diff -up ./openjdk/hotspot/src/share/vm/ci/ciEnv.cpp.mar10sec ./openjdk/hotspot/src/share/vm/ci/ciEnv.cpp
--- ./openjdk/hotspot/src/share/vm/ci/ciEnv.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/ci/ciEnv.cpp 2010-03-24 20:10:55.071365223 -0400
@@ -342,11 +342,6 @@ ciKlass* ciEnv::get_klass_by_name_impl(c
KILL_COMPILE_ON_FATAL_(fail_type));
}
- if (found_klass != NULL) {
- // Found it. Build a CI handle.
- return get_object(found_klass)->as_klass();
- }
-
// If we fail to find an array klass, look again for its element type.
// The element type may be available either locally or via constraints.
// In either case, if we can find the element type in the system dictionary,
@@ -371,6 +366,11 @@ ciKlass* ciEnv::get_klass_by_name_impl(c
}
}
+ if (found_klass != NULL) {
+ // Found it. Build a CI handle.
+ return get_object(found_klass)->as_klass();
+ }
+
if (require_local) return NULL;
// Not yet loaded into the VM, or not governed by loader constraints.
// Make a CI representative for it.
diff -up ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp.mar10sec ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp
--- ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.cpp 2010-03-24 20:10:55.071365223 -0400
@@ -335,32 +335,6 @@ klassOop LoaderConstraintTable::find_con
}
-klassOop LoaderConstraintTable::find_constrained_elem_klass(symbolHandle name,
- symbolHandle elem_name,
- Handle loader,
- TRAPS) {
- LoaderConstraintEntry *p = *(find_loader_constraint(name, loader));
- if (p != NULL) {
- assert(p->klass() == NULL, "Expecting null array klass");
-
- // The array name has a constraint, but it will not have a class. Check
- // each loader for an associated elem
- for (int i = 0; i < p->num_loaders(); i++) {
- Handle no_protection_domain;
-
- klassOop k = SystemDictionary::find(elem_name, p->loader(i), no_protection_domain, THREAD);
- if (k != NULL) {
- // Return the first elem klass found.
- return k;
- }
- }
- }
-
- // No constraints, or else no klass loaded yet.
- return NULL;
-}
-
-
void LoaderConstraintTable::ensure_loader_constraint_capacity(
LoaderConstraintEntry *p,
int nfree) {
diff -up ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp.mar10sec ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp
--- ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/classfile/loaderConstraints.hpp 2010-03-24 20:10:55.071365223 -0400
@@ -64,9 +64,6 @@ public:
Handle loader2, bool is_method, TRAPS);
klassOop find_constrained_klass(symbolHandle name, Handle loader);
- klassOop find_constrained_elem_klass(symbolHandle name, symbolHandle elem_name,
- Handle loader, TRAPS);
-
// Class loader constraints
diff -up ./openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp.mar10sec ./openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
--- ./openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp 2010-03-24 20:10:55.073399848 -0400
@@ -2061,9 +2061,8 @@ klassOop SystemDictionary::find_constrai
// a loader constraint that would require this loader to return the
// klass that is already loaded.
if (FieldType::is_array(class_name())) {
- // Array classes are hard because their klassOops are not kept in the
- // constraint table. The array klass may be constrained, but the elem class
- // may not be.
+ // For array classes, their klassOops are not kept in the
+ // constraint table. The element klassOops are.
jint dimension;
symbolOop object_key;
BasicType t = FieldType::get_array_info(class_name(), &dimension,
@@ -2073,8 +2072,9 @@ klassOop SystemDictionary::find_constrai
} else {
symbolHandle elem_name(THREAD, object_key);
MutexLocker mu(SystemDictionary_lock, THREAD);
- klass = constraints()->find_constrained_elem_klass(class_name, elem_name, class_loader, THREAD);
+ klass = constraints()->find_constrained_klass(elem_name, class_loader);
}
+ // If element class already loaded, allocate array klass
if (klass != NULL) {
klass = Klass::cast(klass)->array_klass_or_null(dimension);
}
@@ -2092,22 +2092,38 @@ bool SystemDictionary::add_loader_constr
Handle class_loader1,
Handle class_loader2,
Thread* THREAD) {
- unsigned int d_hash1 = dictionary()->compute_hash(class_name, class_loader1);
+ symbolHandle constraint_name;
+ if (!FieldType::is_array(class_name())) {
+ constraint_name = class_name;
+ } else {
+ // For array classes, their klassOops are not kept in the
+ // constraint table. The element classes are.
+ jint dimension;
+ symbolOop object_key;
+ BasicType t = FieldType::get_array_info(class_name(), &dimension,
+ &object_key, CHECK_(false));
+ // primitive types always pass
+ if (t != T_OBJECT) {
+ return true;
+ } else {
+ constraint_name = symbolHandle(THREAD, object_key);
+ }
+ }
+ unsigned int d_hash1 = dictionary()->compute_hash(constraint_name, class_loader1);
int d_index1 = dictionary()->hash_to_index(d_hash1);
- unsigned int d_hash2 = dictionary()->compute_hash(class_name, class_loader2);
+ unsigned int d_hash2 = dictionary()->compute_hash(constraint_name, class_loader2);
int d_index2 = dictionary()->hash_to_index(d_hash2);
-
{
- MutexLocker mu_s(SystemDictionary_lock, THREAD);
+ MutexLocker mu_s(SystemDictionary_lock, THREAD);
- // Better never do a GC while we're holding these oops
- No_Safepoint_Verifier nosafepoint;
+ // Better never do a GC while we're holding these oops
+ No_Safepoint_Verifier nosafepoint;
- klassOop klass1 = find_class(d_index1, d_hash1, class_name, class_loader1);
- klassOop klass2 = find_class(d_index2, d_hash2, class_name, class_loader2);
- return constraints()->add_entry(class_name, klass1, class_loader1,
- klass2, class_loader2);
+ klassOop klass1 = find_class(d_index1, d_hash1, constraint_name, class_loader1);
+ klassOop klass2 = find_class(d_index2, d_hash2, constraint_name, class_loader2);
+ return constraints()->add_entry(constraint_name, klass1, class_loader1,
+ klass2, class_loader2);
}
}
@@ -2139,6 +2155,7 @@ symbolOop SystemDictionary::find_resolut
// Returns the name of the type that failed a loader constraint check, or
// NULL if no constraint failed. The returned C string needs cleaning up
// with a ResourceMark in the caller
+// Arrays are not added to the loader constraint table, their elements are.
char* SystemDictionary::check_signature_loaders(symbolHandle signature,
Handle loader1, Handle loader2,
bool is_method, TRAPS) {
diff -up ./openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp.mar10sec ./openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp
--- ./openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/oops/typeArrayKlass.cpp 2010-03-24 20:10:55.074405950 -0400
@@ -122,16 +122,16 @@ void typeArrayKlass::copy_array(arrayOop
|| (((unsigned int) length + (unsigned int) dst_pos) > (unsigned int) d->length()) ) {
THROW(vmSymbols::java_lang_ArrayIndexOutOfBoundsException());
}
+ // Check zero copy
+ if (length == 0)
+ return;
// This is an attempt to make the copy_array fast.
- // NB: memmove takes care of overlapping memory segments.
- // Potential problem: memmove is not guaranteed to be word atomic
- // Revisit in Merlin
int l2es = log2_element_size();
int ihs = array_header_in_bytes() / wordSize;
- char* src = (char*) ((oop*)s + ihs) + (src_pos << l2es);
- char* dst = (char*) ((oop*)d + ihs) + (dst_pos << l2es);
- memmove(dst, src, length << l2es);
+ char* src = (char*) ((oop*)s + ihs) + ((size_t)src_pos << l2es);
+ char* dst = (char*) ((oop*)d + ihs) + ((size_t)dst_pos << l2es);
+ Copy::conjoint_memory_atomic(src, dst, (size_t)length << l2es);
}
diff -up ./openjdk/hotspot/src/share/vm/opto/cfgnode.cpp.mar10sec ./openjdk/hotspot/src/share/vm/opto/cfgnode.cpp
--- ./openjdk/hotspot/src/share/vm/opto/cfgnode.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/opto/cfgnode.cpp 2010-03-24 20:10:55.075397017 -0400
@@ -956,6 +956,7 @@ const Type *PhiNode::Value( PhaseTransfo
}
if( jtkp && ttkp ) {
if( jtkp->is_loaded() && jtkp->klass()->is_interface() &&
+ !jtkp->klass_is_exact() && // Keep exact interface klass (6894807)
ttkp->is_loaded() && !ttkp->klass()->is_interface() ) {
assert(ft == ttkp->cast_to_ptr_type(jtkp->ptr()) ||
ft->isa_narrowoop() && ft->make_ptr() == ttkp->cast_to_ptr_type(jtkp->ptr()), "");
diff -up ./openjdk/hotspot/src/share/vm/opto/type.cpp.mar10sec ./openjdk/hotspot/src/share/vm/opto/type.cpp
--- ./openjdk/hotspot/src/share/vm/opto/type.cpp.mar10sec 2009-05-14 19:36:38.000000000 -0400
+++ ./openjdk/hotspot/src/share/vm/opto/type.cpp 2010-03-24 20:10:55.076392010 -0400
@@ -2501,10 +2501,15 @@ const Type *TypeOopPtr::filter( const Ty
ftip->is_loaded() && ftip->klass()->is_interface() &&
ktip->is_loaded() && !ktip->klass()->is_interface()) {
// Happens in a CTW of rt.jar, 320-341, no extra flags
+ assert(!ftip->klass_is_exact(), "interface could not be exact");
return ktip->cast_to_ptr_type(ftip->ptr());
}
+
+ // Interface klass type could be exact in opposite to interface type,
+ // return it here instead of incorrect Constant ptr J/L/Object (6894807).
if (ftkp != NULL && ktkp != NULL &&
ftkp->is_loaded() && ftkp->klass()->is_interface() &&
+ !ftkp->klass_is_exact() && // Keep exact interface klass
ktkp->is_loaded() && !ktkp->klass()->is_interface()) {
// Happens in a CTW of rt.jar, 320-341, no extra flags
return ktkp->cast_to_ptr_type(ftkp->ptr());
diff -up ./openjdk/hotspot/test/compiler/6892265/Test.java.mar10sec ./openjdk/hotspot/test/compiler/6892265/Test.java
--- ./openjdk/hotspot/test/compiler/6892265/Test.java.mar10sec 2010-03-24 20:10:55.077393606 -0400
+++ ./openjdk/hotspot/test/compiler/6892265/Test.java 2010-03-24 20:10:55.076392010 -0400
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ *
+ */
+
+/**
+ * @test
+ * @bug 6892265
+ * @summary System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes
+ *
+ * @run main/othervm Test
+ */
+
+public class Test {
+ static final int NCOPY = 1;
+ static final int OVERFLOW = 1;
+ static int[] src2 = new int[NCOPY];
+ static int[] dst2;
+
+ static void test() {
+ int N;
+ int SIZE;
+
+ N = Integer.MAX_VALUE/4 + OVERFLOW;
+ System.arraycopy(src2, 0, dst2, N, NCOPY);
+ System.arraycopy(dst2, N, src2, 0, NCOPY);
+ }
+
+ public static void main(String[] args) {
+ try {
+ dst2 = new int[NCOPY + Integer.MAX_VALUE/4 + OVERFLOW];
+ } catch (OutOfMemoryError e) {
+ System.exit(95); // Not enough memory
+ }
+ System.out.println("warmup");
+ for (int i=0; i <11000; i++) {
+ test();
+ }
+ System.out.println("start");
+ for (int i=0; i <1000; i++) {
+ test();
+ }
+ System.out.println("finish");
+ }
+
+}
diff -up ./openjdk/jdk/src/share/classes/java/beans/EventHandler.java.mar10sec ./openjdk/jdk/src/share/classes/java/beans/EventHandler.java
--- ./openjdk/jdk/src/share/classes/java/beans/EventHandler.java.mar10sec 2009-04-24 03:34:05.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/beans/EventHandler.java 2010-03-24 20:10:55.077393606 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,6 @@ import java.security.AccessControlContex
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.util.EventObject;
import sun.reflect.misc.MethodUtil;
/**
@@ -279,9 +278,9 @@ import sun.reflect.misc.MethodUtil;
public class EventHandler implements InvocationHandler {
private Object target;
private String action;
- private String eventPropertyName;
- private String listenerMethodName;
- private AccessControlContext acc;
+ private final String eventPropertyName;
+ private final String listenerMethodName;
+ private final AccessControlContext acc = AccessController.getContext();
/**
* Creates a new <code>EventHandler</code> object;
@@ -309,7 +308,6 @@ public class EventHandler implements Inv
* @see #getListenerMethodName
*/
public EventHandler(Object target, String action, String eventPropertyName, String listenerMethodName) {
- this.acc = AccessController.getContext();
this.target = target;
this.action = action;
if (target == null) {
@@ -421,7 +419,11 @@ public class EventHandler implements Inv
* @see EventHandler
*/
public Object invoke(final Object proxy, final Method method, final Object[] arguments) {
- return AccessController.doPrivileged(new PrivilegedAction() {
+ AccessControlContext acc = this.acc;
+ if (acc == null && null != System.getSecurityManager()) {
+ throw new SecurityException("AccessControlContext is not set");
+ }
+ return AccessController.doPrivileged(new PrivilegedAction<Object>() {
public Object run() {
return invokeInternal(proxy, method, arguments);
}
@@ -481,7 +483,10 @@ public class EventHandler implements Inv
throw new RuntimeException(ex);
}
catch (InvocationTargetException ex) {
- throw new RuntimeException(ex.getTargetException());
+ Throwable th = ex.getTargetException();
+ throw (th instanceof RuntimeException)
+ ? (RuntimeException) th
+ : new RuntimeException(th);
}
}
return null;
diff -up ./openjdk/jdk/src/share/classes/java/beans/Statement.java.mar10sec ./openjdk/jdk/src/share/classes/java/beans/Statement.java
--- ./openjdk/jdk/src/share/classes/java/beans/Statement.java.mar10sec 2009-04-24 03:34:05.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/beans/Statement.java 2010-03-24 20:10:55.077393606 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,10 @@ import java.lang.reflect.Array;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import com.sun.beans.finder.ClassFinder;
import sun.reflect.misc.MethodUtil;
@@ -61,9 +65,10 @@ public class Statement {
}
};
- Object target;
- String methodName;
- Object[] arguments;
+ private final AccessControlContext acc = AccessController.getContext();
+ private final Object target;
+ private final String methodName;
+ private final Object[] arguments;
/**
* Creates a new <code>Statement</code> object with a <code>target</code>,
@@ -141,6 +146,27 @@ public class Statement {
}
Object invoke() throws Exception {
+ AccessControlContext acc = this.acc;
+ if (acc == null && null != System.getSecurityManager()) {
+ throw new SecurityException("AccessControlContext is not set");
+ }
+ try {
+ return AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Object>() {
+ public Object run()
+ throws Exception {
+ return invokeInternal();
+ }
+ },
+ acc
+ );
+ }
+ catch (PrivilegedActionException exception) {
+ throw exception.getException();
+ }
+ }
+
+ private Object invokeInternal() throws Exception {
Object target = getTarget();
String methodName = getMethodName();
diff -up ./openjdk/jdk/src/share/classes/java/io/File.java.mar10sec ./openjdk/jdk/src/share/classes/java/io/File.java
--- ./openjdk/jdk/src/share/classes/java/io/File.java.mar10sec 2009-04-24 03:34:05.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/io/File.java 2010-03-24 20:10:55.078393055 -0400
@@ -1936,11 +1936,12 @@ public class File
private synchronized void readObject(java.io.ObjectInputStream s)
throws IOException, ClassNotFoundException
{
- s.defaultReadObject();
+ ObjectInputStream.GetField fields = s.readFields();
+ String pathField = (String)fields.get("path", null);
char sep = s.readChar(); // read the previous separator char
if (sep != separatorChar)
- this.path = this.path.replace(sep, separatorChar);
- this.path = fs.normalize(this.path);
+ pathField = pathField.replace(sep, separatorChar);
+ this.path = fs.normalize(pathField);
this.prefixLength = fs.prefixLength(this.path);
}
diff -up ./openjdk/jdk/src/share/classes/java/lang/ProcessBuilder.java.mar10sec ./openjdk/jdk/src/share/classes/java/lang/ProcessBuilder.java
--- ./openjdk/jdk/src/share/classes/java/lang/ProcessBuilder.java.mar10sec 2009-04-24 03:34:06.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/lang/ProcessBuilder.java 2010-03-24 20:10:55.079393635 -0400
@@ -451,6 +451,7 @@ public final class ProcessBuilder
// Must convert to array first -- a malicious user-supplied
// list might try to circumvent the security check.
String[] cmdarray = command.toArray(new String[command.size()]);
+ cmdarray = cmdarray.clone();
for (String arg : cmdarray)
if (arg == null)
throw new NullPointerException();
diff -up ./openjdk/jdk/src/share/classes/java/lang/ThreadGroup.java.mar10sec ./openjdk/jdk/src/share/classes/java/lang/ThreadGroup.java
--- ./openjdk/jdk/src/share/classes/java/lang/ThreadGroup.java.mar10sec 2009-04-24 03:34:06.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/lang/ThreadGroup.java 2010-03-24 20:10:55.079393635 -0400
@@ -55,7 +55,7 @@ import sun.misc.VM;
*/
public
class ThreadGroup implements Thread.UncaughtExceptionHandler {
- ThreadGroup parent;
+ private final ThreadGroup parent;
String name;
int maxPriority;
boolean destroyed;
@@ -76,6 +76,7 @@ class ThreadGroup implements Thread.Unca
private ThreadGroup() { // called from C code
this.name = "system";
this.maxPriority = Thread.MAX_PRIORITY;
+ this.parent = null;
}
/**
@@ -113,10 +114,10 @@ class ThreadGroup implements Thread.Unca
* @since JDK1.0
*/
public ThreadGroup(ThreadGroup parent, String name) {
- if (parent == null) {
- throw new NullPointerException();
- }
- parent.checkAccess();
+ this(checkParentAccess(parent), parent, name);
+ }
+
+ private ThreadGroup(Void unused, ThreadGroup parent, String name) {
this.name = name;
this.maxPriority = parent.maxPriority;
this.daemon = parent.daemon;
@@ -125,6 +126,16 @@ class ThreadGroup implements Thread.Unca
parent.add(this);
}
+ /*
+ * @throws NullPointerException if the parent argument is {@code null}
+ * @throws SecurityException if the current thread cannot create a
+ * thread in the specified thread group.
+ */
+ private static Void checkParentAccess(ThreadGroup parent) {
+ parent.checkAccess();
+ return null;
+ }
+
/**
* Returns the name of this thread group.
*
diff -up ./openjdk/jdk/src/share/classes/java/net/DatagramSocket.java.mar10sec ./openjdk/jdk/src/share/classes/java/net/DatagramSocket.java
--- ./openjdk/jdk/src/share/classes/java/net/DatagramSocket.java.mar10sec 2009-04-24 03:34:06.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/net/DatagramSocket.java 2010-03-24 20:10:55.080392146 -0400
@@ -117,6 +117,7 @@ class DatagramSocket {
if (address == null) {
throw new IllegalArgumentException("connect: null address");
}
+ checkAddress (address, "connect");
if (isClosed())
return;
SecurityManager security = System.getSecurityManager();
@@ -361,13 +362,15 @@ class DatagramSocket {
InetSocketAddress epoint = (InetSocketAddress) addr;
if (epoint.isUnresolved())
throw new SocketException("Unresolved address");
+ InetAddress iaddr = epoint.getAddress();
+ int port = epoint.getPort();
+ checkAddress(iaddr, "bind");
SecurityManager sec = System.getSecurityManager();
if (sec != null) {
- sec.checkListen(epoint.getPort());
+ sec.checkListen(port);
}
try {
- getImpl().bind(epoint.getPort(),
- epoint.getAddress());
+ getImpl().bind(port, iaddr);
} catch (SocketException e) {
getImpl().close();
throw e;
@@ -375,6 +378,15 @@ class DatagramSocket {
bound = true;
}
+ void checkAddress (InetAddress addr, String op) {
+ if (addr == null) {
+ return;
+ }
+ if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
+ throw new IllegalArgumentException(op + ": invalid address type");
+ }
+ }
+
/**
* Connects the socket to a remote address for this socket. When a
* socket is connected to a remote address, packets may only be
@@ -580,6 +592,7 @@ class DatagramSocket {
synchronized (p) {
if (isClosed())
throw new SocketException("Socket is closed");
+ checkAddress (p.getAddress(), "send");
if (connectState == ST_NOT_CONNECTED) {
// check the address is ok wiht the security manager on every send.
