Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 3
Star 2
Fork 0
D
dragonwell8_jdk

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 394d3c91 编写于 作者: L lana
浏览文件
操作

Merge

上级 a3c8b15e 1ef28430
隐藏空白更改
内联 并排
Showing with 404 addition and 82 deletion
src/share/classes/com/sun/net/ssl/HttpsURLConnection.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -179,6 +179,12 @@ class HttpsURLConnection extends HttpURLConnection
throw new IllegalArgumentException(
"no SSLSocketFactory specified");
}
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkSetFactory();
}
sslSocketFactory = sf;
}
......
src/share/classes/java/awt/AWTKeyStroke.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -25,6 +25,7 @@
package java.awt;
import java.awt.event.KeyEvent;
import sun.awt.AppContext;
import java.awt.event.InputEvent;
import java.util.Collections;
import java.util.HashMap;
......@@ -66,9 +67,6 @@ import java.lang.reflect.Field;
public class AWTKeyStroke implements Serializable {
static final long serialVersionUID = -6430539691155161871L;
private static Map cache;
private static AWTKeyStroke cacheKey;
private static Constructor ctor = getCtor(AWTKeyStroke.class);
private static Map modifierKeywords;
/**
* Associates VK_XXX (as a String) with code (as Integer). This is
......@@ -77,6 +75,25 @@ public class AWTKeyStroke implements Serializable {
*/
private static VKCollection vks;
//A key for the collection of AWTKeyStrokes within AppContext.
private static Object APP_CONTEXT_CACHE_KEY = new Object();
//A key withing the cache
private static AWTKeyStroke APP_CONTEXT_KEYSTROKE_KEY = new AWTKeyStroke();
/*
* Reads keystroke class from AppContext and if null, puts there the
* AWTKeyStroke class.
* Must be called under locked AWTKeyStro
*/
private static Class getAWTKeyStrokeClass() {
Class clazz = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
if (clazz == null) {
clazz = AWTKeyStroke.class;
AppContext.getAppContext().put(AWTKeyStroke.class, AWTKeyStroke.class);
}
return clazz;
}
private char keyChar = KeyEvent.CHAR_UNDEFINED;
private int keyCode = KeyEvent.VK_UNDEFINED;
private int modifiers;
......@@ -164,9 +181,12 @@ public class AWTKeyStroke implements Serializable {
if (subclass == null) {
throw new IllegalArgumentException("subclass cannot be null");
}
if (AWTKeyStroke.ctor.getDeclaringClass().equals(subclass)) {
// Already registered
return;
synchronized (AWTKeyStroke.class) {
Class keyStrokeClass = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
if (keyStrokeClass != null && keyStrokeClass.equals(subclass)){
// Already registered
return;
}
}
if (!AWTKeyStroke.class.isAssignableFrom(subclass)) {
throw new ClassCastException("subclass is not derived from AWTKeyStroke");
......@@ -197,9 +217,9 @@ public class AWTKeyStroke implements Serializable {
}
synchronized (AWTKeyStroke.class) {
AWTKeyStroke.ctor = ctor;
cache = null;
cacheKey = null;
AppContext.getAppContext().put(AWTKeyStroke.class, subclass);
AppContext.getAppContext().remove(APP_CONTEXT_CACHE_KEY);
AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
}
}
......@@ -229,13 +249,19 @@ public class AWTKeyStroke implements Serializable {
private static synchronized AWTKeyStroke getCachedStroke
(char keyChar, int keyCode, int modifiers, boolean onKeyRelease)
{
Map cache = (Map)AppContext.getAppContext().get(APP_CONTEXT_CACHE_KEY);
AWTKeyStroke cacheKey = (AWTKeyStroke)AppContext.getAppContext().get(APP_CONTEXT_KEYSTROKE_KEY);
if (cache == null) {
cache = new HashMap();
AppContext.getAppContext().put(APP_CONTEXT_CACHE_KEY, cache);
}
if (cacheKey == null) {
try {
cacheKey = (AWTKeyStroke)ctor.newInstance((Object[]) null);
Class clazz = getAWTKeyStrokeClass();
cacheKey = (AWTKeyStroke)getCtor(clazz).newInstance((Object[]) null);
AppContext.getAppContext().put(APP_CONTEXT_KEYSTROKE_KEY, cacheKey);
} catch (InstantiationException e) {
assert(false);
} catch (IllegalAccessException e) {
......@@ -253,9 +279,8 @@ public class AWTKeyStroke implements Serializable {
if (stroke == null) {
stroke = cacheKey;
cache.put(stroke, stroke);
cacheKey = null;
AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
}
return stroke;
}
......
