/java/util/jar/JarVerifier.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -180,10 +180,12 @@ class JarVerifier { // only set the jev object for entries that have a signature // (either verified or not) - if (sigFileSigners.get(name) != null || - verifiedSigners.get(name) != null) { - mev.setEntry(name, je); - return; + if (!name.equals(JarFile.MANIFEST_NAME)) { + if (sigFileSigners.get(name) != null || + verifiedSigners.get(name) != null) { + mev.setEntry(name, je); + return; + } } // don't compute the digest for this entry diff --git a/src/share/classes/javax/imageio/spi/ServiceRegistry.java b/src/share/classes/javax/imageio/spi/ServiceRegistry.java index 7a5b727f8889a852b4d365643e7e8ad3936aee5d..981f9d30523f5647508ef83d0f9becb3f9684b37 100644 --- a/src/share/classes/javax/imageio/spi/ServiceRegistry.java +++ b/src/share/classes/javax/imageio/spi/ServiceRegistry.java @@ -26,6 +26,9 @@ package javax.imageio.spi; import java.io.File; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; @@ -701,11 +704,12 @@ class SubRegistry { Class category; - // Provider Objects organized by partial oridering - PartiallyOrderedSet poset = new PartiallyOrderedSet(); + // Provider Objects organized by partial ordering + final PartiallyOrderedSet poset = new PartiallyOrderedSet(); // Class -> Provider Object of that class - Map,Object> map = new HashMap(); + final Map,Object> map = new HashMap(); + final Map,AccessControlContext> accMap = new HashMap<>(); public SubRegistry(ServiceRegistry registry, Class category) { this.registry = registry; @@ -720,6 +724,7 @@ class SubRegistry { deregisterServiceProvider(oprovider); } map.put(provider.getClass(), provider); + accMap.put(provider.getClass(), AccessController.getContext()); poset.add(provider); if (provider instanceof RegisterableService) { RegisterableService rs = (RegisterableService)provider; @@ -739,6 +744,7 @@ class SubRegistry { if (provider == oprovider) { map.remove(provider.getClass()); + accMap.remove(provider.getClass()); poset.remove(provider); if (provider instanceof RegisterableService) { RegisterableService rs = (RegisterableService)provider; @@ -785,10 +791,17 @@ class SubRegistry { if (provider instanceof RegisterableService) { RegisterableService rs = (RegisterableService)provider; - rs.onDeregistration(registry, category); + AccessControlContext acc = accMap.get(provider.getClass()); + if (acc != null || System.getSecurityManager() == null) { + AccessController.doPrivileged((PrivilegedAction) () -> { + rs.onDeregistration(registry, category); + return null; + }, acc); + } } } poset.clear(); + accMap.clear(); } public void finalize() { diff --git a/src/share/classes/sun/awt/image/ImageWatched.java b/src/share/classes/sun/awt/image/ImageWatched.java index b740aa1870e7be33b4b572fde686a4f6b3ad3a04..07d964659bd8cce3a05fe85ef7f4a5b0b9e4a39f 100644 --- a/src/share/classes/sun/awt/image/ImageWatched.java +++ b/src/share/classes/sun/awt/image/ImageWatched.java @@ -29,6 +29,10 @@ import java.lang.ref.WeakReference; import java.awt.Image; import java.awt.image.ImageObserver; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; + public abstract class ImageWatched { public static Link endlink = new Link(); @@ -85,16 +89,26 @@ public abstract class ImageWatched { } } + static class AccWeakReference extends WeakReference { + + private final AccessControlContext acc; + + AccWeakReference(T ref) { + super(ref); + acc = AccessController.getContext(); + } + } + /* * Standard Link implementation to manage a Weak Reference * to an ImageObserver. */ public static class WeakLink extends Link { - private WeakReference myref; + private final AccWeakReference myref; private Link next; public WeakLink(ImageObserver obs, Link next) { - myref = new WeakReference(obs); + myref = new AccWeakReference(obs); this.next = next; } @@ -120,6 +134,19 @@ public abstract class ImageWatched { return this; } + private static boolean update(ImageObserver iw, AccessControlContext acc, + Image img, int info, + int x, int y, int w, int h) { + + if (acc != null || System.getSecurityManager() != null) { + return AccessController.doPrivileged( + (PrivilegedAction) () -> { + return iw.imageUpdate(img, info, x, y, w, h); + }, acc); + } + return false; + } + public boolean newInfo(Image img, int info, int x, int y, int w, int h) { @@ -129,7 +156,7 @@ public abstract class ImageWatched { if (myiw == null) { // My referent is null so we must prune in a