SecurityManager security = System.getSecurityManager();
diff -up ./openjdk/jdk/src/share/classes/java/net/InetAddress.java.mar10sec ./openjdk/jdk/src/share/classes/java/net/InetAddress.java
--- ./openjdk/jdk/src/share/classes/java/net/InetAddress.java.mar10sec 2009-04-24 03:34:06.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/net/InetAddress.java 2010-03-24 20:10:55.080392146 -0400
@@ -35,6 +35,7 @@ import java.util.ArrayList;
import java.security.AccessController;
import java.io.ObjectStreamException;
import java.io.IOException;
+import java.io.ObjectInputStream;
import sun.security.action.*;
import sun.net.InetAddressCachePolicy;
import sun.net.util.IPAddressUtil;
@@ -1491,6 +1492,23 @@ class InetAddress implements java.io.Ser
return impl;
}
+
+ private void readObjectNoData (ObjectInputStream s) throws
+ IOException, ClassNotFoundException {
+ if (getClass().getClassLoader() != null) {
+ throw new SecurityException ("invalid address type");
+ }
+ }
+
+ private void readObject (ObjectInputStream s) throws
+ IOException, ClassNotFoundException {
+ s.defaultReadObject ();
+ if (getClass().getClassLoader() != null) {
+ hostName = null;
+ address = 0;
+ throw new SecurityException ("invalid address type");
+ }
+ }
}
/*
diff -up ./openjdk/jdk/src/share/classes/java/net/MulticastSocket.java.mar10sec ./openjdk/jdk/src/share/classes/java/net/MulticastSocket.java
--- ./openjdk/jdk/src/share/classes/java/net/MulticastSocket.java.mar10sec 2009-04-24 03:34:06.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/net/MulticastSocket.java 2010-03-24 20:10:55.081391947 -0400
@@ -287,6 +287,7 @@ class MulticastSocket extends DatagramSo
throw new SocketException("Socket is closed");
}
+ checkAddress(mcastaddr, "joinGroup");
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkMulticast(mcastaddr);
@@ -321,6 +322,7 @@ class MulticastSocket extends DatagramSo
throw new SocketException("Socket is closed");
}
+ checkAddress(mcastaddr, "leaveGroup");
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkMulticast(mcastaddr);
@@ -368,6 +370,7 @@ class MulticastSocket extends DatagramSo
if (oldImpl)
throw new UnsupportedOperationException();
+ checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "joinGroup");
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress());
@@ -414,6 +417,7 @@ class MulticastSocket extends DatagramSo
if (oldImpl)
throw new UnsupportedOperationException();
+ checkAddress(((InetSocketAddress)mcastaddr).getAddress(), "leaveGroup");
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkMulticast(((InetSocketAddress)mcastaddr).getAddress());
@@ -439,6 +443,7 @@ class MulticastSocket extends DatagramSo
if (isClosed()) {
throw new SocketException("Socket is closed");
}
+ checkAddress(inf, "setInterface");
synchronized (infLock) {
getImpl().setOption(SocketOptions.IP_MULTICAST_IF, inf);
infAddress = inf;
@@ -630,6 +635,7 @@ class MulticastSocket extends DatagramSo
throws IOException {
if (isClosed())
throw new SocketException("Socket is closed");
+ checkAddress(p.getAddress(), "send");
synchronized(ttlLock) {
synchronized(p) {
if (connectState == ST_NOT_CONNECTED) {
diff -up ./openjdk/jdk/src/share/classes/java/net/NetworkInterface.java.mar10sec ./openjdk/jdk/src/share/classes/java/net/NetworkInterface.java
--- ./openjdk/jdk/src/share/classes/java/net/NetworkInterface.java.mar10sec 2009-04-24 03:34:06.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/net/NetworkInterface.java 2010-03-24 20:10:55.081391947 -0400
@@ -278,8 +278,12 @@ public final class NetworkInterface {
* If the specified address is <tt>null</tt>.
*/
public static NetworkInterface getByInetAddress(InetAddress addr) throws SocketException {
- if (addr == null)
+ if (addr == null) {
throw new NullPointerException();
+ }
+ if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
+ throw new IllegalArgumentException ("invalid address type");
+ }
return getByInetAddress0(addr);
}
diff -up ./openjdk/jdk/src/share/classes/java/net/Socket.java.mar10sec ./openjdk/jdk/src/share/classes/java/net/Socket.java
--- ./openjdk/jdk/src/share/classes/java/net/Socket.java.mar10sec 2010-03-24 20:10:12.675406446 -0400
+++ ./openjdk/jdk/src/share/classes/java/net/Socket.java 2010-03-24 20:10:55.082393983 -0400
@@ -122,6 +122,9 @@ class Socket {
if (p.type() == Proxy.Type.SOCKS) {
SecurityManager security = System.getSecurityManager();
InetSocketAddress epoint = (InetSocketAddress) p.address();
+ if (epoint.getAddress() != null) {
+ checkAddress (epoint.getAddress(), "Socket");
+ }
if (security != null) {
if (epoint.isUnresolved())
epoint = new InetSocketAddress(epoint.getHostName(), epoint.getPort());
@@ -526,15 +529,16 @@ class Socket {
throw new IllegalArgumentException("Unsupported address type");
InetSocketAddress epoint = (InetSocketAddress) endpoint;
+ InetAddress addr = epoint.getAddress ();
+ int port = epoint.getPort();
+ checkAddress(addr, "connect");
SecurityManager security = System.getSecurityManager();
if (security != null) {
if (epoint.isUnresolved())
- security.checkConnect(epoint.getHostName(),
- epoint.getPort());
+ security.checkConnect(epoint.getHostName(), port);
else
- security.checkConnect(epoint.getAddress().getHostAddress(),
- epoint.getPort());
+ security.checkConnect(addr.getHostAddress(), port);
}
if (!created)
createImpl(true);
@@ -542,10 +546,9 @@ class Socket {
impl.connect(epoint, timeout);
else if (timeout == 0) {
if (epoint.isUnresolved())
- impl.connect(epoint.getAddress().getHostName(),
- epoint.getPort());
+ impl.connect(addr.getHostName(), port);
else
- impl.connect(epoint.getAddress(), epoint.getPort());
+ impl.connect(addr, port);
} else
throw new UnsupportedOperationException("SocketImpl.connect(addr, timeout)");
connected = true;
@@ -582,14 +585,25 @@ class Socket {
InetSocketAddress epoint = (InetSocketAddress) bindpoint;
if (epoint != null && epoint.isUnresolved())
throw new SocketException("Unresolved address");
- if (bindpoint == null)
- getImpl().bind(InetAddress.anyLocalAddress(), 0);
- else
- getImpl().bind(epoint.getAddress(),
- epoint.getPort());
+ if (epoint == null) {
+ epoint = new InetSocketAddress(0);
+ }
+ InetAddress addr = epoint.getAddress();
+ int port = epoint.getPort();
+ checkAddress (addr, "bind");
+ getImpl().bind (addr, port);
bound = true;
}
+ private void checkAddress (InetAddress addr, String op) {
+ if (addr == null) {
+ return;
+ }
+ if (!(addr instanceof Inet4Address || addr instanceof Inet6Address)) {
+ throw new IllegalArgumentException(op + ": invalid address type");
+ }
+ }
+
/**
* set the flags after an accept() call.
*/
diff -up ./openjdk/jdk/src/share/classes/java/security/Policy.java.mar10sec ./openjdk/jdk/src/share/classes/java/security/Policy.java
--- ./openjdk/jdk/src/share/classes/java/security/Policy.java.mar10sec 2009-04-24 03:34:07.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/security/Policy.java 2010-03-24 20:10:55.083393229 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,22 +28,19 @@ package java.security;
import java.io.*;
import java.lang.RuntimePermission;
+import java.lang.reflect.*;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Enumeration;
import java.util.Hashtable;
-import java.util.Vector;
-import java.util.StringTokenizer;
import java.util.PropertyPermission;
-
-import java.lang.reflect.*;
-
+import java.util.StringTokenizer;
+import java.util.Vector;
import java.util.WeakHashMap;
-import sun.security.util.Debug;
import sun.security.jca.GetInstance;
+import sun.security.util.Debug;
import sun.security.util.SecurityConstants;
-
/**
* A Policy object is responsible for determining whether code executing
* in the Java runtime environment has permission to perform a
@@ -113,8 +110,8 @@ public abstract class Policy {
private static final Debug debug = Debug.getInstance("policy");
- // Cache mapping ProtectionDomain to PermissionCollection
- private WeakHashMap<ProtectionDomain, PermissionCollection> pdMapping;
+ // Cache mapping ProtectionDomain.Key to PermissionCollection
+ private WeakHashMap<ProtectionDomain.Key, PermissionCollection> pdMapping;
/** package private for AccessControlContext */
static boolean isSet()
@@ -307,7 +304,7 @@ public abstract class Policy {
synchronized (p) {
if (p.pdMapping == null) {
p.pdMapping =
- new WeakHashMap<ProtectionDomain, PermissionCollection>();
+ new WeakHashMap<ProtectionDomain.Key, PermissionCollection>();
}
}
@@ -323,7 +320,7 @@ public abstract class Policy {
synchronized (p.pdMapping) {
// cache of pd to permissions
- p.pdMapping.put(policyDomain, policyPerms);
+ p.pdMapping.put(policyDomain.key, policyPerms);
}
}
return;
@@ -638,7 +635,7 @@ public abstract class Policy {
}
synchronized (pdMapping) {
- pc = pdMapping.get(domain);
+ pc = pdMapping.get(domain.key);
}
if (pc != null) {
@@ -697,7 +694,7 @@ public abstract class Policy {
}
synchronized (pdMapping) {
- pc = pdMapping.get(domain);
+ pc = pdMapping.get(domain.key);
}
if (pc != null) {
@@ -711,7 +708,7 @@ public abstract class Policy {
synchronized (pdMapping) {
// cache it
- pdMapping.put(domain, pc);
+ pdMapping.put(domain.key, pc);
}
return pc.implies(permission);
@@ -747,21 +744,25 @@ public abstract class Policy {
this.params = params;
}
- public String getType() { return type; }
+ @Override public String getType() { return type; }
- public Policy.Parameters getParameters() { return params; }
+ @Override public Policy.Parameters getParameters() { return params; }
- public Provider getProvider() { return p; }
+ @Override public Provider getProvider() { return p; }
+ @Override
public PermissionCollection getPermissions(CodeSource codesource) {
return spi.engineGetPermissions(codesource);
}
+ @Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
return spi.engineGetPermissions(domain);
}
+ @Override
public boolean implies(ProtectionDomain domain, Permission perm) {
return spi.engineImplies(domain, perm);
}
+ @Override
public void refresh() {
spi.engineRefresh();
}
@@ -803,7 +804,7 @@ public abstract class Policy {
* @exception SecurityException - if this PermissionCollection object
* has been marked readonly
*/
- public void add(Permission permission) {
+ @Override public void add(Permission permission) {
perms.add(permission);
}
@@ -816,7 +817,7 @@ public abstract class Policy {
* @return true if "permission" is implied by the permissions in
* the collection, false if not.
*/
- public boolean implies(Permission permission) {
+ @Override public boolean implies(Permission permission) {
return perms.implies(permission);
}
@@ -826,7 +827,7 @@ public abstract class Policy {
*
* @return an enumeration of all the Permissions.
*/
- public Enumeration<Permission> elements() {
+ @Override public Enumeration<Permission> elements() {
return perms.elements();
}
}
diff -up ./openjdk/jdk/src/share/classes/java/security/ProtectionDomain.java.mar10sec ./openjdk/jdk/src/share/classes/java/security/ProtectionDomain.java
--- ./openjdk/jdk/src/share/classes/java/security/ProtectionDomain.java.mar10sec 2009-04-24 03:34:07.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/security/ProtectionDomain.java 2010-03-24 20:10:55.083393229 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,9 +25,15 @@
package java.security;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
-import java.util.ArrayList;
+import java.util.Map;
+import java.util.WeakHashMap;
+import sun.misc.JavaSecurityProtectionDomainAccess;
+import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
+import sun.misc.SharedSecrets;
import sun.security.util.Debug;
import sun.security.util.SecurityConstants;
@@ -72,6 +78,11 @@ public class ProtectionDomain {
or dynamic (via a policy refresh) */
private boolean staticPermissions;
+ /*
+ * An object used as a key when the ProtectionDomain is stored in a Map.
+ */
+ final Key key = new Key();
+
private static final Debug debug = Debug.getInstance("domain");
/**
@@ -238,7 +249,7 @@ public class ProtectionDomain {
/**
* Convert a ProtectionDomain to a String.
*/
- public String toString() {
+ @Override public String toString() {
String pals = "<no principals>";
if (principals != null && principals.length > 0) {
StringBuilder palBuf = new StringBuilder("(principals ");
@@ -396,4 +407,29 @@ public class ProtectionDomain {
return mergedPerms;
}
+
+ /**
+ * Used for storing ProtectionDomains as keys in a Map.
+ */
+ final class Key {}
+
+ static {
+ SharedSecrets.setJavaSecurityProtectionDomainAccess(
+ new JavaSecurityProtectionDomainAccess() {
+ public ProtectionDomainCache getProtectionDomainCache() {
+ return new ProtectionDomainCache() {
+ private final Map<Key, PermissionCollection> map =
+ Collections.synchronizedMap
+ (new WeakHashMap<Key, PermissionCollection>());
+ public void put(ProtectionDomain pd,
+ PermissionCollection pc) {
+ map.put((pd == null ? null : pd.key), pc);
+ }
+ public PermissionCollection get(ProtectionDomain pd) {
+ return pd == null ? map.get(null) : map.get(pd.key);
+ }
+ };
+ }
+ });
+ }
}
diff -up ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java.mar10sec ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java
--- ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java.mar10sec 2009-04-24 03:34:08.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java 2010-03-24 20:10:55.084393397 -0400
@@ -57,7 +57,7 @@ public class AtomicIntegerArray implemen
private long rawIndex(int i) {
if (i < 0 || i >= array.length)
throw new IndexOutOfBoundsException("index " + i);
- return base + i * scale;
+ return base + (long) i * scale;
}
/**
diff -up ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java.mar10sec ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java
--- ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java.mar10sec 2009-04-24 03:34:08.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java 2010-03-24 20:10:55.084393397 -0400
@@ -56,7 +56,7 @@ public class AtomicLongArray implements
private long rawIndex(int i) {
if (i < 0 || i >= array.length)
throw new IndexOutOfBoundsException("index " + i);
- return base + i * scale;
+ return base + (long) i * scale;
}
/**
diff -up ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java.mar10sec ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
--- ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java.mar10sec 2009-04-24 03:34:08.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java 2010-03-24 20:10:55.084393397 -0400
@@ -57,7 +57,7 @@ public class AtomicReferenceArray<E> imp
private long rawIndex(int i) {
if (i < 0 || i >= array.length)
throw new IndexOutOfBoundsException("index " + i);
- return base + i * scale;
+ return base + (long) i * scale;
}
/**
diff -up ./openjdk/jdk/src/share/classes/java/util/zip/Deflater.java.mar10sec ./openjdk/jdk/src/share/classes/java/util/zip/Deflater.java
--- ./openjdk/jdk/src/share/classes/java/util/zip/Deflater.java.mar10sec 2009-04-24 03:34:09.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/util/zip/Deflater.java 2010-03-24 20:10:55.085392647 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -71,7 +71,8 @@ package java.util.zip;
*/
public
class Deflater {
- private long strm;
+
+ private final ZStreamRef zsRef;
private byte[] buf = new byte[0];
private int off, len;
private int level, strategy;
@@ -137,7 +138,7 @@ class Deflater {
public Deflater(int level, boolean nowrap) {
this.level = level;
this.strategy = DEFAULT_STRATEGY;
- strm = init(level, DEFAULT_STRATEGY, nowrap);
+ this.zsRef = new ZStreamRef(init(level, DEFAULT_STRATEGY, nowrap));
}
/**
@@ -165,16 +166,18 @@ class Deflater {
* @param len the length of the data
* @see Deflater#needsInput
*/
- public synchronized void setInput(byte[] b, int off, int len) {
+ public void setInput(byte[] b, int off, int len) {
if (b== null) {
throw new NullPointerException();
}
if (off < 0 || len < 0 || off > b.length - len) {
throw new ArrayIndexOutOfBoundsException();
}
- this.buf = b;
- this.off = off;
- this.len = len;
+ synchronized (zsRef) {
+ this.buf = b;
+ this.off = off;
+ this.len = len;
+ }
}
/**
@@ -199,14 +202,17 @@ class Deflater {
* @see Inflater#inflate
* @see Inflater#getAdler
*/
- public synchronized void setDictionary(byte[] b, int off, int len) {
- if (strm == 0 || b == null) {
+ public void setDictionary(byte[] b, int off, int len) {
+ if (b == null) {
throw new NullPointerException();
}
if (off < 0 || len < 0 || off > b.length - len) {
throw new ArrayIndexOutOfBoundsException();
}
- setDictionary(strm, b, off, len);
+ synchronized (zsRef) {
+ ensureOpen();
+ setDictionary(zsRef.address(), b, off, len);
+ }
}
/**
@@ -229,7 +235,7 @@ class Deflater {
* @exception IllegalArgumentException if the compression strategy is
* invalid
*/
- public synchronized void setStrategy(int strategy) {
+ public void setStrategy(int strategy) {
switch (strategy) {
case DEFAULT_STRATEGY:
case FILTERED:
@@ -238,9 +244,11 @@ class Deflater {
default:
throw new IllegalArgumentException();
}
- if (this.strategy != strategy) {
- this.strategy = strategy;
- setParams = true;
+ synchronized (zsRef) {
+ if (this.strategy != strategy) {
+ this.strategy = strategy;
+ setParams = true;
+ }
}
}
@@ -249,13 +257,15 @@ class Deflater {
* @param level the new compression level (0-9)
* @exception IllegalArgumentException if the compression level is invalid
*/
- public synchronized void setLevel(int level) {
+ public void setLevel(int level) {
if ((level < 0 || level > 9) && level != DEFAULT_COMPRESSION) {
throw new IllegalArgumentException("invalid compression level");
}
- if (this.level != level) {
- this.level = level;
- setParams = true;
+ synchronized (zsRef) {
+ if (this.level != level) {
+ this.level = level;
+ setParams = true;
+ }
}
}
@@ -273,8 +283,10 @@ class Deflater {
* When called, indicates that compression should end with the current
* contents of the input buffer.
*/
- public synchronized void finish() {
- finish = true;
+ public void finish() {
+ synchronized (zsRef) {
+ finish = true;
+ }
}
/**
@@ -283,8 +295,10 @@ class Deflater {
* @return true if the end of the compressed data output stream has
* been reached
*/
- public synchronized boolean finished() {
- return finished;
+ public boolean finished() {
+ synchronized (zsRef) {
+ return finished;
+ }
}
/**
@@ -297,14 +311,16 @@ class Deflater {
* @param len the maximum number of bytes of compressed data
* @return the actual number of bytes of compressed data
*/
- public synchronized int deflate(byte[] b, int off, int len) {
+ public int deflate(byte[] b, int off, int len) {
if (b == null) {
throw new NullPointerException();
}
if (off < 0 || len < 0 || off > b.length - len) {
throw new ArrayIndexOutOfBoundsException();
}
- return deflateBytes(b, off, len);
+ synchronized (zsRef) {
+ return deflateBytes(zsRef.address(), b, off, len);
+ }
}
/**
@@ -323,9 +339,11 @@ class Deflater {
* Returns the ADLER-32 value of the uncompressed data.
* @return the ADLER-32 value of the uncompressed data
*/
- public synchronized int getAdler() {
- ensureOpen();
- return getAdler(strm);
+ public int getAdler() {
+ synchronized (zsRef) {
+ ensureOpen();
+ return getAdler(zsRef.address());
+ }
}
/**
@@ -347,9 +365,11 @@ class Deflater {
* @return the total (non-negative) number of uncompressed bytes input so far
* @since 1.5
*/
- public synchronized long getBytesRead() {
- ensureOpen();
- return getBytesRead(strm);
+ public long getBytesRead() {
+ synchronized (zsRef) {
+ ensureOpen();
+ return getBytesRead(zsRef.address());
+ }
}
/**
@@ -371,21 +391,25 @@ class Deflater {
* @return the total (non-negative) number of compressed bytes output so far
* @since 1.5
*/
- public synchronized long getBytesWritten() {
- ensureOpen();
- return getBytesWritten(strm);
+ public long getBytesWritten() {
+ synchronized (zsRef) {
+ ensureOpen();
+ return getBytesWritten(zsRef.address());
+ }
}
/**
* Resets deflater so that a new set of input data can be processed.