src/share/classes/java/io/InputStream.java
浏览文件 @ 394d3c91
......@@ -44,10 +44,9 @@ package java.io;
*/
public abstract class InputStream implements Closeable {
// SKIP_BUFFER_SIZE is used to determine the size of skipBuffer
private static final int SKIP_BUFFER_SIZE = 2048;
// skipBuffer is initialized in skip(long), if needed.
private static byte[] skipBuffer;
// MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer size to
// use when skipping.
private static final int MAX_SKIP_BUFFER_SIZE = 2048;
/**
* Reads the next byte of data from the input stream. The value byte is
......@@ -212,18 +211,15 @@ public abstract class InputStream implements Closeable {
long remaining = n;
int nr;
if (skipBuffer == null)
skipBuffer = new byte[SKIP_BUFFER_SIZE];
byte[] localSkipBuffer = skipBuffer;
if (n <= 0) {
return 0;
}
int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining);
byte[] skipBuffer = new byte[size];
while (remaining > 0) {
nr = read(localSkipBuffer, 0,
(int) Math.min(SKIP_BUFFER_SIZE, remaining));
nr = read(skipBuffer, 0, (int)Math.min(size, remaining));
if (nr < 0) {
break;
}
......
src/share/classes/javax/net/ssl/HttpsURLConnection.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -347,6 +347,9 @@ class HttpsURLConnection extends HttpURLConnection
* @param sf the SSL socket factory
* @throws IllegalArgumentException if the <code>SSLSocketFactory</code>
* parameter is null.
* @throws SecurityException if a security manager exists and its
* <code>checkSetFactory</code> method does not allow
* a socket factory to be specified.
* @see #getSSLSocketFactory()
*/
public void setSSLSocketFactory(SSLSocketFactory sf) {
......@@ -355,6 +358,10 @@ class HttpsURLConnection extends HttpURLConnection
"no SSLSocketFactory specified");
}
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkSetFactory();
}
sslSocketFactory = sf;
}
......
src/share/classes/javax/net/ssl/SSLEngine.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -538,7 +538,7 @@ public abstract class SSLEngine {
* If this <code>SSLEngine</code> has not yet started its initial
* handshake, this method will automatically start the handshake.
* <P>
* This method will attempt to produce one SSL/TLS packet, and will
* This method will attempt to produce SSL/TLS records, and will
* consume as much source data as possible, but will never consume
* more than the sum of the bytes remaining in each buffer. Each
* <code>ByteBuffer</code>'s position is updated to reflect the
......
src/share/classes/sun/net/ResourceManager.java
浏览文件 @ 394d3c91
......@@ -41,13 +41,14 @@ public class ResourceManager {
/* default maximum number of udp sockets per VM
* when a security manager is enabled.
* The default is 1024 which is high enough to be useful
* The default is 25 which is high enough to be useful
* but low enough to be well below the maximum number
* of port numbers actually available on all OSes for
* such sockets (5000 on some versions of windows)
* of port numbers actually available on all OSes
* when multiplied by the maximum feasible number of VM processes
* that could practically be spawned.
*/
private static final int DEFAULT_MAX_SOCKETS = 1024;
private static final int DEFAULT_MAX_SOCKETS = 25;
private static final int maxSockets;
private static final AtomicInteger numSockets;
......
src/share/classes/sun/rmi/registry/RegistryImpl.java
浏览文件 @ 394d3c91
......@@ -38,13 +38,23 @@ import java.rmi.server.ServerNotActiveException;
import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Policy;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.text.MessageFormat;
import sun.rmi.server.LoaderHandler;
import sun.rmi.server.UnicastServerRef;
import sun.rmi.server.UnicastServerRef2;
import sun.rmi.transport.LiveRef;
import sun.rmi.transport.ObjectTable;
import sun.rmi.transport.Target;
import sun.security.action.GetPropertyAction;
/**
* A "registry" exists on every node that allows RMI connections to
......@@ -325,6 +335,19 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp);
ClassLoader cl = new URLClassLoader(urls);
String codebaseProperty = null;
String prop = java.security.AccessController.doPrivileged(
new GetPropertyAction("java.rmi.server.codebase"));
if (prop != null && prop.trim().length() > 0) {
codebaseProperty = prop;
}
URL[] codebaseURLs = null;
if (codebaseProperty != null) {
codebaseURLs = sun.misc.URLClassPath.pathToURLs(codebaseProperty);
} else {
codebaseURLs = new URL[0];
}
/*
* Fix bugid 4242317: Classes defined by this class loader should
* be annotated with the value of the "java.rmi.server.codebase"
......@@ -334,11 +357,19 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
Thread.currentThread().setContextClassLoader(cl);
int regPort = Registry.REGISTRY_PORT;
if (args.length >= 1) {
regPort = Integer.parseInt(args[0]);
final int regPort = (args.length >= 1) ? Integer.parseInt(args[0])
: Registry.REGISTRY_PORT;
try {
registry = AccessController.doPrivileged(
new PrivilegedExceptionAction<RegistryImpl>() {
public RegistryImpl run() throws RemoteException {
return new RegistryImpl(regPort);
}
}, getAccessControlContext(codebaseURLs));
} catch (PrivilegedActionException ex) {
throw (RemoteException) ex.getException();
}
registry = new RegistryImpl(regPort);
// prevent registry from exiting
while (true) {
try {
......@@ -358,4 +389,48 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
}
System.exit(1);
}
/**
* Generates an AccessControlContext from several URLs.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
private static AccessControlContext getAccessControlContext(URL[] urls) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
(java.security.cert.Certificate[]) null);
Policy p = java.security.Policy.getPolicy();
if (p != null) {
return p.getPermissions(codesource);
} else {
return new Permissions();
}
}
});
/*
* Anyone can connect to the registry and the registry can connect
* to and possibly download stubs from anywhere. Downloaded stubs and
* related classes themselves are more tightly limited by RMI.