second pass. ret = true; - } else if (myiw.imageUpdate(img, info, x, y, w, h) == false) { + } else if (update(myiw, myref.acc, img, info, x, y, w, h) == false) { // My referent has lost interest so clear it and ask // for a pruning pass to remove it later. myref.clear(); diff --git a/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java b/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java index a584ce9dbf5a143f9703f245060851c5ce404766..9c81dea3dcf7009df81a2ba8402caec96cc047bb 100644 --- a/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java +++ b/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -246,13 +246,16 @@ abstract class AsynchronousChannelGroupImpl abstract void shutdownHandlerTasks(); private void shutdownExecutors() { - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - pool.executor().shutdown(); - timeoutExecutor.shutdown(); - return null; - } - }); + AccessController.doPrivileged( + new PrivilegedAction() { + public Void run() { + pool.executor().shutdown(); + timeoutExecutor.shutdown(); + return null; + } + }, + null, + new RuntimePermission("modifyThread")); } @Override diff --git a/src/share/classes/sun/security/util/ManifestEntryVerifier.java b/src/share/classes/sun/security/util/ManifestEntryVerifier.java index 8e0169eb7542d0a1cc75c63b6f6506d22982fe5f..02dd76558c66410bac9dec3e2e467ecf08f2e8e7 100644 --- a/src/share/classes/sun/security/util/ManifestEntryVerifier.java +++ b/src/share/classes/sun/security/util/ManifestEntryVerifier.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -107,6 +107,8 @@ public class ManifestEntryVerifier { /* get the headers from the manifest for this entry */ /* if there aren't any, we can't verify any digests for this entry */ + skip = false; + Attributes attr = man.getAttributes(name); if (attr == null) { // ugh. we should be able to remove this at some point. @@ -141,7 +143,6 @@ public class ManifestEntryVerifier { } if (digest != null) { - skip = false; digest.reset(); digests.add(digest); manifestHashes.add( @@ -197,6 +198,10 @@ public class ManifestEntryVerifier { return null; } + if (digests.isEmpty()) { + throw new SecurityException("digest missing for " + name); + } + if (signers != null) return signers; diff --git a/src/share/native/common/check_code.c b/src/share/native/common/check_code.c index d01bec4e91f67f10cec7db248c4e3a6ed1cb428d..96091720772994603d313028f37f7ac0755f8bb4 100644 --- a/src/share/native/common/check_code.c +++ b/src/share/native/common/check_code.c @@ -457,6 +457,8 @@ static void *CCalloc(context_type *context, int size, jboolean zero); static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int); +static const char* get_result_signature(const char* signature); + static char signature_to_fieldtype(context_type *context, const char **signature_p, fullinfo_type *info); @@ -2775,7 +2777,7 @@ push_stack(context_type *context, unsigned int inumber, stack_info_type *new_sta operand); const char *result_signature; check_and_push(context, signature, VM_STRING_UTF); - result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC); + result_signature = get_result_signature(signature); if (result_signature++ == NULL) { CCerror(context, "Illegal signature %s", signature); } @@ -3698,6 +3700,42 @@ CFerror(context_type *context, char *format, ...) longjmp(context->jump_buffer, 1); } +/* + * Need to scan the entire signature to find the result type because + * types in the arg list and the result type could contain embedded ')'s. + */ +static const char* get_result_signature(const char* signature) { + const char *p; + for (p = signature; *p != JVM_SIGNATURE_ENDFUNC; p++) { + switch (*p) { + case JVM_SIGNATURE_BOOLEAN: + case JVM_SIGNATURE_BYTE: + case JVM_SIGNATURE_CHAR: + case JVM_SIGNATURE_SHORT: + case JVM_SIGNATURE_INT: + case JVM_SIGNATURE_FLOAT: + case JVM_SIGNATURE_DOUBLE: + case JVM_SIGNATURE_LONG: + case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */ + break; + case JVM_SIGNATURE_CLASS: + while (*p != JVM_SIGNATURE_ENDCLASS) p++; + break; + case JVM_SIGNATURE_ARRAY: + while (*p == JVM_SIGNATURE_ARRAY) p++; + /* If an array of classes, skip over class name, too. */ + if (*p == JVM_SIGNATURE_CLASS) { + while (*p != JVM_SIGNATURE_ENDCLASS) p++; + } + break; + default: + /* Indicate an error. */ + return NULL; + } + } + return p++; /* skip over ')'. */ +} + static char signature_to_fieldtype(context_type *context, const char **signature_p, fullinfo_type *full_info_p)