* Keeps current compression level and strategy settings.
*/
- public synchronized void reset() {
- ensureOpen();
- reset(strm);
- finish = false;
- finished = false;
- off = len = 0;
+ public void reset() {
+ synchronized (zsRef) {
+ ensureOpen();
+ reset(zsRef.address());
+ finish = false;
+ finished = false;
+ off = len = 0;
+ }
}
/**
@@ -395,11 +419,14 @@ class Deflater {
* finalize() method. Once this method is called, the behavior
* of the Deflater object is undefined.
*/
- public synchronized void end() {
- if (strm != 0) {
- end(strm);
- strm = 0;
- buf = null;
+ public void end() {
+ synchronized (zsRef) {
+ long addr = zsRef.address();
+ zsRef.clear();
+ if (addr != 0) {
+ end(addr);
+ buf = null;
+ }
}
}
@@ -411,18 +438,19 @@ class Deflater {
}
private void ensureOpen() {
- if (strm == 0)
- throw new NullPointerException();
+ assert Thread.holdsLock(zsRef);
+ if (zsRef.address() == 0)
+ throw new NullPointerException("Deflater has been closed");
}
private static native void initIDs();
private native static long init(int level, int strategy, boolean nowrap);
- private native static void setDictionary(long strm, byte[] b, int off,
+ private native static void setDictionary(long addr, byte[] b, int off,
int len);
- private native int deflateBytes(byte[] b, int off, int len);
- private native static int getAdler(long strm);
- private native static long getBytesRead(long strm);
- private native static long getBytesWritten(long strm);
- private native static void reset(long strm);
- private native static void end(long strm);
+ private native int deflateBytes(long addr, byte[] b, int off, int len);
+ private native static int getAdler(long addr);
+ private native static long getBytesRead(long addr);
+ private native static long getBytesWritten(long addr);
+ private native static void reset(long addr);
+ private native static void end(long addr);
}
diff -up ./openjdk/jdk/src/share/classes/java/util/zip/Inflater.java.mar10sec ./openjdk/jdk/src/share/classes/java/util/zip/Inflater.java
--- ./openjdk/jdk/src/share/classes/java/util/zip/Inflater.java.mar10sec 2009-04-24 03:34:09.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/java/util/zip/Inflater.java 2010-03-24 20:10:55.085392647 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -72,12 +72,14 @@ package java.util.zip;
*/
public
class Inflater {
- private long strm;
- private byte[] buf = new byte[0];
+ private final ZStreamRef zsRef;
+ private byte[] buf = emptyBuf;
private int off, len;
private boolean finished;
private boolean needDict;
+ private static byte[] emptyBuf = new byte[0];
+
static {
/* Zip library is loaded from System.initializeSystemClass */
initIDs();
@@ -95,7 +97,7 @@ class Inflater {
* @param nowrap if true then support GZIP compatible compression
*/
public Inflater(boolean nowrap) {
- strm = init(nowrap);
+ zsRef = new ZStreamRef(init(nowrap));
}
/**
@@ -114,16 +116,18 @@ class Inflater {
* @param len the length of the input data
* @see Inflater#needsInput
*/
- public synchronized void setInput(byte[] b, int off, int len) {
+ public void setInput(byte[] b, int off, int len) {
if (b == null) {
throw new NullPointerException();
}
if (off < 0 || len < 0 || off > b.length - len) {
throw new ArrayIndexOutOfBoundsException();
}
- this.buf = b;
- this.off = off;
- this.len = len;
+ synchronized (zsRef) {
+ this.buf = b;
+ this.off = off;
+ this.len = len;
+ }
}
/**
@@ -148,15 +152,18 @@ class Inflater {
* @see Inflater#needsDictionary
* @see Inflater#getAdler
*/
- public synchronized void setDictionary(byte[] b, int off, int len) {
- if (strm == 0 || b == null) {
+ public void setDictionary(byte[] b, int off, int len) {
+ if (b == null) {
throw new NullPointerException();
}
if (off < 0 || len < 0 || off > b.length - len) {
throw new ArrayIndexOutOfBoundsException();
}
- setDictionary(strm, b, off, len);
- needDict = false;
+ synchronized (zsRef) {
+ ensureOpen();
+ setDictionary(zsRef.address(), b, off, len);
+ needDict = false;
+ }
}
/**
@@ -178,8 +185,10 @@ class Inflater {
* buffer after decompression has finished.
* @return the total number of bytes remaining in the input buffer
*/
- public synchronized int getRemaining() {
- return len;
+ public int getRemaining() {
+ synchronized (zsRef) {
+ return len;
+ }
}
/**
@@ -188,8 +197,10 @@ class Inflater {
* to provide more input.
* @return true if no data remains in the input buffer
*/
- public synchronized boolean needsInput() {
- return len <= 0;
+ public boolean needsInput() {
+ synchronized (zsRef) {
+ return len <= 0;
+ }
}
/**
@@ -197,8 +208,10 @@ class Inflater {
* @return true if a preset dictionary is needed for decompression
* @see Inflater#setDictionary
*/
- public synchronized boolean needsDictionary() {
- return needDict;
+ public boolean needsDictionary() {
+ synchronized (zsRef) {
+ return needDict;
+ }
}
/**
@@ -207,8 +220,10 @@ class Inflater {
* @return true if the end of the compressed data stream has been
* reached
*/
- public synchronized boolean finished() {
- return finished;
+ public boolean finished() {
+ synchronized (zsRef) {
+ return finished;
+ }
}
/**
@@ -226,7 +241,7 @@ class Inflater {
* @see Inflater#needsInput
* @see Inflater#needsDictionary
*/
- public synchronized int inflate(byte[] b, int off, int len)
+ public int inflate(byte[] b, int off, int len)
throws DataFormatException
{
if (b == null) {
@@ -235,7 +250,10 @@ class Inflater {
if (off < 0 || len < 0 || off > b.length - len) {
throw new ArrayIndexOutOfBoundsException();
}
- return inflateBytes(b, off, len);
+ synchronized (zsRef) {
+ ensureOpen();
+ return inflateBytes(zsRef.address(), b, off, len);
+ }
}
/**
@@ -259,9 +277,11 @@ class Inflater {
* Returns the ADLER-32 value of the uncompressed data.
* @return the ADLER-32 value of the uncompressed data
*/
- public synchronized int getAdler() {
- ensureOpen();
- return getAdler(strm);
+ public int getAdler() {
+ synchronized (zsRef) {
+ ensureOpen();
+ return getAdler(zsRef.address());
+ }
}
/**
@@ -283,9 +303,11 @@ class Inflater {
* @return the total (non-negative) number of compressed bytes input so far
* @since 1.5
*/
- public synchronized long getBytesRead() {
- ensureOpen();
- return getBytesRead(strm);
+ public long getBytesRead() {
+ synchronized (zsRef) {
+ ensureOpen();
+ return getBytesRead(zsRef.address());
+ }
}
/**
@@ -307,20 +329,25 @@ class Inflater {
* @return the total (non-negative) number of uncompressed bytes output so far
* @since 1.5
*/
- public synchronized long getBytesWritten() {
- ensureOpen();
- return getBytesWritten(strm);
+ public long getBytesWritten() {
+ synchronized (zsRef) {
+ ensureOpen();
+ return getBytesWritten(zsRef.address());
+ }
}
/**
* Resets inflater so that a new set of input data can be processed.
*/
- public synchronized void reset() {
- ensureOpen();
- reset(strm);
- finished = false;
- needDict = false;
- off = len = 0;
+ public void reset() {
+ synchronized (zsRef) {
+ ensureOpen();
+ reset(zsRef.address());
+ buf = emptyBuf;
+ finished = false;
+ needDict = false;
+ off = len = 0;
+ }
}
/**
@@ -330,11 +357,14 @@ class Inflater {
* method. Once this method is called, the behavior of the Inflater
* object is undefined.
*/
- public synchronized void end() {
- if (strm != 0) {
- end(strm);
- strm = 0;
- buf = null;
+ public void end() {
+ synchronized (zsRef) {
+ long addr = zsRef.address();
+ zsRef.clear();
+ if (addr != 0) {
+ end(addr);
+ buf = null;
+ }
}
}
@@ -346,19 +376,24 @@ class Inflater {
}
private void ensureOpen () {
- if (strm == 0)
- throw new NullPointerException();
+ assert Thread.holdsLock(zsRef);
+ if (zsRef.address() == 0)
+ throw new NullPointerException("Inflater has been closed");
+ }
+
+ private static class NativeStrm {
+ long strm;
}
private native static void initIDs();
private native static long init(boolean nowrap);
- private native static void setDictionary(long strm, byte[] b, int off,
+ private native static void setDictionary(long addr, byte[] b, int off,
int len);
- private native int inflateBytes(byte[] b, int off, int len)
+ private native int inflateBytes(long addr, byte[] b, int off, int len)
throws DataFormatException;
- private native static int getAdler(long strm);
- private native static long getBytesRead(long strm);
- private native static long getBytesWritten(long strm);
- private native static void reset(long strm);
- private native static void end(long strm);
+ private native static int getAdler(long addr);
+ private native static long getBytesRead(long addr);
+ private native static long getBytesWritten(long addr);
+ private native static void reset(long addr);
+ private native static void end(long addr);
}
diff -up ./openjdk/jdk/src/share/classes/java/util/zip/ZStreamRef.java.mar10sec ./openjdk/jdk/src/share/classes/java/util/zip/ZStreamRef.java
--- ./openjdk/jdk/src/share/classes/java/util/zip/ZStreamRef.java.mar10sec 2010-03-24 20:10:55.086392800 -0400
+++ ./openjdk/jdk/src/share/classes/java/util/zip/ZStreamRef.java 2010-03-24 20:10:55.086392800 -0400
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package java.util.zip;
+
+/**
+ * A reference to the native zlib's z_stream structure.
+ */
+
+class ZStreamRef {
+
+ private long address;
+ ZStreamRef (long address) {
+ this.address = address;
+ }
+
+ long address() {
+ return address;
+ }
+
+ void clear() {
+ address = 0;
+ }
+}
diff -up ./openjdk/jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java.mar10sec ./openjdk/jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
--- ./openjdk/jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java.mar10sec 2009-04-24 03:34:10.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java 2010-03-24 20:10:55.086392800 -0400
@@ -1264,6 +1264,7 @@ public class RMIConnectionImpl implement
*
* @return a String representation of this object.
**/
+ @Override
public String toString() {
return super.toString() + ": connectionId=" + connectionId;
}
@@ -1517,6 +1518,21 @@ public class RMIConnectionImpl implement
}
}
+ private static class SetCcl implements PrivilegedExceptionAction<ClassLoader> {
+ private final ClassLoader classLoader;
+
+ SetCcl(ClassLoader classLoader) {
+ this.classLoader = classLoader;
+ }
+
+ public ClassLoader run() {
+ Thread currentThread = Thread.currentThread();
+ ClassLoader old = currentThread.getContextClassLoader();
+ currentThread.setContextClassLoader(classLoader);
+ return old;
+ }
+ }
+
private static <T> T unwrap(final MarshalledObject mo,
final ClassLoader cl,
final Class<T> wrappedClass)
@@ -1525,22 +1541,14 @@ public class RMIConnectionImpl implement
return null;
}
try {
- return AccessController.doPrivileged(
- new PrivilegedExceptionAction<T>() {
- public T run()
- throws IOException {
- final ClassLoader old =
- Thread.currentThread().getContextClassLoader();
- Thread.currentThread().setContextClassLoader(cl);
- try {
- return wrappedClass.cast(mo.get());
- } catch (ClassNotFoundException cnfe) {
- throw new UnmarshalException(cnfe.toString(), cnfe);
- } finally {
- Thread.currentThread().setContextClassLoader(old);
- }
- }
- });
+ final ClassLoader old = AccessController.doPrivileged(new SetCcl(cl));
+ try {
+ return wrappedClass.cast(mo.get());
+ } catch (ClassNotFoundException cnfe) {
+ throw new UnmarshalException(cnfe.toString(), cnfe);
+ } finally {
+ AccessController.doPrivileged(new SetCcl(old));
+ }
} catch (PrivilegedActionException pe) {
Exception e = extractException(pe);
if (e instanceof IOException) {
@@ -1564,14 +1572,14 @@ public class RMIConnectionImpl implement
return null;
}
try {
- return AccessController.doPrivileged(
- new PrivilegedExceptionAction<T>() {
- public T run()
- throws IOException {
- return unwrap(mo, new OrderClassLoaders(cl1, cl2),
- wrappedClass);
- }
- });
+ ClassLoader orderCL = AccessController.doPrivileged(
+ new PrivilegedExceptionAction<ClassLoader>() {
+ public ClassLoader run() throws Exception {
+ return new OrderClassLoaders(cl1, cl2);
+ }
+ }
+ );
+ return unwrap(mo, orderCL, wrappedClass);
} catch (PrivilegedActionException pe) {
Exception e = extractException(pe);
if (e instanceof IOException) {
diff -up ./openjdk/jdk/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java.mar10sec ./openjdk/jdk/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java
--- ./openjdk/jdk/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java.mar10sec 2009-04-24 03:34:16.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java 2010-03-24 20:10:55.087392938 -0400
@@ -57,6 +57,7 @@ import sun.awt.AppContext;
import sun.awt.SunToolkit;
import sun.awt.datatransfer.DataTransferer;
import sun.awt.datatransfer.ToolkitThreadBlockedHandler;
+import sun.security.util.SecurityConstants;
/**
* <p>
@@ -216,6 +217,17 @@ public abstract class SunDropTargetConte
throws UnsupportedFlavorException, IOException,
InvalidDnDOperationException
{
+ SecurityManager sm = System.getSecurityManager();
+ try {
+ if (!dropComplete && sm != null) {
+ sm.checkSystemClipboardAccess();
+ }
+ } catch (Exception e) {
+ Thread currentThread = Thread.currentThread();
+ currentThread.getUncaughtExceptionHandler().uncaughtException(currentThread, e);
+ return null;
+ }
+
Long lFormat = null;
Transferable localTransferable = local;
diff -up ./openjdk/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java.mar10sec ./openjdk/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java
--- ./openjdk/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java.mar10sec 2010-03-24 20:10:15.931395423 -0400
+++ ./openjdk/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java 2010-03-24 20:10:55.088391978 -0400
@@ -333,10 +333,10 @@ public class ImageRepresentation extends
hints = h;
}
- public native void setICMpixels(int x, int y, int w, int h, int[] lut,
+ private native void setICMpixels(int x, int y, int w, int h, int[] lut,
byte[] pix, int off, int scansize,
IntegerComponentRaster ict);
- public native int setDiffICM(int x, int y, int w, int h, int[] lut,
+ private native int setDiffICM(int x, int y, int w, int h, int[] lut,
int transPix, int numLut, IndexColorModel icm,
byte[] pix, int off, int scansize,
ByteComponentRaster bct, int chanOff);
@@ -361,6 +361,64 @@ public class ImageRepresentation extends
}
createBufferedImage();
}
+
+ if (w <= 0 || h <= 0) {
+ return;
+ }
+
+ int biWidth = biRaster.getWidth();
+ int biHeight = biRaster.getHeight();
+
+ int x1 = x+w; // Overflow protection below
+ int y1 = y+h; // Overflow protection below
+ if (x < 0) {
+ off -= x;
+ x = 0;
+ } else if (x1 < 0) {
+ x1 = biWidth; // Must be overflow
+ }
+ if (y < 0) {
+ off -= y*scansize;
+ y = 0;
+ } else if (y1 < 0) {
+ y1 = biHeight; // Must be overflow
+ }
+ if (x1 > biWidth) {
+ x1 = biWidth;
+ }
+ if (y1 > biHeight) {
+ y1 = biHeight;
+ }
+ if (x >= x1 || y >= y1) {
+ return;
+ }
+ // x,y,x1,y1 are all >= 0, so w,h must be >= 0
+ w = x1-x;
+ h = y1-y;
+ // off is first pixel read so it must be in bounds
+ if (off < 0 || off >= pix.length) {
+ // They overflowed their own array
+ throw new ArrayIndexOutOfBoundsException("Data offset out of bounds.");
+ }
+ // pix.length and off are >= 0 so remainder >= 0
+ int remainder = pix.length - off;
+ if (remainder < w) {
+ // They overflowed their own array
+ throw new ArrayIndexOutOfBoundsException("Data array is too short.");
+ }
+ int num;
+ if (scansize < 0) {
+ num = (off / -scansize) + 1;
+ } else if (scansize > 0) {
+ num = ((remainder-w) / scansize) + 1;
+ } else {
+ num = h;
+ }
+ if (h > num) {
+ // They overflowed their own array.
+ throw new ArrayIndexOutOfBoundsException("Data array is too short.");
+ }
+
if (isSameCM && (cmodel != model) && (srcLUT != null) &&
(model instanceof IndexColorModel) &&
(biRaster instanceof ByteComponentRaster))
diff -up ./openjdk/jdk/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java.mar10sec ./openjdk/jdk/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java
--- ./openjdk/jdk/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java.mar10sec 2010-03-24 20:10:55.088391978 -0400
+++ ./openjdk/jdk/src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java 2010-03-24 20:10:55.088391978 -0400
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package sun.misc;
+
+import java.security.PermissionCollection;
+import java.security.ProtectionDomain;
+
+public interface JavaSecurityProtectionDomainAccess {
+ interface ProtectionDomainCache {
+ void put(ProtectionDomain pd, PermissionCollection pc);
+ PermissionCollection get(ProtectionDomain pd);
+ }
+ /**
+ * Returns the ProtectionDomainCache.
+ */
+ ProtectionDomainCache getProtectionDomainCache();
+}
diff -up ./openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java.mar10sec ./openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
--- ./openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java.mar10sec 2009-04-24 03:34:18.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java 2010-03-24 20:11:51.622368580 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -47,6 +47,7 @@ public class SharedSecrets {
private static JavaIODeleteOnExitAccess javaIODeleteOnExitAccess;
private static JavaNetAccess javaNetAccess;
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
+ private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
@@ -110,4 +111,17 @@ public class SharedSecrets {
return javaIOFileDescriptorAccess;
}
+ public static void setJavaSecurityProtectionDomainAccess
+ (JavaSecurityProtectionDomainAccess jspda) {
+ javaSecurityProtectionDomainAccess = jspda;
+ }
+
+ public static JavaSecurityProtectionDomainAccess
+ getJavaSecurityProtectionDomainAccess() {
+
+ if (javaSecurityProtectionDomainAccess == null)
+ unsafe.ensureClassInitialized(java.security.ProtectionDomain.class);
+
+ return javaSecurityProtectionDomainAccess;
+ }
}
diff -up ./openjdk/jdk/src/share/classes/sun/nio/ch/Net.java.mar10sec ./openjdk/jdk/src/share/classes/sun/nio/ch/Net.java
--- ./openjdk/jdk/src/share/classes/sun/nio/ch/Net.java.mar10sec 2009-04-24 03:34:19.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/sun/nio/ch/Net.java 2010-03-24 20:10:55.088391978 -0400
@@ -46,6 +46,9 @@ class Net {
InetSocketAddress isa = (InetSocketAddress)sa;
if (isa.isUnresolved())
throw new UnresolvedAddressException(); // ## needs arg
+ InetAddress addr = isa.getAddress();
+ if (!(addr instanceof Inet4Address || addr instanceof Inet6Address))
+ throw new IllegalArgumentException("Invalid address type");
return isa;
}
diff -up ./openjdk/jdk/src/share/classes/sun/security/provider/PolicyFile.java.mar10sec ./openjdk/jdk/src/share/classes/sun/security/provider/PolicyFile.java
--- ./openjdk/jdk/src/share/classes/sun/security/provider/PolicyFile.java.mar10sec 2009-04-24 03:34:23.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/sun/security/provider/PolicyFile.java 2010-03-24 20:10:55.090393013 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -66,6 +66,9 @@ import java.lang.reflect.ReflectPermissi
import javax.sound.sampled.AudioPermission;
import javax.net.ssl.SSLPermission;
*/
+import sun.misc.JavaSecurityProtectionDomainAccess;
+import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
+import sun.misc.SharedSecrets;
import sun.security.util.Password;
import sun.security.util.PolicyUtil;
import sun.security.util.PropertyExpander;
@@ -1108,7 +1111,7 @@ public class PolicyFile extends java.sec
/**
* Refreshes the policy object by re-reading all the policy files.
*/
- public void refresh() {
+ @Override public void refresh() {
init(url);
}
@@ -1125,9 +1128,10 @@ public class PolicyFile extends java.sec
*
* @see java.security.ProtectionDomain
*/
+ @Override
public boolean implies(ProtectionDomain pd, Permission p) {
PolicyInfo pi = policyInfo.get();
- Map<ProtectionDomain, PermissionCollection> pdMap = pi.getPdMapping();
+ ProtectionDomainCache pdMap = pi.getPdMapping();
PermissionCollection pc = pdMap.get(pd);
@@ -1173,6 +1177,7 @@ public class PolicyFile extends java.sec
* @return the Permissions granted to the provided
* <code>ProtectionDomain</code>.
*/
+ @Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
Permissions perms = new Permissions();
@@ -1208,6 +1213,7 @@ public class PolicyFile extends java.sec
*
* @return the set of permissions according to the policy.
*/
+ @Override
public PermissionCollection getPermissions(CodeSource codesource) {
return getPermissions(new Permissions(), codesource);
}
@@ -2200,7 +2206,7 @@ public class PolicyFile extends java.sec
return codesource;
}
- public String toString(){
+ @Override public String toString(){
StringBuilder sb = new StringBuilder();
sb.append(ResourcesMgr.getString("("));
sb.append(getCodeSource());
@@ -2336,7 +2342,7 @@ public class PolicyFile extends java.sec
*
* @return false.
*/
- public boolean implies(Permission p) {
+ @Override public boolean implies(Permission p) {
return false;
}
@@ -2353,7 +2359,7 @@ public class PolicyFile extends java.sec
* type (class) name, permission name, actions, and
* certificates as this object.
*/
- public boolean equals(Object obj) {
+ @Override public boolean equals(Object obj) {
if (obj == this)
return true;
@@ -2401,7 +2407,7 @@ public class PolicyFile extends java.sec
*
* @return a hash code value for this object.
*/
- public int hashCode() {
+ @Override public int hashCode() {
int hash = type.hashCode();
if (name != null)
hash ^= name.hashCode();
@@ -2420,7 +2426,7 @@ public class PolicyFile extends java.sec
*
* @return the empty string "".
*/
- public String getActions() {
+ @Override public String getActions() {
return "";
}
@@ -2447,7 +2453,7 @@ public class PolicyFile extends java.sec
*
* @return information about this SelfPermission.
*/
- public String toString() {
+ @Override public String toString() {
return "(SelfPermission " + type + " " + name + " " + actions + ")";
}
}
@@ -2469,7 +2475,7 @@ public class PolicyFile extends java.sec
final Map aliasMapping;
// Maps ProtectionDomain to PermissionCollection
- private final Map<ProtectionDomain, PermissionCollection>[] pdMapping;
+ private final ProtectionDomainCache[] pdMapping;
private java.util.Random random;
PolicyInfo(int numCaches) {
@@ -2478,16 +2484,17 @@ public class PolicyFile extends java.sec
Collections.synchronizedList(new ArrayList<PolicyEntry>(2));
aliasMapping = Collections.synchronizedMap(new HashMap(11));
- pdMapping = new Map[numCaches];
+ pdMapping = new ProtectionDomainCache[numCaches];
+ JavaSecurityProtectionDomainAccess jspda
+ = SharedSecrets.getJavaSecurityProtectionDomainAccess();
for (int i = 0; i < numCaches; i++) {
- pdMapping[i] = Collections.synchronizedMap
- (new WeakHashMap<ProtectionDomain, PermissionCollection>());
+ pdMapping[i] = jspda.getProtectionDomainCache();
}
if (numCaches > 1) {
random = new java.util.Random();
}
}
- Map<ProtectionDomain, PermissionCollection> getPdMapping() {
+ ProtectionDomainCache getPdMapping() {
if (pdMapping.length == 1) {
return pdMapping[0];
} else {
diff -up ./openjdk/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java.mar10sec ./openjdk/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java
--- ./openjdk/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java.mar10sec 2009-04-24 03:34:23.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java 2010-03-24 20:10:55.090393013 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1996-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -96,13 +96,17 @@ final class ClientHandshaker extends Han
* Constructors
*/
ClientHandshaker(SSLSocketImpl socket, SSLContextImpl context,
- ProtocolList enabledProtocols) {
+ ProtocolList enabledProtocols,
+ ProtocolVersion activeProtocolVersion) {
super(socket, context, enabledProtocols, true, true);
+ this.activeProtocolVersion = activeProtocolVersion;
}
ClientHandshaker(SSLEngineImpl engine, SSLContextImpl context,
- ProtocolList enabledProtocols) {
+ ProtocolList enabledProtocols,
+ ProtocolVersion activeProtocolVersion) {
super(engine, context, enabledProtocols, true, true);
+ this.activeProtocolVersion = activeProtocolVersion;
}
/*
@@ -250,7 +254,42 @@ final class ClientHandshaker extends Han
// sent the "client hello" but the server's not seen it.
//
if (state < HandshakeMessage.ht_client_hello) {
- kickstart();
+ if (!renegotiable) { // renegotiation is not allowed.
+ if (activeProtocolVersion.v >= ProtocolVersion.TLS10.v) {
+ // response with a no_negotiation warning,
+ warningSE(Alerts.alert_no_negotiation);
+
+ // invalidate the handshake so that the caller can
+ // dispose this object.
+ invalidated = true;
+
+ // If there is still unread block in the handshake
+ // input stream, it would be truncated with the disposal
+ // and the next handshake message will become incomplete.
+ //
+ // However, according to SSL/TLS specifications, no more
+ // handshake message could immediately follow ClientHello
+ // or HelloRequest. But in case of any improper messages,
+ // we'd better check to ensure there is no remaining bytes
+ // in the handshake input stream.
+ if (input.available() > 0) {
+ fatalSE(Alerts.alert_unexpected_message,
+ "HelloRequest followed by an unexpected " +
+ "handshake message");
+ }
+
+ } else {
+ // For SSLv3, send the handshake_failure fatal error.
+ // Note that SSLv3 does not define a no_negotiation alert
+ // like TLSv1. However we cannot ignore the message
+ // simply, otherwise the other side was waiting for a
+ // response that would never come.
+ fatalSE(Alerts.alert_handshake_failure,
+ "renegotiation is not allowed");
+ }
+ } else {
+ kickstart();
+ }
}
}
diff -up ./openjdk/jdk/src/share/classes/sun/security/ssl/Handshaker.java.mar10sec ./openjdk/jdk/src/share/classes/sun/security/ssl/Handshaker.java
--- ./openjdk/jdk/src/share/classes/sun/security/ssl/Handshaker.java.mar10sec 2010-03-24 20:10:10.812393837 -0400
+++ ./openjdk/jdk/src/share/classes/sun/security/ssl/Handshaker.java 2010-03-24 20:10:55.091393759 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1996-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -61,9 +61,12 @@ import sun.security.ssl.CipherSuite.*;
*/
abstract class Handshaker {
- // current protocol version
+ // protocol version being established using this Handshaker
ProtocolVersion protocolVersion;
+ // the currently active protocol version during a renegotiation
+ ProtocolVersion activeProtocolVersion;
+
// list of enabled protocols
ProtocolList enabledProtocols;
@@ -125,6 +128,13 @@ abstract class Handshaker {
/* Class and subclass dynamic debugging support */
static final Debug debug = Debug.getInstance("ssl");
+ // By default, disable the unsafe legacy session renegotiation
+ static final boolean renegotiable = Debug.getBooleanProperty(
+ "sun.security.ssl.allowUnsafeRenegotiation", false);
+
+ // need to dispose the object when it is invalidated
+ boolean invalidated;
+
Handshaker(SSLSocketImpl c, SSLContextImpl context,
ProtocolList enabledProtocols, boolean needCertVerify,
boolean isClient) {
@@ -145,6 +155,7 @@ abstract class Handshaker {
this.sslContext = context;
this.isClient = isClient;
enableNewSession = true;
+ invalidated = false;
setCipherSuite(CipherSuite.C_NULL);
@@ -490,7 +501,9 @@ abstract class Handshaker {
*/
void processLoop() throws IOException {
- while (input.available() > 0) {
+ // need to read off 4 bytes at least to get the handshake
+ // message type and length.
+ while (input.available() >= 4) {
byte messageType;
int messageLen;
diff -up ./openjdk/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java.mar10sec ./openjdk/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java
--- ./openjdk/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java.mar10sec 2009-04-24 03:34:24.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java 2010-03-24 20:10:55.092392338 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1996-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -74,6 +74,9 @@ final class ServerHandshaker extends Han
// flag to check for clientCertificateVerify message
private boolean needClientVerify = false;
+ // indicate a renegotiation handshaking
+ private boolean isRenegotiation = false;
+
/*
* For exportable ciphersuites using non-exportable key sizes, we use
* ephemeral RSA keys. We could also do anonymous RSA in the same way
@@ -101,20 +104,28 @@ final class ServerHandshaker extends Han
* Constructor ... use the keys found in the auth context.
*/
ServerHandshaker(SSLSocketImpl socket, SSLContextImpl context,
- ProtocolList enabledProtocols, byte clientAuth) {
+ ProtocolList enabledProtocols, byte clientAuth,
+ boolean isRenegotiation, ProtocolVersion activeProtocolVersion) {
+
super(socket, context, enabledProtocols,
(clientAuth != SSLEngineImpl.clauth_none), false);
doClientAuth = clientAuth;
+ this.isRenegotiation = isRenegotiation;
+ this.activeProtocolVersion = activeProtocolVersion;
}
/*
* Constructor ... use the keys found in the auth context.
*/
ServerHandshaker(SSLEngineImpl engine, SSLContextImpl context,
- ProtocolList enabledProtocols, byte clientAuth) {
+ ProtocolList enabledProtocols, byte clientAuth,
+ boolean isRenegotiation, ProtocolVersion activeProtocolVersion) {
+
super(engine, context, enabledProtocols,
(clientAuth != SSLEngineImpl.clauth_none), false);
doClientAuth = clientAuth;
+ this.isRenegotiation = isRenegotiation;
+ this.activeProtocolVersion = activeProtocolVersion;
}
/*
@@ -262,6 +273,45 @@ final class ServerHandshaker extends Han
if (debug != null && Debug.isOn("handshake")) {
mesg.print(System.out);
}
+
+ // if it is a renegotiation request and renegotiation is not allowed
+ if (isRenegotiation && !renegotiable) {
+ if (activeProtocolVersion.v >= ProtocolVersion.TLS10.v) {
+ // response with a no_negotiation warning,
+ warningSE(Alerts.alert_no_negotiation);
+
+ // invalidate the handshake so that the caller can
+ // dispose this object.
+ invalidated = true;
+
+ // If there is still unread block in the handshake
+ // input stream, it would be truncated with the disposal
+ // and the next handshake message will become incomplete.
+ //
+ // However, according to SSL/TLS specifications, no more
+ // handshake message could immediately follow ClientHello
+ // or HelloRequest. But in case of any improper messages,
+ // we'd better check to ensure there is no remaining bytes
+ // in the handshake input stream.
+ if (input.available() > 0) {
+ fatalSE(Alerts.alert_unexpected_message,
+ "ClientHello followed by an unexpected " +
+ "handshake message");
+
+ }
+
+ return;
+ } else {
+ // For SSLv3, send the handshake_failure fatal error.
+ // Note that SSLv3 does not define a no_negotiation alert
+ // like TLSv1. However we cannot ignore the message
+ // simply, otherwise the other side was waiting for a
+ // response that would never come.
+ fatalSE(Alerts.alert_handshake_failure,
+ "renegotiation is not allowed");
+ }
+ }
+
/*
* Always make sure this entire record has been digested before we
* start emitting output, to ensure correct digesting order.
diff -up ./openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java.mar10sec ./openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
--- ./openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java.mar10sec 2009-04-24 03:34:24.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java 2010-03-24 20:10:55.093398060 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -433,11 +433,12 @@ final public class SSLEngineImpl extends
connectionState = cs_RENEGOTIATE;
}
if (roleIsServer) {
- handshaker = new ServerHandshaker
- (this, sslContext, enabledProtocols, doClientAuth);
+ handshaker = new ServerHandshaker(this, sslContext,
+ enabledProtocols, doClientAuth,
+ connectionState == cs_RENEGOTIATE, protocolVersion);
} else {
- handshaker = new ClientHandshaker
- (this, sslContext, enabledProtocols);
+ handshaker = new ClientHandshaker(this, sslContext,
+ enabledProtocols, protocolVersion);
}
handshaker.enabledCipherSuites = enabledCipherSuites;
handshaker.setEnableSessionCreation(enableSessionCreation);
@@ -622,6 +623,10 @@ final public class SSLEngineImpl extends
break;
case cs_DATA:
+ if (!Handshaker.renegotiable) {
+ throw new SSLHandshakeException("renegotiation is not allowed");
+ }
+
// initialize the handshaker, move to cs_RENEGOTIATE
initHandshaker();
break;
@@ -949,7 +954,13 @@ final public class SSLEngineImpl extends
handshaker.process_record(inputRecord, expectingFinished);
expectingFinished = false;
- if (handshaker.isDone()) {
+ if (handshaker.invalidated) {
+ handshaker = null;
+ // if state is cs_RENEGOTIATE, revert it to cs_DATA
+ if (connectionState == cs_RENEGOTIATE) {
+ connectionState = cs_DATA;
+ }
+ } else if (handshaker.isDone()) {
sess = handshaker.getSession();
if (!writer.hasOutboundData()) {
hsStatus = HandshakeStatus.FINISHED;
diff -up ./openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java.mar10sec ./openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
--- ./openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java.mar10sec 2009-04-24 03:34:24.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java 2010-03-24 20:10:55.094392336 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1996-2008 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -904,7 +904,13 @@ final public class SSLSocketImpl extends
handshaker.process_record(r, expectingFinished);
expectingFinished = false;
- if (handshaker.isDone()) {
+ if (handshaker.invalidated) {
+ handshaker = null;
+ // if state is cs_RENEGOTIATE, revert it to cs_DATA
+ if (connectionState == cs_RENEGOTIATE) {
+ connectionState = cs_DATA;
+ }
+ } else if (handshaker.isDone()) {
sess = handshaker.getSession();
handshaker = null;
connectionState = cs_DATA;
@@ -922,6 +928,7 @@ final public class SSLSocketImpl extends
t.start();
}
}
+
if (needAppData || connectionState != cs_DATA) {
continue;
} else {
@@ -1080,11 +1087,12 @@ final public class SSLSocketImpl extends
connectionState = cs_RENEGOTIATE;
}
if (roleIsServer) {
- handshaker = new ServerHandshaker
- (this, sslContext, enabledProtocols, doClientAuth);
+ handshaker = new ServerHandshaker(this, sslContext,
+ enabledProtocols, doClientAuth,
+ connectionState == cs_RENEGOTIATE, protocolVersion);
} else {
- handshaker = new ClientHandshaker
- (this, sslContext, enabledProtocols);
+ handshaker = new ClientHandshaker(this, sslContext,
+ enabledProtocols, protocolVersion);
}
handshaker.enabledCipherSuites = enabledCipherSuites;
handshaker.setEnableSessionCreation(enableSessionCreation);
@@ -1189,6 +1197,10 @@ final public class SSLSocketImpl extends
break;
case cs_DATA:
+ if (!Handshaker.renegotiable) {
+ throw new SSLHandshakeException("renegotiation is not allowed");
+ }
+
// initialize the handshaker, move to cs_RENEGOTIATE
initHandshaker();
break;
diff -up ./openjdk/jdk/src/share/classes/sun/security/util/ObjectIdentifier.java.mar10sec ./openjdk/jdk/src/share/classes/sun/security/util/ObjectIdentifier.java
--- ./openjdk/jdk/src/share/classes/sun/security/util/ObjectIdentifier.java.mar10sec 2009-04-24 03:34:24.000000000 -0400
+++ ./openjdk/jdk/src/share/classes/sun/security/util/ObjectIdentifier.java 2010-03-24 20:10:55.094392336 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -323,6 +323,10 @@ class ObjectIdentifier implements Serial
for (i = 0, retval = 0; i < 4; i++) {
retval <<= 7;
tmp = in.getByte ();
+ if (i == 0 && tmp == 0x80) { // First byte is 0x80, BER
+ throw new IOException ("ObjectIdentifier() -- " +
+ "sub component starts with 0x80");
+ }
retval |= (tmp & 0x07f);
if ((tmp & 0x080) == 0)
return retval;
diff -up ./openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp.mar10sec ./openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp
--- ./openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp.mar10sec 2009-04-24 03:34:28.000000000 -0400
+++ ./openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp 2010-03-24 20:10:55.095392474 -0400
@@ -40,7 +40,7 @@ bool bytes::inBounds(const void* p) {
void bytes::malloc(size_t len_) {
len = len_;
- ptr = NEW(byte, len_+1); // add trailing zero byte always
+ ptr = NEW(byte, add_size(len_, 1)); // add trailing zero byte always
if (ptr == null) {
// set ptr to some victim memory, to ease escape
set(dummy, sizeof(dummy)-1);
@@ -56,7 +56,7 @@ void bytes::realloc(size_t len_) {
return;
}
byte* oldptr = ptr;
- ptr = (len_ >= PSIZE_MAX) ? null : (byte*)::realloc(ptr, len_+1);
+ ptr = (len_ >= PSIZE_MAX) ? null : (byte*)::realloc(ptr, add_size(len_, 1));
if (ptr != null) {
mtrace('r', oldptr, 0);
mtrace('m', ptr, len_+1);
diff -up ./openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp.mar10sec ./openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
--- ./openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp.mar10sec 2010-03-24 20:10:12.759371141 -0400
+++ ./openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp 2010-03-24 20:10:55.097391946 -0400
@@ -488,7 +488,7 @@ void* unpacker::alloc_heap(size_t size,
maybe_inline
void unpacker::saveTo(bytes& b, byte* ptr, size_t len) {
- b.ptr = U_NEW(byte, len+1);
+ b.ptr = U_NEW(byte, add_size(len,1));
if (aborting()) {
b.len = 0;
return;
@@ -675,7 +675,7 @@ void unpacker::read_file_header() {
if (archive_size < header_size_1) {
abort("too much read-ahead"); // somehow we pre-fetched too much?
return;
- }
+ }
input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)),
(size_t) header_size_0 + archive_size);
CHECK;
@@ -1129,7 +1129,7 @@ void unpacker::read_Utf8_values(entry* c
*fillp = 0; // bigbuf must contain a well-formed Utf8 string
int length = fillp - bigbuf.ptr;
bytes& value = cpMap[i].value.b;
- value.set(U_NEW(byte, length+1), length);
+ value.set(U_NEW(byte, add_size(length,1)), length);
value.copyFrom(bigbuf.ptr, length);
CHECK;
// Index all Utf8 strings
@@ -1601,7 +1601,7 @@ unpacker::attr_definitions::popBody(int
return no_bands;
} else {
int nb = bs_limit - bs_base;
- band** res = U_NEW(band*, nb+1);
+ band** res = U_NEW(band*, add_size(nb, 1));
CHECK_(no_bands);
for (int i = 0; i < nb; i++) {
band* b = (band*) band_stack.get(bs_base + i);
@@ -1710,7 +1710,7 @@ unpacker::attr_definitions::parseLayout(
}
// save away the case labels
int ntags = band_stack.length() - case_base;
- int* tags = U_NEW(int, 1+ntags);
+ int* tags = U_NEW(int, add_size(ntags, 1));
CHECK_(lp);
k_case.le_casetags = tags;
*tags++ = ntags;
@@ -3115,8 +3115,8 @@ void cpool::initMemberIndexes() {
int* field_counts = T_NEW(int, nclasses);
int* method_counts = T_NEW(int, nclasses);
cpindex* all_indexes = U_NEW(cpindex, nclasses*2);
- entry** field_ix = U_NEW(entry*, nfields+nclasses);
- entry** method_ix = U_NEW(entry*, nmethods+nclasses);
+ entry** field_ix = U_NEW(entry*, add_size(nfields, nclasses));
+ entry** method_ix = U_NEW(entry*, add_size(nmethods, nclasses));
for (j = 0; j < nfields; j++) {
entry& f = fields[j];
@@ -4104,7 +4104,7 @@ int unpacker::write_attrs(int attrc, jul
}
const char* suffix = ".java";
int len = prefix.len + strlen(suffix);
- bytes name; name.set(T_NEW(byte, len + 1), len);
+ bytes name; name.set(T_NEW(byte, add_size(len, 1)), len);
name.strcat(prefix).strcat(suffix);
ref = cp.ensureUtf8(name);
}
@@ -4619,7 +4619,7 @@ unpacker::file* unpacker::get_next_file(
bytes& prefix = cur_class->ref(0)->value.b;
const char* suffix = ".class";
int len = prefix.len + strlen(suffix);
- bytes name; name.set(T_NEW(byte, len + 1), len);
+ bytes name; name.set(T_NEW(byte, add_size(len, 1)), len);
cur_file.name = name.strcat(prefix).strcat(suffix).strval();
}
} else {
@@ -4686,6 +4686,7 @@ void unpacker::write_file_to_jar(unpacke
input.ensureSize(fleft);
}
rplimit = rp = input.base();
+ CHECK;
input.setLimit(rp + fleft);
if (!ensure_input(fleft))
abort("EOF reading resource file");
diff -up ./openjdk/jdk/src/share/native/java/util/zip/Deflater.c.mar10sec ./openjdk/jdk/src/share/native/java/util/zip/Deflater.c
--- ./openjdk/jdk/src/share/native/java/util/zip/Deflater.c.mar10sec 2010-03-24 20:10:11.131416107 -0400
+++ ./openjdk/jdk/src/share/native/java/util/zip/Deflater.c 2010-03-24 20:10:55.097391946 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,6 @@
#define DEF_MEM_LEVEL 8
-static jfieldID strmID;
static jfieldID levelID;
static jfieldID strategyID;
static jfieldID setParamsID;
@@ -49,7 +48,6 @@ static jfieldID bufID, offID, lenID;
JNIEXPORT void JNICALL
Java_java_util_zip_Deflater_initIDs(JNIEnv *env, jclass cls)
{
- strmID = (*env)->GetFieldID(env, cls, "strm", "J");
levelID = (*env)->GetFieldID(env, cls, "level", "I");
strategyID = (*env)->GetFieldID(env, cls, "strategy", "I");
setParamsID = (*env)->GetFieldID(env, cls, "setParams", "Z");
@@ -62,196 +60,195 @@ Java_java_util_zip_Deflater_initIDs(JNIE
JNIEXPORT jlong JNICALL
Java_java_util_zip_Deflater_init(JNIEnv *env, jclass cls, jint level,
- jint strategy, jboolean nowrap)
+ jint strategy, jboolean nowrap)
{
z_stream *strm = calloc(1, sizeof(z_stream));
if (strm == 0) {
- JNU_ThrowOutOfMemoryError(env, 0);
- return jlong_zero;
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return jlong_zero;
} else {
- char *msg;
- switch (deflateInit2(strm, level, Z_DEFLATED,
- nowrap ? -MAX_WBITS : MAX_WBITS,
- DEF_MEM_LEVEL, strategy)) {
- case Z_OK:
- return ptr_to_jlong(strm);
- case Z_MEM_ERROR:
- free(strm);
- JNU_ThrowOutOfMemoryError(env, 0);
- return jlong_zero;
- case Z_STREAM_ERROR:
- free(strm);
- JNU_ThrowIllegalArgumentException(env, 0);
- return jlong_zero;
- default:
- msg = strm->msg;
- free(strm);
- JNU_ThrowInternalError(env, msg);
- return jlong_zero;
- }
+ char *msg;
+ switch (deflateInit2(strm, level, Z_DEFLATED,
+ nowrap ? -MAX_WBITS : MAX_WBITS,
+ DEF_MEM_LEVEL, strategy)) {
+ case Z_OK:
+ return ptr_to_jlong(strm);
+ case Z_MEM_ERROR:
+ free(strm);
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return jlong_zero;
+ case Z_STREAM_ERROR:
+ free(strm);
+ JNU_ThrowIllegalArgumentException(env, 0);
+ return jlong_zero;
+ default:
+ msg = strm->msg;
+ free(strm);
+ JNU_ThrowInternalError(env, msg);
+ return jlong_zero;
+ }
}
}
JNIEXPORT void JNICALL
-Java_java_util_zip_Deflater_setDictionary(JNIEnv *env, jclass cls, jlong strm,
- jarray b, jint off, jint len)
+Java_java_util_zip_Deflater_setDictionary(JNIEnv *env, jclass cls, jlong addr,
+ jarray b, jint off, jint len)
{
Bytef *buf = (*env)->GetPrimitiveArrayCritical(env, b, 0);
int res;
if (buf == 0) {/* out of memory */
return;
}
- res = deflateSetDictionary((z_stream *)jlong_to_ptr(strm), buf + off, len);
+ res = deflateSetDictionary((z_stream *)jlong_to_ptr(addr), buf + off, len);
(*env)->ReleasePrimitiveArrayCritical(env, b, buf, 0);
switch (res) {
case Z_OK:
- break;
+ break;
case Z_STREAM_ERROR:
- JNU_ThrowIllegalArgumentException(env, 0);
- break;
+ JNU_ThrowIllegalArgumentException(env, 0);
+ break;
default:
- JNU_ThrowInternalError(env, ((z_stream *)jlong_to_ptr(strm))->msg);
- break;
+ JNU_ThrowInternalError(env, ((z_stream *)jlong_to_ptr(addr))->msg);
+ break;
}
}
JNIEXPORT jint JNICALL
-Java_java_util_zip_Deflater_deflateBytes(JNIEnv *env, jobject this,
- jarray b, jint off, jint len)
+Java_java_util_zip_Deflater_deflateBytes(JNIEnv *env, jobject this, jlong addr,
+ jarray b, jint off, jint len)
{
- z_stream *strm = jlong_to_ptr((*env)->GetLongField(env, this, strmID));
+ z_stream *strm = jlong_to_ptr(addr);
- if (strm == 0) {
- JNU_ThrowNullPointerException(env, 0);
- return 0;
- } else {
- jarray this_buf = (*env)->GetObjectField(env, this, bufID);
- jint this_off = (*env)->GetIntField(env, this, offID);
- jint this_len = (*env)->GetIntField(env, this, lenID);
- jbyte *in_buf;
- jbyte *out_buf;
- int res;
- if ((*env)->GetBooleanField(env, this, setParamsID)) {
- int level = (*env)->GetIntField(env, this, levelID);
- int strategy = (*env)->GetIntField(env, this, strategyID);
-
- in_buf = (jbyte *) malloc(this_len);
- if (in_buf == 0) {
- return 0;
- }
- (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf);
-
- out_buf = (jbyte *) malloc(len);
- if (out_buf == 0) {
- free(in_buf);
- return 0;
- }
-
- strm->next_in = (Bytef *) in_buf;
- strm->next_out = (Bytef *) out_buf;
- strm->avail_in = this_len;
- strm->avail_out = len;
- res = deflateParams(strm, level, strategy);
-
- if (res == Z_OK) {
- (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf);
- }
- free(out_buf);
- free(in_buf);
+ jarray this_buf = (*env)->GetObjectField(env, this, bufID);
+ jint this_off = (*env)->GetIntField(env, this, offID);
+ jint this_len = (*env)->GetIntField(env, this, lenID);
+ jbyte *in_buf;
+ jbyte *out_buf;
+ int res;
+ if ((*env)->GetBooleanField(env, this, setParamsID)) {
+ int level = (*env)->GetIntField(env, this, levelID);
+ int strategy = (*env)->GetIntField(env, this, strategyID);
+
+ in_buf = (jbyte *) malloc(this_len);
+ if (in_buf == 0) {
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return 0;
+ }
+ (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf);
- switch (res) {
- case Z_OK:
- (*env)->SetBooleanField(env, this, setParamsID, JNI_FALSE);
- this_off += this_len - strm->avail_in;
- (*env)->SetIntField(env, this, offID, this_off);
- (*env)->SetIntField(env, this, lenID, strm->avail_in);
- return len - strm->avail_out;
- case Z_BUF_ERROR:
- (*env)->SetBooleanField(env, this, setParamsID, JNI_FALSE);
- return 0;
- default:
- JNU_ThrowInternalError(env, strm->msg);
- return 0;
- }
- } else {
- jboolean finish = (*env)->GetBooleanField(env, this, finishID);
-
- in_buf = (jbyte *) malloc(this_len);
- if (in_buf == 0) {
- return 0;
- }
- (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf);
-
- out_buf = (jbyte *) malloc(len);
- if (out_buf == 0) {
- free(in_buf);
- return 0;
- }
-
- strm->next_in = (Bytef *) in_buf;
- strm->next_out = (Bytef *) out_buf;
- strm->avail_in = this_len;
- strm->avail_out = len;
- res = deflate(strm, finish ? Z_FINISH : Z_NO_FLUSH);
-
- if (res == Z_STREAM_END || res == Z_OK) {
- (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf);
- }
- free(out_buf);
+ out_buf = (jbyte *) malloc(len);
+ if (out_buf == 0) {
free(in_buf);
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return 0;
+ }
+
+ strm->next_in = (Bytef *) in_buf;
+ strm->next_out = (Bytef *) out_buf;
+ strm->avail_in = this_len;
+ strm->avail_out = len;
+ res = deflateParams(strm, level, strategy);
+
+ if (res == Z_OK) {
+ (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf);
+ }
+ free(out_buf);
+ free(in_buf);
+
+ switch (res) {
+ case Z_OK:
+ (*env)->SetBooleanField(env, this, setParamsID, JNI_FALSE);
+ this_off += this_len - strm->avail_in;
+ (*env)->SetIntField(env, this, offID, this_off);
+ (*env)->SetIntField(env, this, lenID, strm->avail_in);
+ return len - strm->avail_out;
+ case Z_BUF_ERROR:
+ (*env)->SetBooleanField(env, this, setParamsID, JNI_FALSE);
+ return 0;
+ default:
+ JNU_ThrowInternalError(env, strm->msg);
+ return 0;
+ }
+ } else {
+ jboolean finish = (*env)->GetBooleanField(env, this, finishID);
- switch (res) {
- case Z_STREAM_END:
- (*env)->SetBooleanField(env, this, finishedID, JNI_TRUE);
- /* fall through */
- case Z_OK:
- this_off += this_len - strm->avail_in;
- (*env)->SetIntField(env, this, offID, this_off);
- (*env)->SetIntField(env, this, lenID, strm->avail_in);
- return len - strm->avail_out;
- case Z_BUF_ERROR:
- return 0;
- default:
- JNU_ThrowInternalError(env, strm->msg);
- return 0;
- }
- }
+ in_buf = (jbyte *) malloc(this_len);
+ if (in_buf == 0) {
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return 0;
+ }
+ (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf);
+
+ out_buf = (jbyte *) malloc(len);
+ if (out_buf == 0) {
+ free(in_buf);
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return 0;
+ }
+
+ strm->next_in = (Bytef *) in_buf;
+ strm->next_out = (Bytef *) out_buf;
+ strm->avail_in = this_len;
+ strm->avail_out = len;
+ res = deflate(strm, finish ? Z_FINISH : Z_NO_FLUSH);
+
+ if (res == Z_STREAM_END || res == Z_OK) {
+ (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf);
+ }
+ free(out_buf);
+ free(in_buf);
+
+ switch (res) {
+ case Z_STREAM_END:
+ (*env)->SetBooleanField(env, this, finishedID, JNI_TRUE);
+ /* fall through */
+ case Z_OK:
+ this_off += this_len - strm->avail_in;
+ (*env)->SetIntField(env, this, offID, this_off);
+ (*env)->SetIntField(env, this, lenID, strm->avail_in);
+ return len - strm->avail_out;
+ case Z_BUF_ERROR:
+ return 0;
+ default:
+ JNU_ThrowInternalError(env, strm->msg);
+ return 0;
+ }
}
}
JNIEXPORT jint JNICALL
-Java_java_util_zip_Deflater_getAdler(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Deflater_getAdler(JNIEnv *env, jclass cls, jlong addr)
{
- return ((z_stream *)jlong_to_ptr(strm))->adler;
+ return ((z_stream *)jlong_to_ptr(addr))->adler;
}
JNIEXPORT jlong JNICALL
-Java_java_util_zip_Deflater_getBytesRead(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Deflater_getBytesRead(JNIEnv *env, jclass cls, jlong addr)
{
- return ((z_stream *)jlong_to_ptr(strm))->total_in;
+ return ((z_stream *)jlong_to_ptr(addr))->total_in;
}
JNIEXPORT jlong JNICALL
-Java_java_util_zip_Deflater_getBytesWritten(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Deflater_getBytesWritten(JNIEnv *env, jclass cls, jlong addr)
{
- return ((z_stream *)jlong_to_ptr(strm))->total_out;
+ return ((z_stream *)jlong_to_ptr(addr))->total_out;
}
JNIEXPORT void JNICALL
-Java_java_util_zip_Deflater_reset(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Deflater_reset(JNIEnv *env, jclass cls, jlong addr)
{
- if (deflateReset((z_stream *)jlong_to_ptr(strm)) != Z_OK) {
- JNU_ThrowInternalError(env, 0);
+ if (deflateReset((z_stream *)jlong_to_ptr(addr)) != Z_OK) {
+ JNU_ThrowInternalError(env, 0);
}
}
JNIEXPORT void JNICALL
-Java_java_util_zip_Deflater_end(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Deflater_end(JNIEnv *env, jclass cls, jlong addr)
{
- if (deflateEnd((z_stream *)jlong_to_ptr(strm)) == Z_STREAM_ERROR) {
- JNU_ThrowInternalError(env, 0);
+ if (deflateEnd((z_stream *)jlong_to_ptr(addr)) == Z_STREAM_ERROR) {
+ JNU_ThrowInternalError(env, 0);
} else {
- free((z_stream *)jlong_to_ptr(strm));
+ free((z_stream *)jlong_to_ptr(addr));
}
}
diff -up ./openjdk/jdk/src/share/native/java/util/zip/Inflater.c.mar10sec ./openjdk/jdk/src/share/native/java/util/zip/Inflater.c
--- ./openjdk/jdk/src/share/native/java/util/zip/Inflater.c.mar10sec 2010-03-24 20:10:11.133473719 -0400
+++ ./openjdk/jdk/src/share/native/java/util/zip/Inflater.c 2010-03-24 20:10:55.098393743 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,9 +39,8 @@
#include "java_util_zip_Inflater.h"
#define ThrowDataFormatException(env, msg) \
- JNU_ThrowByName(env, "java/util/zip/DataFormatException", msg)
+ JNU_ThrowByName(env, "java/util/zip/DataFormatException", msg)
-static jfieldID strmID;
static jfieldID needDictID;
static jfieldID finishedID;
static jfieldID bufID, offID, lenID;
@@ -49,7 +48,6 @@ static jfieldID bufID, offID, lenID;
JNIEXPORT void JNICALL
Java_java_util_zip_Inflater_initIDs(JNIEnv *env, jclass cls)
{
- strmID = (*env)->GetFieldID(env, cls, "strm", "J");
needDictID = (*env)->GetFieldID(env, cls, "needDict", "Z");
finishedID = (*env)->GetFieldID(env, cls, "finished", "Z");
bufID = (*env)->GetFieldID(env, cls, "buf", "[B");
@@ -63,153 +61,151 @@ Java_java_util_zip_Inflater_init(JNIEnv
z_stream *strm = calloc(1, sizeof(z_stream));
if (strm == 0) {
- JNU_ThrowOutOfMemoryError(env, 0);
- return jlong_zero;
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return jlong_zero;
} else {
- char *msg;
- switch (inflateInit2(strm, nowrap ? -MAX_WBITS : MAX_WBITS)) {
- case Z_OK:
- return ptr_to_jlong(strm);
- case Z_MEM_ERROR:
- free(strm);
- JNU_ThrowOutOfMemoryError(env, 0);
- return jlong_zero;
- default:
- msg = strm->msg;
- free(strm);
- JNU_ThrowInternalError(env, msg);
- return jlong_zero;
- }
+ char *msg;
+ switch (inflateInit2(strm, nowrap ? -MAX_WBITS : MAX_WBITS)) {
+ case Z_OK:
+ return ptr_to_jlong(strm);
+ case Z_MEM_ERROR:
+ free(strm);
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return jlong_zero;
+ default:
+ msg = strm->msg;
+ free(strm);
+ JNU_ThrowInternalError(env, msg);
+ return jlong_zero;
+ }
}
}
JNIEXPORT void JNICALL
-Java_java_util_zip_Inflater_setDictionary(JNIEnv *env, jclass cls, jlong strm,
- jarray b, jint off, jint len)
+Java_java_util_zip_Inflater_setDictionary(JNIEnv *env, jclass cls, jlong addr,
+ jarray b, jint off, jint len)
{
Bytef *buf = (*env)->GetPrimitiveArrayCritical(env, b, 0);
int res;
if (buf == 0) /* out of memory */
return;
- res = inflateSetDictionary(jlong_to_ptr(strm), buf + off, len);
+ res = inflateSetDictionary(jlong_to_ptr(addr), buf + off, len);
(*env)->ReleasePrimitiveArrayCritical(env, b, buf, 0);
switch (res) {
case Z_OK:
- break;
+ break;
case Z_STREAM_ERROR:
case Z_DATA_ERROR:
- JNU_ThrowIllegalArgumentException(env, ((z_stream *)jlong_to_ptr(strm))->msg);
- break;
+ JNU_ThrowIllegalArgumentException(env, ((z_stream *)jlong_to_ptr(addr))->msg);
+ break;
default:
- JNU_ThrowInternalError(env, ((z_stream *)jlong_to_ptr(strm))->msg);
- break;
+ JNU_ThrowInternalError(env, ((z_stream *)jlong_to_ptr(addr))->msg);
+ break;
}
}
JNIEXPORT jint JNICALL
-Java_java_util_zip_Inflater_inflateBytes(JNIEnv *env, jobject this,
- jarray b, jint off, jint len)
+Java_java_util_zip_Inflater_inflateBytes(JNIEnv *env, jobject this, jlong addr,
+ jarray b, jint off, jint len)
{
- z_stream *strm = jlong_to_ptr((*env)->GetLongField(env, this, strmID));
+ z_stream *strm = jlong_to_ptr(addr);
- if (strm == 0) {
- JNU_ThrowNullPointerException(env, 0);
- return 0;
- } else {
- jarray this_buf = (jarray)(*env)->GetObjectField(env, this, bufID);
- jint this_off = (*env)->GetIntField(env, this, offID);
- jint this_len = (*env)->GetIntField(env, this, lenID);
- jbyte *in_buf;
- jbyte *out_buf;
- int ret;
-
- in_buf = (jbyte *) malloc(this_len);
- if (in_buf == 0) {
- return 0;
- }
- (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf);
-
- out_buf = (jbyte *) malloc(len);
- if (out_buf == 0) {
- free(in_buf);
- return 0;
- }
-
- strm->next_in = (Bytef *) in_buf;
- strm->next_out = (Bytef *) out_buf;
- strm->avail_in = this_len;
- strm->avail_out = len;
- ret = inflate(strm, Z_PARTIAL_FLUSH);
-
- if (ret == Z_STREAM_END || ret == Z_OK) {
- (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf);
- }
- free(out_buf);
+ jarray this_buf = (jarray)(*env)->GetObjectField(env, this, bufID);
+ jint this_off = (*env)->GetIntField(env, this, offID);
+ jint this_len = (*env)->GetIntField(env, this, lenID);
+ jbyte *in_buf;
+ jbyte *out_buf;
+ int ret;
+
+ in_buf = (jbyte *) malloc(this_len);
+ if (in_buf == 0) {
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return 0;
+ }
+ (*env)->GetByteArrayRegion(env, this_buf, this_off, this_len, in_buf);
+
+ out_buf = (jbyte *) malloc(len);
+ if (out_buf == 0) {
free(in_buf);
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return 0;
+ }
+
+ strm->next_in = (Bytef *) in_buf;
+ strm->next_out = (Bytef *) out_buf;
+ strm->avail_in = this_len;
+ strm->avail_out = len;
+ ret = inflate(strm, Z_PARTIAL_FLUSH);
- switch (ret) {
- case Z_STREAM_END:
- (*env)->SetBooleanField(env, this, finishedID, JNI_TRUE);
- /* fall through */
- case Z_OK:
- this_off += this_len - strm->avail_in;
- (*env)->SetIntField(env, this, offID, this_off);
- (*env)->SetIntField(env, this, lenID, strm->avail_in);
- return len - strm->avail_out;
- case Z_NEED_DICT:
- (*env)->SetBooleanField(env, this, needDictID, JNI_TRUE);
- /* Might have consumed some input here! */
- this_off += this_len - strm->avail_in;
- (*env)->SetIntField(env, this, offID, this_off);
- (*env)->SetIntField(env, this, lenID, strm->avail_in);
- return 0;
- case Z_BUF_ERROR:
- return 0;
- case Z_DATA_ERROR:
- ThrowDataFormatException(env, strm->msg);
- return 0;
- case Z_MEM_ERROR:
- JNU_ThrowOutOfMemoryError(env, 0);
- return 0;
- default:
- JNU_ThrowInternalError(env, strm->msg);
- return 0;
- }
+ if (ret == Z_STREAM_END || ret == Z_OK) {
+ (*env)->SetByteArrayRegion(env, b, off, len - strm->avail_out, out_buf);
+ }
+ free(out_buf);
+ free(in_buf);
+
+ switch (ret) {
+ case Z_STREAM_END:
+ (*env)->SetBooleanField(env, this, finishedID, JNI_TRUE);
+ /* fall through */
+ case Z_OK:
+ this_off += this_len - strm->avail_in;
+ (*env)->SetIntField(env, this, offID, this_off);
+ (*env)->SetIntField(env, this, lenID, strm->avail_in);
+ return len - strm->avail_out;
+ case Z_NEED_DICT:
+ (*env)->SetBooleanField(env, this, needDictID, JNI_TRUE);
+ /* Might have consumed some input here! */
+ this_off += this_len - strm->avail_in;
+ (*env)->SetIntField(env, this, offID, this_off);
+ (*env)->SetIntField(env, this, lenID, strm->avail_in);
+ return 0;
+ case Z_BUF_ERROR:
+ return 0;
+ case Z_DATA_ERROR:
+ ThrowDataFormatException(env, strm->msg);
+ return 0;
+ case Z_MEM_ERROR:
+ JNU_ThrowOutOfMemoryError(env, 0);
+ return 0;
+ default:
+ JNU_ThrowInternalError(env, strm->msg);
+ return 0;
}
}
JNIEXPORT jint JNICALL
-Java_java_util_zip_Inflater_getAdler(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Inflater_getAdler(JNIEnv *env, jclass cls, jlong addr)
{
- return ((z_stream *)jlong_to_ptr(strm))->adler;
+ return ((z_stream *)jlong_to_ptr(addr))->adler;
}
JNIEXPORT jlong JNICALL
-Java_java_util_zip_Inflater_getBytesRead(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Inflater_getBytesRead(JNIEnv *env, jclass cls, jlong addr)
{
- return ((z_stream *)jlong_to_ptr(strm))->total_in;
+ return ((z_stream *)jlong_to_ptr(addr))->total_in;
}
JNIEXPORT jlong JNICALL
-Java_java_util_zip_Inflater_getBytesWritten(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Inflater_getBytesWritten(JNIEnv *env, jclass cls, jlong addr)
{
- return ((z_stream *)jlong_to_ptr(strm))->total_out;
+ return ((z_stream *)jlong_to_ptr(addr))->total_out;
}
JNIEXPORT void JNICALL
-Java_java_util_zip_Inflater_reset(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Inflater_reset(JNIEnv *env, jclass cls, jlong addr)
{
- if (inflateReset(jlong_to_ptr(strm)) != Z_OK) {
- JNU_ThrowInternalError(env, 0);
+ if (inflateReset(jlong_to_ptr(addr)) != Z_OK) {
+ JNU_ThrowInternalError(env, 0);
}
}
JNIEXPORT void JNICALL
-Java_java_util_zip_Inflater_end(JNIEnv *env, jclass cls, jlong strm)
+Java_java_util_zip_Inflater_end(JNIEnv *env, jclass cls, jlong addr)
{
- if (inflateEnd(jlong_to_ptr(strm)) == Z_STREAM_ERROR) {
- JNU_ThrowInternalError(env, 0);
+ if (inflateEnd(jlong_to_ptr(addr)) == Z_STREAM_ERROR) {
+ JNU_ThrowInternalError(env, 0);
} else {
- free(jlong_to_ptr(strm));
+ free(jlong_to_ptr(addr));
}
}
+
diff -up ./openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c.mar10sec ./openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c
--- ./openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c.mar10sec 2010-03-24 20:10:15.932391465 -0400
+++ ./openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c 2010-03-24 20:10:55.099399430 -0400
@@ -316,6 +316,7 @@ static void clearStreamBuffer(streamBuff
typedef struct pixelBufferStruct {
jobject hpixelObject; // Usually a DataBuffer bank as a byte array
+ unsigned int byteBufferLength;
union pixptr {
INT32 *ip; // Pinned buffer pointer, as 32-bit ints
unsigned char *bp; // Pinned buffer pointer, as bytes
@@ -328,6 +329,7 @@ typedef struct pixelBufferStruct {
*/
static void initPixelBuffer(pixelBufferPtr pb) {
pb->hpixelObject = NULL;
+ pb->byteBufferLength = 0;
pb->buf.ip = NULL;
}
@@ -337,13 +339,13 @@ static void initPixelBuffer(pixelBufferP
*/
static int setPixelBuffer(JNIEnv *env, pixelBufferPtr pb, jobject obj) {
pb->hpixelObject = (*env)->NewGlobalRef(env, obj);
-
if (pb->hpixelObject == NULL) {
JNU_ThrowByName( env,
"java/lang/OutOfMemoryError",
"Setting Pixel Buffer");
return NOT_OK;
}
+ pb->byteBufferLength = (*env)->GetArrayLength(env, pb->hpixelObject);
return OK;
}
@@ -360,6 +362,7 @@ static void resetPixelBuffer(JNIEnv *env
unpinPixelBuffer(env, pb);
(*env)->DeleteGlobalRef(env, pb->hpixelObject);
pb->hpixelObject = NULL;
+ pb->byteBufferLength = 0;
}
}
@@ -1866,6 +1869,7 @@ Java_com_sun_imageio_plugins_jpeg_JPEGIm
boolean orderedBands = TRUE;
imageIODataPtr data = (imageIODataPtr) ptr;
j_decompress_ptr cinfo;
+ unsigned int numBytes;
/* verify the inputs */
@@ -2090,15 +2094,22 @@ Java_com_sun_imageio_plugins_jpeg_JPEGIm
// scanline buffer into the raster.
in = scanLinePtr + (sourceXStart * cinfo->num_components);
if (pixelLimit > in) {
- memcpy(out, in, pixelLimit - in);
+ numBytes = pixelLimit - in;
+ if (numBytes > data->pixelBuf.byteBufferLength) {
+ numBytes = data->pixelBuf.byteBufferLength;
+ }
+ memcpy(out, in, numBytes);
}
} else {
+ numBytes = numBands;
for (in = scanLinePtr+sourceXStart*cinfo->num_components;
- in < pixelLimit;
+ in < pixelLimit &&
+ numBytes <= data->pixelBuf.byteBufferLength;
in += pixelStride) {
for (i = 0; i < numBands; i++) {
*out++ = *(in+bands[i]);
}
+ numBytes += numBands;
}
}
diff -up ./openjdk/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c.mar10sec ./openjdk/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c
--- ./openjdk/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c.mar10sec 2009-04-24 03:34:30.000000000 -0400
+++ ./openjdk/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c 2010-03-24 20:10:55.101392062 -0400
@@ -2216,7 +2216,8 @@ allocateRasterArray(JNIEnv *env, RasterS
int dataType = BYTE_DATA_TYPE;
int width;
int height;
- int size = rasterP->width * rasterP->height * rasterP->numBands;
+ int dataSize;
+ int offset;
*dataPP = NULL;
@@ -2269,6 +2270,22 @@ allocateRasterArray(JNIEnv *env, RasterS
#endif
switch (rasterP->type) {
case sun_awt_image_IntegerComponentRaster_TYPE_INT_8BIT_SAMPLES:
+ if (!((rasterP->chanOffsets[0] == 0 || SAFE_TO_ALLOC_2(rasterP->chanOffsets[0], 4)) &&
+ SAFE_TO_ALLOC_2(width, 4) &&
+ SAFE_TO_ALLOC_3(height, rasterP->scanlineStride, 4)))
+ {
+ return -1;
+ }
+ offset = 4 * rasterP->chanOffsets[0];
+ dataSize = 4 * (*env)->GetArrayLength(env, rasterP->jdata);
+
+ if (offset < 0 || offset >= dataSize ||
+ width > rasterP->scanlineStride ||
+ height * rasterP->scanlineStride * 4 > dataSize - offset)
+ {
+ // raster data buffer is too short
+ return -1;
+ }
dataP = (void *) (*env)->GetPrimitiveArrayCritical(env, rasterP->jdata,
NULL);
if (dataP == NULL) {
@@ -2277,11 +2294,25 @@ allocateRasterArray(JNIEnv *env, RasterS
*mlibImagePP = (*sMlibSysFns.createStructFP)(MLIB_BYTE, 4,
width, height,
rasterP->scanlineStride*4,
- (unsigned char *)dataP
- + rasterP->chanOffsets[0]*4);
+ (unsigned char *)dataP + offset);
*dataPP = dataP;
return 0;
case sun_awt_image_IntegerComponentRaster_TYPE_BYTE_SAMPLES:
+ if (!(SAFE_TO_ALLOC_2(width, rasterP->numBands) &&
+ SAFE_TO_ALLOC_2(height, rasterP->scanlineStride)))
+ {
+ return -1;
+ }
+ offset = rasterP->chanOffsets[0];
+ dataSize = (*env)->GetArrayLength(env, rasterP->jdata);
+
+ if (offset < 0 || offset >= dataSize ||
+ width * rasterP->numBands > rasterP->scanlineStride ||
+ height * rasterP->scanlineStride > dataSize - offset)
+ {
+ // raster data buffer is too short
+ return -1;
+ }
dataP = (void *) (*env)->GetPrimitiveArrayCritical(env, rasterP->jdata,
NULL);
if (dataP == NULL) {
@@ -2290,11 +2321,26 @@ allocateRasterArray(JNIEnv *env, RasterS
*mlibImagePP = (*sMlibSysFns.createStructFP)(MLIB_BYTE, rasterP->numBands,
width, height,
rasterP->scanlineStride,
- (unsigned char *)dataP
- + rasterP->chanOffsets[0]);
+ (unsigned char *)dataP + offset);
*dataPP = dataP;
return 0;
case sun_awt_image_IntegerComponentRaster_TYPE_USHORT_SAMPLES:
+ if (!((rasterP->chanOffsets[0] == 0 || SAFE_TO_ALLOC_2(rasterP->chanOffsets[0], 2)) &&
+ SAFE_TO_ALLOC_3(width, rasterP->numBands, 2) &&
+ SAFE_TO_ALLOC_3(height, rasterP->scanlineStride, 2)))
+ {
+ return -1;
+ }
+ offset = rasterP->chanOffsets[0] * 2;
+ dataSize = 2 * (*env)->GetArrayLength(env, rasterP->jdata);
+
+ if (offset < 0 || offset >= dataSize ||
+ width * rasterP->numBands > rasterP->scanlineStride ||
+ height * rasterP->scanlineStride * 2 > dataSize - offset)
+ {
+ // raster data buffer is too short
+ return -1;
+ }
dataP = (void *) (*env)->GetPrimitiveArrayCritical(env, rasterP->jdata,
NULL);
if (dataP == NULL) {
@@ -2304,8 +2350,7 @@ allocateRasterArray(JNIEnv *env, RasterS
rasterP->numBands,
width, height,
rasterP->scanlineStride*2,
- (unsigned char *)dataP
- + rasterP->chanOffsets[0]*2);
+ (unsigned char *)dataP + offset);
*dataPP = dataP;
return 0;
diff -up ./openjdk/jdk/src/share/native/sun/awt/medialib/safe_alloc.h.mar10sec ./openjdk/jdk/src/share/native/sun/awt/medialib/safe_alloc.h
--- ./openjdk/jdk/src/share/native/sun/awt/medialib/safe_alloc.h.mar10sec 2009-04-24 03:34:30.000000000 -0400
+++ ./openjdk/jdk/src/share/native/sun/awt/medialib/safe_alloc.h 2010-03-24 20:10:55.101392062 -0400
@@ -35,11 +35,11 @@
*/
#define SAFE_TO_ALLOC_2(c, sz) \
(((c) > 0) && ((sz) > 0) && \
- ((0xffffffffu / ((juint)(c))) > (sz)))
+ ((0xffffffffu / ((juint)(c))) > ((juint)(sz))))
#define SAFE_TO_ALLOC_3(w, h, sz) \
(((w) > 0) && ((h) > 0) && ((sz) > 0) && \
- (((0xffffffffu / ((juint)(w))) / ((juint)(h))) > (sz)))
+ (((0xffffffffu / ((juint)(w))) / ((juint)(h))) > ((juint)(sz))))
#endif // __SAFE_ALLOC_H__
diff -up ./openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio1.c.mar10sec ./openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio1.c
--- ./openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio1.c.mar10sec 2009-04-24 03:34:31.000000000 -0400
+++ ./openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio1.c 2010-03-24 20:10:55.102391641 -0400
@@ -1433,6 +1433,9 @@ LPLUT LCMSEXPORT cmsReadICCLut(cmsHPROFI
// If is in memory, the LUT is already there, so throw a copy
if (Icc -> TagPtrs[n]) {
+ if (!_cmsValidateLUT((LPLUT) Icc ->TagPtrs[n])) {
+ return NULL;
+ }
return cmsDupLUT((LPLUT) Icc ->TagPtrs[n]);
}
diff -up ./openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c.mar10sec ./openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c
--- ./openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c.mar10sec 2010-03-24 20:10:11.249368126 -0400
+++ ./openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmsxform.c 2010-03-24 20:10:55.103391908 -0400
@@ -1982,6 +1982,10 @@ cmsHTRANSFORM LCMSEXPORT cmsCreateMultip
goto ErrorCleanup;
}
+ if (Transforms[i] == NULL) {
+ cmsSignalError(LCMS_ERRC_ABORTED, "cmsCreateMultiprofileTransform: unable to create transform");
+ goto ErrorCleanup;
+ }
CurrentColorSpace = ColorSpaceOut;
}
diff -up ./openjdk/jdk/test/closed/java/beans/security/AllPermission.policy.mar10sec ./openjdk/jdk/test/closed/java/beans/security/AllPermission.policy
--- ./openjdk/jdk/test/closed/java/beans/security/AllPermission.policy.mar10sec 2010-03-24 20:10:55.103391908 -0400
+++ ./openjdk/jdk/test/closed/java/beans/security/AllPermission.policy 2010-03-24 20:10:55.103391908 -0400
@@ -0,0 +1,3 @@
+grant {
+ permission java.security.AllPermission;
+};
diff -up ./openjdk/jdk/test/closed/java/beans/security/TestEventHandler.java.mar10sec ./openjdk/jdk/test/closed/java/beans/security/TestEventHandler.java
--- ./openjdk/jdk/test/closed/java/beans/security/TestEventHandler.java.mar10sec 2010-03-24 20:10:55.104393540 -0400
+++ ./openjdk/jdk/test/closed/java/beans/security/TestEventHandler.java 2010-03-24 20:10:55.104393540 -0400
@@ -0,0 +1,49 @@
+/*
+ * @test
+ * @bug 6904691
+ * @summary Tests the EventHandler class with the deferred method call
+ * @author Sergey Malenkov
+ * @run main/othervm/policy=AllPermission.policy TestEventHandler
+ */
+
+import java.awt.event.ActionListener;
+import java.beans.EventHandler;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+
+public class TestEventHandler {
+
+ public static void main(String[] args) {
+ // create listener in an access control context with no permissions
+ ActionListener listener = AccessController.doPrivileged(
+ new PrivilegedAction<ActionListener>() {
+ public ActionListener run() {
+ return EventHandler.create(
+ ActionListener.class,
+ System.getSecurityManager(),
+ "checkCreateClassLoader");
+ }
+ },
+ new AccessControlContext(
+ new ProtectionDomain[] {
+ new ProtectionDomain(null, null)
+ }
+ )
+ );
+ // check that this method does actually have permissions
+ System.getSecurityManager().checkCreateClassLoader();
+ // ensure listener does not have permissions when executed
+ try {
+ listener.actionPerformed(null);
+ throw new Error("EventHandler executed without SecurityException");
+ }
+ catch (SecurityException exception) {
+ // expected behaviour
+ }
+ catch (Exception exception) {
+ throw new Error("Unexpected error", exception);
+ }
+ }
+}
diff -up ./openjdk/jdk/test/closed/java/beans/security/TestStatement.java.mar10sec ./openjdk/jdk/test/closed/java/beans/security/TestStatement.java
--- ./openjdk/jdk/test/closed/java/beans/security/TestStatement.java.mar10sec 2010-03-24 20:10:55.104393540 -0400
+++ ./openjdk/jdk/test/closed/java/beans/security/TestStatement.java 2010-03-24 20:10:55.104393540 -0400
@@ -0,0 +1,48 @@
+/*
+ * @test
+ * @bug 6904691
+ * @summary Tests the Statement class with the deferred method call
+ * @author Sergey Malenkov
+ * @run main/othervm/policy=AllPermission.policy TestStatement
+ */
+
+import java.beans.Statement;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+
+public class TestStatement {
+
+ public static void main(String[] args) {
+ // create statement in an access control context with no permissions
+ Statement statement = AccessController.doPrivileged(
+ new PrivilegedAction<Statement>() {
+ public Statement run() {
+ return new Statement(
+ System.getSecurityManager(),
+ "checkCreateClassLoader",
+ null);
+ }
+ },
+ new AccessControlContext(
+ new ProtectionDomain[] {
+ new ProtectionDomain(null, null)
+ }
+ )
+ );
+ // check that this method does actually have permissions
+ System.getSecurityManager().checkCreateClassLoader();
+ // ensure statement does not have permissions when executed
+ try {
+ statement.execute();
+ throw new Error("Statement executed without SecurityException");
+ }
+ catch (SecurityException exception) {
+ // expected behaviour
+ }
+ catch (Exception exception) {
+ throw new Error("Unexpected error", exception);
+ }
+ }
+}
diff -up ./openjdk/jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.java.mar10sec ./openjdk/jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.java
--- ./openjdk/jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.java.mar10sec 2010-03-24 20:10:55.105393151 -0400
+++ ./openjdk/jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.java 2010-03-24 20:10:55.104393540 -0400
@@ -0,0 +1,79 @@
+/*
+ * @test %I%, %E%
+ * @bug 6633872
+ * @summary Policy/PolicyFile leak dynamic ProtectionDomains
+ *
+ * @run main/othervm/policy=WeakPolicyMap.policy WeakPolicyMap
+ */
+
+// * @key closed-security
+
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.security.AllPermission;
+import java.security.ProtectionDomain;
+import java.util.ArrayList;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
+
+public class WeakPolicyMap {
+ public static void main(String[] args) throws Exception {
+
+ // Make sure SecurityManager is enabled
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null) {
+ System.setSecurityManager(new SecurityManager());
+ }
+
+ ArrayList<ClassLoader> loaders = new ArrayList<ClassLoader>();
+ // this loop adds 1000 instances of a ClassLoader for Dyn.class
+ for (int runCt = 0; runCt < 1000; ++runCt) {
+ ClassLoader loader = URLClassLoader.newInstance(
+ new URL[] { new URL(
+ new Object() {}.getClass().getResource("/Dyn.class"), "."
+ )}, null
+ );
+ Class.forName("Dyn", true, loader);
+ loaders.add(loader);
+ }
+
+ final AtomicBoolean stop = new AtomicBoolean(false);
+ final AtomicInteger hash = new AtomicInteger(1);
+ final AllPermission all = new AllPermission();
+
+ // loop runs 1000 times
+ for (int runCt = 0; runCt < 1000; ++runCt) {
+ // create a ProtectionDomain
+ ProtectionDomain domain = new ProtectionDomain(null, null, null, null) {
+ // atomically returns the current hash value
+ @Override
+ public int hashCode() {
+ return hash.get();
+ }
+ // atomically sets stop to true
+ @Override
+ public boolean equals(Object obj) {
+// Thread.currentThread().dumpStack();
+ stop.set(true);
+ return true;
+ }
+ };
+ // loop runs 1000 times
+ for (int ct = 0; ct < 1000; ++ct) {
+ domain.implies(all);
+ if (stop.get()) {
+ throw new Exception("Test FAILED");
+ }
+ hash.incrementAndGet();
+ }
+ }
+ }
+}
+class Dyn {
+ static {
+ try {
+ System.exit(0);
+ } catch (SecurityException exc) {
+ }
+ }
+}
diff -up ./openjdk/jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.policy.mar10sec ./openjdk/jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.policy
--- ./openjdk/jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.policy.mar10sec 2010-03-24 20:10:55.105393151 -0400
+++ ./openjdk/jdk/test/closed/java/security/ProtectionDomain/WeakPolicyMap.policy 2010-03-24 20:10:55.105393151 -0400
@@ -0,0 +1,3 @@
+grant {
+ permission java.io.FilePermission "file:${user.dir}", "read";
+};
diff -up ./openjdk/jdk/test/closed/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/RenegotiationMITM.java.mar10sec ./openjdk/jdk/test/closed/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/RenegotiationMITM.java
--- ./openjdk/jdk/test/closed/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/RenegotiationMITM.java.mar10sec 2010-03-24 20:10:55.106391991 -0400
+++ ./openjdk/jdk/test/closed/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/RenegotiationMITM.java 2010-03-24 20:10:55.106391991 -0400
@@ -0,0 +1,801 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6898739
+ * @summary TLS renegotiation issue
+ *
+ * Abbreviation used in the following table of test cases:
+ * INIT: thre renegotiation initiator, "client" or "server".
+ * CABB: the form of client renegotiation, abbreviated ("true") or
+ * complete handshake ("false"/"none").
+ * SABB: the form of server renegotiation, abbreviated ("true") or
+ * complete handshake ("false"/"none").
+ * CSES: enable client session creation, "enabled" or "unable".
+ * SSES: enable server session creation, "enabled" or "unable".
+ * CREN: allow client renegotiation, "true" or "false"/"none".
+ * SREN: allow client renegotiation, "true" or "false"/"none".
+ * CBEH: expected client hehavior, "success" or "failure".
+ * SBEH: expected server hehavior, "success" or "failure".
+ *
+ * Note that because "false" is too long to disturb the table, "none"
+ * is used in the place of "false".
+ *
+ * +--------------------------------------------------------------------------+
+ * | INIT | CABB | SABB | CSES | SSES | CREN | SREN | CBEH | SBEH |
+ * +--------------------------------------------------------------------------+
+ * | client | true | true | enable | enable | true | true | success | success |
+ * +--------------------------------------------------------------------------+
+ * | client | true | true | enable | enable | none | none | failure | failure |
+ * +--------------------------------------------------------------------------+
+ * | client | true | true | unable | unable | true | true | success | success |
+ * +--------------------------------------------------------------------------+
+ * | client | true | true | unable | unable | none | none | failure | failure |
+ * +--------------------------------------------------------------------------+
+ * | client | none | none | enable | enable | true | true | success | success |
+ * +--------------------------------------------------------------------------+
+ * | client | none | none | enable | enable | none | none | failure | failure |
+ * +--------------------------------------------------------------------------+
+ * | client | none | none | unable | unable | true | true | failure | failure |
+ * +--------------------------------------------------------------------------+
+ * | client | none | none | unable | unable | none | none | failure | failure |
+ * +--------------------------------------------------------------------------+
+ * | server | true | true | enable | enable | true | true | success | success |
+ * +--------------------------------------------------------------------------+
+ * | server | true | true | enable | enable | none | none | failure | failure |
+ * +--------------------------------------------------------------------------+
+ * | server | true | true | unable | unable | true | true | success | success |
+ * +--------------------------------------------------------------------------+
+ * | server | true | true | unable | unable | none | none | failure | failure |
+ * +--------------------------------------------------------------------------+
+ * | server | none | none | enable | enable | true | true | success | success |
+ * +--------------------------------------------------------------------------+
+ * | server | none | none | enable | enable | none | none | failure | failure |
+ * +--------------------------------------------------------------------------+
+ * | server | none | none | unable | unable | true | true | failure | failure |
+ * +--------------------------------------------------------------------------+
+ * | server | none | none | unable | unable | none | none | failure | failure |
+ * +--------------------------------------------------------------------------+
+ *
+ * @run main/othervm -Dsun.security.ssl.allowUnsafeRenegotiation=true
+ RenegotiationMITM
+ SunX509 client true true enable enable true true success success
+ * @run main/othervm RenegotiationMITM
+ SunX509 client true true enable enable none none failure failure
+ * @run main/othervm -Dsun.security.ssl.allowUnsafeRenegotiation=true
+ RenegotiationMITM
+ SunX509 client true true unable unable true true success success
+ * @run main/othervm RenegotiationMITM
+ SunX509 client true true unable unable none none failure failure
+ * @run main/othervm -Dsun.security.ssl.allowUnsafeRenegotiation=true
+ RenegotiationMITM
+ SunX509 client none none enable enable true true success success
+ * @run main/othervm RenegotiationMITM
+ SunX509 client none none enable enable none none failure failure
+ * @run main/othervm -Dsun.security.ssl.allowUnsafeRenegotiation=true
+ RenegotiationMITM
+ SunX509 client none none unable unable true true failure failure
+ * @run main/othervm RenegotiationMITM
+ SunX509 client none none unable unable none none failure failure
+ * @run main/othervm -Dsun.security.ssl.allowUnsafeRenegotiation=true
+ RenegotiationMITM
+ SunX509 server true true enable enable true true success success
+ * @run main/othervm RenegotiationMITM
+ SunX509 server true true enable enable none none failure failure
+ * @run main/othervm -Dsun.security.ssl.allowUnsafeRenegotiation=true
+ RenegotiationMITM
+ SunX509 server true true unable unable true true success success
+ * @run main/othervm RenegotiationMITM
+ SunX509 server true true unable unable none none failure failure
+ * @run main/othervm -Dsun.security.ssl.allowUnsafeRenegotiation=true
+ RenegotiationMITM
+ SunX509 server none none enable enable true true success success
+ * @run main/othervm RenegotiationMITM
+ SunX509 server none none enable enable none none failure failure
+ * @run main/othervm -Dsun.security.ssl.allowUnsafeRenegotiation=true
+ RenegotiationMITM
+ SunX509 server none none unable unable true true failure failure
+ * @run main/othervm RenegotiationMITM
+ SunX509 server none none unable unable none none failure failure
+ *
+ * @author Xuelei Fan
+ */
+
+import java.net.*;
+import java.util.*;
+import java.io.*;
+import javax.net.ssl.*;
+import java.security.KeyStore;
+import java.security.KeyFactory;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.spec.*;
+import java.security.interfaces.*;
+import java.math.BigInteger;
+
+import sun.misc.BASE64Decoder;
+
+/*
+ * Certificates and key used in the test.
+ *
+ * TLS server certificate:
+ * server private key:
+ * -----BEGIN RSA PRIVATE KEY-----
+ * Proc-Type: 4,ENCRYPTED
+ * DEK-Info: DES-EDE3-CBC,0CD8D34583864990
+ *
+ * ClVvVlA6Mwl42r6qPuI8sxK9zM7EyKQHEwltZPf3pEoa4zUOTVena7nv1bXxMd2Y
+ * L4w0Rvfz7Q1sUPhQkGo4fBKVJkD55Ve8/kO9/b7PbMKBFExwh5r7AF4pqDHzMGS4
+ * SdNEd1JSJ1HXp7CM75M5/EL17lXY9J5DeJdY+zaf2MntacBDkFm01a92EDRGv1yH
+ * Qql5sxTCkIZl74z5Fdxq+1ghhYvRaqhBe0Ub+7sSH/OH4e1Pl2H3/m+2pdHr913B
+ * WH7q/0pBPm9GFM7qCGeSexdtQ9v294plXRkuKjfqa3Lff+mrMdP6KFh2vW9x3O9a
+ * +DrrQDkIZ4gtyJoy4x0TU3+ry6EVfZyp6olhgwbnHflACPu9vvCHZD/Aku0Tv51g
+ * J37mdCT1IkHV+zYofaNVcRGZu3MsgXTVreD1pE3XYY1EnKNYnTrukYrkgK2XDjxx
+ * 4EWPzeikyZLSL6LM3S3YRYewO+stjD0gGM7qeRiy5nJbs99KDkc+OnALh1EmcFKs
+ * x6Fzb5mPD02ETKkhijE0TNuSLEQiqpM6Wb8vaZk0+7QPKcscvIRmepFTsEymgEn0
+ * b8NAXLendO6eESDMMlBEAJsF7HOfqgZEkw4j1/IiKztCA2/UOl1rl1Hl9Nedvkj1
+ * A5KlQl/qVIyu0VDah2HHr3QtcdPopXCYRQoax/11d7H9spHxZ1F8BQX8NZ6tz9Ev
+ * /EHeFhDQZBSIRJQ71DjVWCWRRcHPB7v/HhPRF2peux3hIL0wNDC9MurxvOmB1wAr
+ * dO9zQC8Gn+V/opYnTuBPgUdgaehiiHIxGPI3K4V2r0ymt/rplueKgw==
+ * -----END RSA PRIVATE KEY-----
+ *
+ * -----BEGIN CERTIFICATE-----
+ * MIICFzCCAYCgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ
+ * MA4GA1UEChMHRXhhbXBsZTAeFw0wOTEyMDcwMjM3MjJaFw0yOTA4MjQwMjM3MjJa
+ * MDMxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRIwEAYDVQQDEwlsb2Nh
+ * bGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM9hxhhNIKHy52QTj8fb
+ * RigSXGyo2tZvOIJo1y0TLL0azf6bF655ZrVDlL0GJwqteXNqdqOG6h2gVJyZ9EXW
+ * OfYyAyAOZSd7Hxcai/Dwtdf4bAQXMvgNf8GzHNTgqF6hJwJzERmdtq6Q4OsXTzZ7
+ * DNpidOvFMEic7LlNskv4qb9NAgMBAAGjTzBNMAsGA1UdDwQEAwID6DAdBgNVHQ4E
+ * FgQUoGZMqVeT1GXyHdikKKDc1HtJ9o4wHwYDVR0jBBgwFoAUpIMJpylQmGNj4vkc
+ * r/q4Go3ht24wDQYJKoZIhvcNAQEEBQADgYEArW1BzGGmr+C/Hd3FhMB1S7YDeukI
+ * UY+YkBirlepZrGJQQ6ds6il6/quAIM9N7ijLxNmalXQspAyiGAB6l/1n4h6WdiS2
+ * HwL9KIwHpxCfHb2mSPElpFrdCd/7sxvq5yyAPRBFtcUu2X1ugarA4EP8z/mYYl4e
+ * b33++lFoYh9kXpA=
+ * -----END CERTIFICATE-----
+ *
+ * server certificate:
+ * Data:
+ * Version: 3 (0x2)
+ * Serial Number: 2 (0x2)
+ * Signature Algorithm: md5WithRSAEncryption
+ * Issuer: C=US, O=Example
+ * Validity
+ * Not Before: Dec 7 02:37:22 2009 GMT
+ * Not After : Aug 24 02:37:22 2029 GMT
+ * Subject: C=US, O=Example, CN=localhost
+ * Subject Public Key Info:
+ * Public Key Algorithm: rsaEncryption
+ * RSA Public Key: (1024 bit)
+ * Modulus (1024 bit):
+ * 00:cf:61:c6:18:4d:20:a1:f2:e7:64:13:8f:c7:db:
+ * 46:28:12:5c:6c:a8:da:d6:6f:38:82:68:d7:2d:13:
+ * 2c:bd:1a:cd:fe:9b:17:ae:79:66:b5:43:94:bd:06:
+ * 27:0a:ad:79:73:6a:76:a3:86:ea:1d:a0:54:9c:99:
+ * f4:45:d6:39:f6:32:03:20:0e:65:27:7b:1f:17:1a:
+ * 8b:f0:f0:b5:d7:f8:6c:04:17:32:f8:0d:7f:c1:b3:
+ * 1c:d4:e0:a8:5e:a1:27:02:73:11:19:9d:b6:ae:90:
+ * e0:eb:17:4f:36:7b:0c:da:62:74:eb:c5:30:48:9c:
+ * ec:b9:4d:b2:4b:f8:a9:bf:4d
+ * Exponent: 65537 (0x10001)
+ * X509v3 extensions:
+ * X509v3 Key Usage:
+ * Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
+ * X509v3 Subject Key Identifier:
+ * A0:66:4C:A9:57:93:D4:65:F2:1D:D8:A4:28:A0:DC:D4:7B:49:F6:8E
+ * X509v3 Authority Key Identifier:
+ * keyid:A4:83:09:A7:29:50:98:63:63:E2:F9:1C:AF:FA:B8:1A:8D:E1:B7:6E
+ *
+ * Signature Algorithm: md5WithRSAEncryption
+ *
+ *
+ * Trusted CA certificate:
+ * Certificate:
+ * Data:
+ * Version: 3 (0x2)
+ * Serial Number: 0 (0x0)
+ * Signature Algorithm: md5WithRSAEncryption
+ * Issuer: C=US, O=Example
+ * Validity
+ * Not Before: Dec 7 02:37:21 2009 GMT
+ * Not After : Nov 17 02:37:21 2030 GMT
+ * Subject: C=US, O=Example
+ * Subject Public Key Info:
+ * Public Key Algorithm: rsaEncryption
+ * RSA Public Key: (1024 bit)
+ * Modulus (1024 bit):
+ * 00:d5:8c:36:9a:80:20:bb:8b:0b:6b:0b:1f:ae:af:
+ * 41:12:3a:02:bb:fa:12:89:45:44:a9:88:90:f5:e0:
+ * 91:14:1b:0d:84:2c:65:68:08:17:65:21:12:f9:7d:
+ * 99:5a:0e:37:3b:32:a4:d9:03:05:df:f5:03:d6:15:
+ * e3:fd:92:bd:e2:2e:08:44:cb:98:e0:7d:6f:60:0d:
+ * 5d:5d:14:48:30:97:2d:03:29:73:bb:46:0f:f9:a3:
+ * 20:cb:d0:7d:ca:b2:f3:00:54:9a:7a:80:a9:17:66:
+ * 14:47:ae:27:1f:8c:9e:87:e3:d3:45:e0:a6:62:6f:
+ * 36:5e:ee:a6:4a:36:bf:6b:3b
+ * Exponent: 65537 (0x10001)
+ * X509v3 extensions:
+ * X509v3 Subject Key Identifier:
+ * A4:83:09:A7:29:50:98:63:63:E2:F9:1C:AF:FA:B8:1A:8D:E1:B7:6E
+ * X509v3 Authority Key Identifier:
+ * keyid:A4:83:09:A7:29:50:98:63:63:E2:F9:1C:AF:FA:B8:1A:8D:E1:B7:6E
+ * DirName:/C=US/O=Example
+ * serial:00
+ *
+ * X509v3 Basic Constraints: critical
+ * CA:TRUE
+ * X509v3 Key Usage:
+ * Certificate Sign, CRL Sign
+ * Signature Algorithm: md5WithRSAEncryption
+ *
+ * -----BEGIN CERTIFICATE-----
+ * MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ
+ * MA4GA1UEChMHRXhhbXBsZTAeFw0wOTEyMDcwMjM3MjFaFw0zMDExMTcwMjM3MjFa
+ * MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB
+ * AQUAA4GNADCBiQKBgQDVjDaagCC7iwtrCx+ur0ESOgK7+hKJRUSpiJD14JEUGw2E
+ * LGVoCBdlIRL5fZlaDjc7MqTZAwXf9QPWFeP9kr3iLghEy5jgfW9gDV1dFEgwly0D
+ * KXO7Rg/5oyDL0H3KsvMAVJp6gKkXZhRHricfjJ6H49NF4KZibzZe7qZKNr9rOwID
+ * AQABo4GJMIGGMB0GA1UdDgQWBBSkgwmnKVCYY2Pi+Ryv+rgajeG3bjBHBgNVHSME
+ * QDA+gBSkgwmnKVCYY2Pi+Ryv+rgajeG3bqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO
+ * BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYw
+ * DQYJKoZIhvcNAQEEBQADgYEAilUBmh8dsegd8WurGmFGPhbsNwNvmhtfhtWZSJH7
+ * GnRHsJsL7/cz7r9IHmhwM1OKxI+S+/OvgDzAUhgFJNpHe0dGlMJce0ZgOuqqOHAy
+ * w4stLl7KN7FnTw+KAvNMZpnXvXgcygqvz9yuo8eH7gd6Bo91C+mZMW+wv0EnoAVi
+ * DTM=
+ * -----END CERTIFICATE-----
+ *
+ */
+public class RenegotiationMITM {
+
+ /*
+ * =============================================================
+ * Set the various variables needed for the tests, then
+ * specify what tests to run on each side.
+ */
+
+ /*
+ * Should we run the client or server in a separate thread?
+ * Both sides can throw exceptions, but do you have a preference
+ * as to which side should be the main thread.
+ */
+ static boolean separateServerThread = true;
+
+ /*
+ * Where do we find the keystores?
+ */
+ static String trusedCertStr =
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+ "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTEyMDcwMjM3MjFaFw0zMDExMTcwMjM3MjFa\n" +
+ "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
+ "AQUAA4GNADCBiQKBgQDVjDaagCC7iwtrCx+ur0ESOgK7+hKJRUSpiJD14JEUGw2E\n" +
+ "LGVoCBdlIRL5fZlaDjc7MqTZAwXf9QPWFeP9kr3iLghEy5jgfW9gDV1dFEgwly0D\n" +
+ "KXO7Rg/5oyDL0H3KsvMAVJp6gKkXZhRHricfjJ6H49NF4KZibzZe7qZKNr9rOwID\n" +
+ "AQABo4GJMIGGMB0GA1UdDgQWBBSkgwmnKVCYY2Pi+Ryv+rgajeG3bjBHBgNVHSME\n" +
+ "QDA+gBSkgwmnKVCYY2Pi+Ryv+rgajeG3bqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
+ "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYw\n" +
+ "DQYJKoZIhvcNAQEEBQADgYEAilUBmh8dsegd8WurGmFGPhbsNwNvmhtfhtWZSJH7\n" +
+ "GnRHsJsL7/cz7r9IHmhwM1OKxI+S+/OvgDzAUhgFJNpHe0dGlMJce0ZgOuqqOHAy\n" +
+ "w4stLl7KN7FnTw+KAvNMZpnXvXgcygqvz9yuo8eH7gd6Bo91C+mZMW+wv0EnoAVi\n" +
+ "DTM=\n" +
+ "-----END CERTIFICATE-----";
+
+ static String targetCertStr =
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIICFzCCAYCgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+ "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTEyMDcwMjM3MjJaFw0yOTA4MjQwMjM3MjJa\n" +
+ "MDMxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRIwEAYDVQQDEwlsb2Nh\n" +
+ "bGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM9hxhhNIKHy52QTj8fb\n" +
+ "RigSXGyo2tZvOIJo1y0TLL0azf6bF655ZrVDlL0GJwqteXNqdqOG6h2gVJyZ9EXW\n" +
+ "OfYyAyAOZSd7Hxcai/Dwtdf4bAQXMvgNf8GzHNTgqF6hJwJzERmdtq6Q4OsXTzZ7\n" +
+ "DNpidOvFMEic7LlNskv4qb9NAgMBAAGjTzBNMAsGA1UdDwQEAwID6DAdBgNVHQ4E\n" +
+ "FgQUoGZMqVeT1GXyHdikKKDc1HtJ9o4wHwYDVR0jBBgwFoAUpIMJpylQmGNj4vkc\n" +
+ "r/q4Go3ht24wDQYJKoZIhvcNAQEEBQADgYEArW1BzGGmr+C/Hd3FhMB1S7YDeukI\n" +
+ "UY+YkBirlepZrGJQQ6ds6il6/quAIM9N7ijLxNmalXQspAyiGAB6l/1n4h6WdiS2\n" +
+ "HwL9KIwHpxCfHb2mSPElpFrdCd/7sxvq5yyAPRBFtcUu2X1ugarA4EP8z/mYYl4e\n" +
+ "b33++lFoYh9kXpA=\n" +
+ "-----END CERTIFICATE-----";
+
+
+ // Private key in the format of PKCS#8
+ static String targetPrivateKey =
+ "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAM9hxhhNIKHy52QT\n" +
+ "j8fbRigSXGyo2tZvOIJo1y0TLL0azf6bF655ZrVDlL0GJwqteXNqdqOG6h2gVJyZ\n" +
+ "9EXWOfYyAyAOZSd7Hxcai/Dwtdf4bAQXMvgNf8GzHNTgqF6hJwJzERmdtq6Q4OsX\n" +
+ "TzZ7DNpidOvFMEic7LlNskv4qb9NAgMBAAECgYAjQDdwAgw9+xAiDsEt87PlM9nK\n" +
+ "DpnEQXuVj0SkQNImAtxpHuvTmIdA4I/z4YvZYMt4Nuybt18sUgiP5guDo3qOdF3R\n" +
+ "jvysFn70uA9k8AEY6EvzERCOTSWEj7++pqG6feQ65i65fxHXTWOH8DiaOktfgtKm\n" +
+ "MwA6SSOIVzB6rjAz8QJBAPG1vIF8Lldes43u68/ucXV/CeXIsRn0yQH0e6uzLNMj\n" +
+ "LuX9uHZzWCzDqcPtK3DyIkKrbsY8fCx7z2+ajZcZyTcCQQDbpHxZwC55E4DlCexq\n" +
+ "RNoGK1B7ybSqeEWxVZxBLLBjggQHqTfW8HZOLAYiYGyXz01yAbhuTgkTYA7ZYszX\n" +
+ "4+2bAkEA0bnwK6Y1i4fXYmMZ55ysg9fMHb6KtMvqEbEyEaRxU25mxhbllJm2u3i2\n" +
+ "+BL1K5ZdVd3sS0O2Nt7i+aJwEtjD9wJBAJKZ/EHvi1VXFj5J3Fml8RwTBxpIrGTn\n" +
+ "+CSALtY1nNoeKtBuOw4k2+IbclC5qWG+hUOmMFK3lUkwYVjpoC4tPScCQCzqM0vm\n" +
+ "bKTcYUOHgFs4AsIJ5sotbt0nMCOtF1+izbTV3ziwMjDyZrGDHhOsDe+SkgZcbL0P\n" +
+ "oiAH4+ypTO5dIks=";
+
+ static char passphrase[] = "passphrase".toCharArray();
+
+ /*
+ * Is the server ready to serve?
+ */
+ volatile static boolean serverReady = false;
+ volatile static boolean clientRenegoReady = false;
+ volatile static boolean serverRenegoReady = false;
+
+ /*
+ * Turn on SSL debugging?
+ */
+ static boolean debug = false;
+
+ /*
+ * Define the server side of the test.
+ *
+ * If the server prematurely exits, serverReady will be set to true
+ * to avoid infinite hangs.
+ */
+ void doServerSide() throws Exception {
+ SSLContext context = getSSLContext(null, targetCertStr,
+ targetPrivateKey);
+ SSLServerSocketFactory sslssf = context.getServerSocketFactory();
+
+ SSLServerSocket sslServerSocket =
+ (SSLServerSocket)sslssf.createServerSocket(serverPort);
+ serverPort = sslServerSocket.getLocalPort();
+
+ /*
+ * Signal Client, we're ready for his connect.
+ */
+ serverReady = true;
+
+ SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
+ sslSocket.setNeedClientAuth(false);
+
+ InputStream sslIS = sslSocket.getInputStream();
+ OutputStream sslOS = sslSocket.getOutputStream();
+
+ sslIS.read();
+ sslOS.write(85);
+ sslOS.flush();
+
+ // renegotiation
+ if (!renego_initiator.equals("client")) {
+ serverRenegoReady = false;
+
+ if (!srv_renego_abbreviate.equals("true")) {
+ sslSocket.getSession().invalidate();
+ }
+
+ if (!srv_session_creation.equals("enable")) {
+ sslSocket.setEnableSessionCreation(false);
+ }
+
+ try {
+ sslSocket.startHandshake();
+ if (!srv_allow_renego.equals("true")) {
+ sslSocket.close();
+ throw new Exception(
+ "Unexpectedly, server kickstart SSL renegotiation!");
+ }
+ } catch (SSLException ssle) { // maybe a SSLHandshakeException
+ if (ssle instanceof SSLHandshakeException &&
+ srv_allow_renego.equals("true")) {
+ sslSocket.close();
+ throw new Exception(
+ "Unexpectedly, server cannot kickstart SSL renegotiation!");
+ }
+
+ // otherwise, it is the expected behavior, close and return.
+ if (srv_behavior.equals("success")) {
+ throw new Exception(
+ "Wrong parameter, server is expected to failure!");
+ }
+
+ sslSocket.close();
+ return;
+ } finally {
+ serverRenegoReady = true;
+ }
+ } else {
+ while (!clientRenegoReady) {
+ System.out.println("Waiting for ClientHello");
+ Thread.sleep(50);
+ }
+
+ if (!cli_allow_renego.equals("true")) {
+ // client does not allow renegotiation, close and return
+ System.out.println("Client does not allow for renegotiation");
+ if (srv_behavior.equals("success")) {
+ throw new Exception(
+ "Wrong parameter, server is expected to failure!");
+ }
+ sslSocket.close();
+ return;
+ }
+ }
+
+ try {
+ sslIS.read();
+ sslOS.write(89);
+ sslOS.flush();
+ Thread.sleep(50); // wait for a while
+
+ sslIS.read();
+ sslOS.write(89);
+ sslOS.flush();
+ Thread.sleep(50); // wait for a while
+
+ // waiting for the 2nd handshake, read/write two more bytes
+ sslIS.read();
+ sslOS.write(89);
+ sslOS.flush();
+ Thread.sleep(50); // wait for a while
+
+ sslIS.read();
+ sslOS.write(89);
+ sslOS.flush();
+ Thread.sleep(50); // wait for a while
+
+ if (!srv_behavior.equals("success")) {
+ sslSocket.close();
+ throw new Exception(
+ "Unexpectedly, server accept ClientHello twice!");
+ }
+ } catch (IOException ioe) {
+ if (srv_behavior.equals("success")) {
+ sslSocket.close();
+ throw new Exception(
+ "Unexpectedly, server cannot accept ClientHello twice!", ioe);
+ }
+ }
+
+
+ sslSocket.close();
+ }
+
+ /*
+ * Define the client side of the test.
+ *
+ * If the server prematurely exits, serverReady will be set to true
+ * to avoid infinite hangs.
+ */
+ void doClientSide() throws Exception {
+ /*
+ * Wait for server to get started.
+ */
+ while (!serverReady) {
+ Thread.sleep(50);
+ }
+
+ SSLContext context = getSSLContext(trusedCertStr, null, null);
+ SSLSocketFactory sslsf = context.getSocketFactory();
+
+ SSLSocket sslSocket =
+ (SSLSocket)sslsf.createSocket("localhost", serverPort);
+
+ InputStream sslIS = sslSocket.getInputStream();
+ OutputStream sslOS = sslSocket.getOutputStream();
+
+ sslOS.write(86);
+ sslOS.flush();
+ sslIS.read();
+
+ // renegotiation
+ if (renego_initiator.equals("client")) {
+ clientRenegoReady = false;
+
+ if (!cli_renego_abbreviate.equals("true")) {
+ sslSocket.getSession().invalidate();
+ }
+
+ if (!cli_session_creation.equals("enable")) {
+ sslSocket.setEnableSessionCreation(false);
+ }
+
+ try {
+ sslSocket.startHandshake();
+ if (!cli_allow_renego.equals("true")) {
+ sslSocket.close();
+ throw new Exception(
+ "Unexpectedly, client kickstart SSL renegotiation!");
+ }
+ } catch (SSLException ssle) { // maybe a SSLHandshakeException
+ if (ssle instanceof SSLHandshakeException &&
+ cli_allow_renego.equals("true")) {
+ sslSocket.close();
+ throw new Exception(
+ "Unexpectedly, client cannot kickstart SSL renegotiation!");
+ }
+
+ // otherwise, it is the expected behavior, close and return.
+ if (cli_behavior.equals("success")) {
+ throw new Exception(
+ "Wrong parameter, client is expected to failure!");
+ }
+
+ sslSocket.close();
+ return;
+ } finally {
+ clientRenegoReady = true;
+ }
+ } else {
+ while (!serverRenegoReady) {
+ System.out.println("Waiting for HelloRequest");
+ Thread.sleep(50);
+ }
+
+ if (!srv_allow_renego.equals("true")) {
+ // server does not allow renegotiation, close and return
+ System.out.println("Client does not allow for renegotiation");
+ if (cli_behavior.equals("success")) {
+ throw new Exception(
+ "Wrong parameter, client is expected to failure!");
+ }
+
+ sslSocket.close();
+ return;
+ }
+ }
+
+ try {
+ sslOS.write(88);
+ sslOS.flush();
+ sslIS.read();
+ Thread.sleep(50); // wait for a while
+
+ sslOS.write(88);
+ sslOS.flush();
+ sslIS.read();
+ Thread.sleep(50); // wait for a while
+
+ // waiting for the 2nd handshake, read/write two more bytes
+ sslOS.write(88);
+ sslOS.flush();
+ sslIS.read();
+ Thread.sleep(50); // wait for a while
+
+ sslOS.write(88);
+ sslOS.flush();
+ sslIS.read();
+ Thread.sleep(50); // wait for a while
+
+ if (!cli_behavior.equals("success")) {
+ sslSocket.close();
+ throw new Exception(
+ "Unexpectedly, client accept HelloRequest!");
+ }
+ } catch (IOException ioe) {
+ if (cli_behavior.equals("success")) {
+ sslSocket.close();
+ throw new Exception(
+ "Unexpectedly, client cannot accept HelloRequest!", ioe);
+ }
+ }
+
+ sslSocket.close();
+ }
+
+ // get the ssl context
+ private static SSLContext getSSLContext(String trusedCertStr,
+ String keyCertStr, String keySpecStr) throws Exception {
+
+ // generate certificate from cert string
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+ // create a key store
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+
+ // import the trused cert
+ Certificate trusedCert = null;
+ ByteArrayInputStream is = null;
+ if (trusedCertStr != null) {
+ is = new ByteArrayInputStream(trusedCertStr.getBytes());
+ trusedCert = cf.generateCertificate(is);
+ is.close();
+
+ ks.setCertificateEntry("RSA Export Signer", trusedCert);
+ }
+
+ if (keyCertStr != null) {
+ // generate the private key.
+ PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
+ new BASE64Decoder().decodeBuffer(keySpecStr));
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ RSAPrivateKey priKey =
+ (RSAPrivateKey)kf.generatePrivate(priKeySpec);
+
+ // generate certificate chain
+ is = new ByteArrayInputStream(keyCertStr.getBytes());
+ Certificate keyCert = cf.generateCertificate(is);
+ is.close();
+
+ Certificate[] chain = null;
+ if (trusedCert != null) {
+ chain = new Certificate[2];
+ chain[0] = keyCert;
+ chain[1] = trusedCert;
+ } else {
+ chain = new Certificate[1];
+ chain[0] = keyCert;
+ }
+
+ // import the key entry.
+ ks.setKeyEntry("Whatever", priKey, passphrase, chain);
+ }
+
+ // create SSL context
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm);
+ tmf.init(ks);
+
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ if (keyCertStr != null && !keyCertStr.equals("")) {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+ kmf.init(ks, passphrase);
+
+ ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+ ks = null;
+ } else {
+ ctx.init(null, tmf.getTrustManagers(), null);
+ }
+
+ return ctx;
+ }
+
+ private static String tmAlgorithm; // trust manager
+ private static String renego_initiator; // renegotiation initiator
+ private static String cli_renego_abbreviate; // abbreviate handshaking
+ private static String srv_renego_abbreviate; // abbreviate handshaking
+ private static String cli_session_creation; // enable session creation
+ private static String srv_session_creation; // enable session creation
+ private static String cli_allow_renego; // allow client renegotiation
+ private static String srv_allow_renego; // allow server renegotiation
+ private static String cli_behavior; // expected client hehavior
+ private static String srv_behavior; // expected client hehavior
+
+ private static void parseArguments(String[] args) {
+ tmAlgorithm = args[0];
+ renego_initiator = args[1];
+ cli_renego_abbreviate = args[2];
+ srv_renego_abbreviate = args[3];
+ cli_session_creation = args[4];
+ srv_session_creation = args[5];
+ cli_allow_renego = args[6];
+ srv_allow_renego = args[7];
+ cli_behavior = args[8];
+ srv_behavior = args[9];
+ }
+
+ /*
+ * =============================================================
+ * The remainder is just support stuff
+ */
+
+ // use any free port by default
+ volatile int serverPort = 0;
+
+ volatile Exception serverException = null;
+ volatile Exception clientException = null;
+
+ public static void main(String args[]) throws Exception {
+ if (debug)
+ System.setProperty("javax.net.debug", "all");
+
+
+ /*
+ * Get the customized arguments.
+ */
+ parseArguments(args);
+
+ /*
+ * Start the tests.
+ */
+ new RenegotiationMITM();
+ }
+
+ Thread clientThread = null;
+ Thread serverThread = null;
+ /*
+ * Primary constructor, used to drive remainder of the test.
+ *
+ * Fork off the other side, then do your work.
+ */
+ RenegotiationMITM() throws Exception {
+ if (separateServerThread) {
+ startServer(true);
+ startClient(false);
+ } else {
+ startClient(true);
+ startServer(false);
+ }
+
+ /*
+ * Wait for other side to close down.
+ */
+ if (separateServerThread) {
+ serverThread.join();
+ } else {
+ clientThread.join();
+ }
+
+ /*
+ * When we get here, the test is pretty much over.
+ *
+ * If the main thread excepted, that propagates back
+ * immediately. If the other thread threw an exception, we
+ * should report back.
+ */
+ if (serverException != null)
+ throw serverException;
+ if (clientException != null)
+ throw clientException;
+ }
+
+ void startServer(boolean newThread) throws Exception {
+ if (newThread) {
+ serverThread = new Thread() {
+ public void run() {
+ try {
+ doServerSide();
+ } catch (Exception e) {
+ /*
+ * Our server thread just died.
+ *
+ * Release the client, if not active already...
+ */
+ System.err.println("Server died...");
+ serverReady = true;
+ serverException = e;
+ }
+ }
+ };
+ serverThread.start();
+ } else {
+ doServerSide();
+ }
+ }
+
+ void startClient(boolean newThread) throws Exception {
+ if (newThread) {
+ clientThread = new Thread() {
+ public void run() {
+ try {
+ doClientSide();
+ } catch (Exception e) {
+ /*
+ * Our client thread just died.
+ */
+ System.err.println("Client died...");
+ clientException = e;
+ }
+ }
+ };
+ clientThread.start();
+ } else {
+ doClientSide();
+ }
+ }
+
+}
+
diff -up ./openjdk/jdk/test/java/beans/EventHandler/Test6277246.java.mar10sec ./openjdk/jdk/test/java/beans/EventHandler/Test6277246.java
--- ./openjdk/jdk/test/java/beans/EventHandler/Test6277246.java.mar10sec 2009-04-24 03:34:39.000000000 -0400
+++ ./openjdk/jdk/test/java/beans/EventHandler/Test6277246.java 2010-03-24 20:10:55.107393445 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,10 +49,10 @@ public class Test6277246 {
catch (NoSuchMethodException exception) {
throw new Error("unexpected exception", exception);
}
+ catch (SecurityException exception) {
+ // expected security exception
+ }
catch (RuntimeException exception) {
- if (exception.getCause() instanceof SecurityException) {
- return; // expected security exception
- }
throw new Error("unexpected exception", exception);
}
}
diff -up ./openjdk/jdk/test/java/beans/EventHandler/Test6277266.java.mar10sec ./openjdk/jdk/test/java/beans/EventHandler/Test6277266.java
--- ./openjdk/jdk/test/java/beans/EventHandler/Test6277266.java.mar10sec 2009-04-24 03:34:39.000000000 -0400
+++ ./openjdk/jdk/test/java/beans/EventHandler/Test6277266.java 2010-03-24 20:10:55.107393445 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -51,7 +51,7 @@ public class Test6277266 {
);
throw new Error("SecurityException expected");
} catch (InvocationTargetException exception) {
- if (exception.getCause().getCause() instanceof SecurityException){
+ if (exception.getCause() instanceof SecurityException){
return; // expected security exception
}
throw new Error("unexpected exception", exception);
diff -up ./openjdk/jdk/test/java/lang/ThreadGroup/NullGroup.java.mar10sec ./openjdk/jdk/test/java/lang/ThreadGroup/NullGroup.java
--- ./openjdk/jdk/test/java/lang/ThreadGroup/NullGroup.java.mar10sec 2010-03-24 20:10:55.107393445 -0400
+++ ./openjdk/jdk/test/java/lang/ThreadGroup/NullGroup.java 2010-03-24 20:10:55.107393445 -0400
@@ -0,0 +1,91 @@
+/* @test
+ * @key closed-security
+ * @bug 6639665
+ * @summary ThreadGroup finalizer allows creation of false root ThreadGroups
+ * @run main/othervm NullGroup
+ */
+
+/* This test relies on gc to execute the finalizer so is not guaranteed to
+ * always fail if the bug exists, but if it fails then it means that there
+ * is definitely a problem.
+ */
+public class NullGroup {
+ static volatile ThreadGroup nullGroup;
+
+ public void test(String[] args) {
+ // Part 1
+ try {
+ new NullThreadGroup(null, "null group 1");
+ fail();
+ } catch (NullPointerException unused) {
+ // OK, the arg to NullThreadGroup was null
+ }
+ checkNullGroup();
+
+ // Part 2
+ ThreadGroup systemTG = Thread.currentThread().getThreadGroup();
+ for (ThreadGroup tgn = systemTG;
+ tgn != null;
+ systemTG = tgn, tgn = systemTG.getParent());
+
+
+ // set a security manager for the second check
+ System.setSecurityManager(new SecurityManager());
+ try {
+ new NullThreadGroup(systemTG, "null group 2");
+ fail();
+ } catch (SecurityException unused) {
+ // OK, the security manager disallows creation
+ }
+ checkNullGroup();
+ }
+
+ void checkNullGroup() {
+ // try to force the finalizer to run
+ System.runFinalization();
+ System.gc();
+ System.runFinalization();
+
+ if (nullGroup != null) {
+ // the finalizer has been run
+ check(nullGroup.getParent() != null,
+ "A thread group has been created with a null parent");
+
+ //reset
+ nullGroup = null;
+ } else {
+ // the thread group object never got created
+ pass();
+ }
+ }
+
+ static class NullThreadGroup extends ThreadGroup {
+ NullThreadGroup(ThreadGroup parent, String name) {
+ super(parent, name);
+ }
+
+ @Override
+ public void finalize() {
+ // expose the uninitialized group
+ nullGroup = this;
+ }
+ }
+
+ //--------------------- Infrastructure ---------------------------
+ volatile int passed = 0, failed = 0;
+ void pass() {passed++;}
+ void fail() {failed++; Thread.dumpStack();}
+ void fail(String msg) {System.err.println(msg); fail();}
+ void unexpected(Throwable t) {failed++; t.printStackTrace();}
+ void check(boolean cond) {if (cond) pass(); else fail();}
+ void check(boolean cond, String failMessage) {if (cond) pass(); else fail(failMessage);}
+ public static void main(String[] args) throws Throwable {
+ Class<?> k = new Object(){}.getClass().getEnclosingClass();
+ try {k.getMethod("instanceMain",String[].class)
+ .invoke( k.newInstance(), (Object) args);}
+ catch (Throwable e) {throw e.getCause();}}
+ public void instanceMain(String[] args) throws Throwable {
+ try {test(args);} catch (Throwable t) {unexpected(t);}
+ System.out.printf("%nPassed = %d, failed = %d%n%n", passed, failed);
+ if (failed > 0) throw new AssertionError("Some tests failed");}
+}
diff -up ./openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
--- ./openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java.mar10sec 2009-04-24 03:34:50.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java 2010-03-24 20:10:55.108393863 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2003 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
* @test
* @bug 4403428
* @summary Invalidating JSSE session on server causes SSLProtocolException
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
* @author Brad Wetmore
*/
diff -up ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
--- ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java.mar10sec 2009-04-24 03:34:51.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java 2010-03-24 20:10:55.108393863 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
* @bug 4280338
* @summary "Unsupported SSL message version" SSLProtocolException
* w/SSL_RSA_WITH_NULL_MD5
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
*
* @author Ram Marti
* @author Brad Wetmore
diff -up ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
--- ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java.mar10sec 2009-04-24 03:34:51.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java 2010-03-24 20:10:55.109405176 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
* @test
* @bug 4948079
* @summary SSLEngineResult needs updating [none yet]
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
*
* This is a simple hack to test a bunch of conditions and check
* their return codes.
diff -up ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
--- ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java.mar10sec 2009-04-24 03:34:51.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java 2010-03-24 20:10:55.109405176 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
* @bug 4495742
* @summary Add non-blocking SSL/TLS functionality, usable with any
* I/O abstraction
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
*
* This is a bit hacky, meant to test various conditions. The main
* thing I wanted to do with this was to do buffer reads/writes
diff -up ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java.mar10sec ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java
--- ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java.mar10sec 2009-04-24 03:34:51.000000000 -0400
+++ ./openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java 2010-03-24 20:10:55.110392412 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
* @test
* @bug 4495742
* @summary Demonstrate SSLEngine switch from no client auth to client auth.
+ * @ignore incompatible with disabled unsafe renegotiation (6898739), please
+ * reenable when safe renegotiation is implemented.
*
* @author Brad R. Wetmore
*/
diff -up ./openjdk/jdk/test/sun/security/util/Oid/BerOid.java.mar10sec ./openjdk/jdk/test/sun/security/util/Oid/BerOid.java
--- ./openjdk/jdk/test/sun/security/util/Oid/BerOid.java.mar10sec 2010-03-24 20:10:55.110392412 -0400
+++ ./openjdk/jdk/test/sun/security/util/Oid/BerOid.java 2010-03-24 20:10:55.110392412 -0400
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6898622
+ * @summary ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
+ * @run main/fail BerOid
+ */
+
+import sun.security.util.*;
+
+public class BerOid {
+ public static void main(String[] args) throws Exception {
+ new DerValue(new byte[] {6, 4, 85, 4, (byte)0x80, 3}).getOID();
+ }
+}
+
+
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
eabafe05fc1fbe740731d78e7e477f36
>
files
>
17