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
// add permissions required to load from codebase URL path
LoaderHandler.addPermissionsForURLs(urls, perms, false);
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
new CodeSource((urls.length > 0 ? urls[0] : null),
(java.security.cert.Certificate[]) null),
perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
}
src/share/classes/sun/rmi/server/LoaderHandler.java
浏览文件 @ 394d3c91
......@@ -1031,9 +1031,9 @@ public final class LoaderHandler {
* loader. A given permission is only added to the collection if
* it is not already implied by the collection.
*/
private static void addPermissionsForURLs(URL[] urls,
PermissionCollection perms,
boolean forLoader)
public static void addPermissionsForURLs(URL[] urls,
PermissionCollection perms,
boolean forLoader)
{
for (int i = 0; i < urls.length; i++) {
URL url = urls[i];
......
src/share/classes/sun/rmi/server/UnicastServerRef.java
浏览文件 @ 394d3c91
......@@ -390,6 +390,12 @@ public class UnicastServerRef extends UnicastRef
ObjectInput in;
try {
in = call.getInputStream();
try {
Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel");
if (clazz.isAssignableFrom(skel.getClass())) {
((MarshalInputStream)in).useCodebaseOnly();
}
} catch (ClassNotFoundException ignore) { }
hash = in.readLong();
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
......
src/share/classes/sun/security/ssl/AppOutputStream.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -69,12 +69,38 @@ class AppOutputStream extends OutputStream {
// check if the Socket is invalid (error or closed)
c.checkWrite();
/*
* By default, we counter chosen plaintext issues on CBC mode
* ciphersuites in SSLv3/TLS1.0 by sending one byte of application
* data in the first record of every payload, and the rest in
* subsequent record(s). Note that the issues have been solved in
* TLS 1.1 or later.
*
* It is not necessary to split the very first application record of
* a freshly negotiated TLS session, as there is no previous
* application data to guess. To improve compatibility, we will not
* split such records.
*
* This avoids issues in the outbound direction. For a full fix,
* the peer must have similar protections.
*/
boolean isFirstRecordOfThePayload = true;
// Always flush at the end of each application level record.
// This lets application synchronize read and write streams
// however they like; if we buffered here, they couldn't.
try {
do {
int howmuch = Math.min(len, r.availableDataBytes());
int howmuch;
if (isFirstRecordOfThePayload && c.needToSplitPayload()) {
howmuch = Math.min(0x01, r.availableDataBytes());
} else {
howmuch = Math.min(len, r.availableDataBytes());
}
if (isFirstRecordOfThePayload && howmuch != 0) {
isFirstRecordOfThePayload = false;
}
// NOTE: *must* call c.writeRecord() even for howmuch == 0
if (howmuch > 0) {
......
src/share/classes/sun/security/ssl/CipherBox.java
浏览文件 @ 394d3c91
......@@ -112,6 +112,11 @@ final class CipherBox {
*/
private SecureRandom random;
/**
* Is the cipher of CBC mode?
*/
private final boolean isCBCMode;
/**
* Fixed masks of various block size, as the initial decryption IVs
* for TLS 1.1 or later.
......@@ -128,6 +133,7 @@ final class CipherBox {
private CipherBox() {
this.protocolVersion = ProtocolVersion.DEFAULT;
this.cipher = null;
this.isCBCMode = false;
}
/**
......@@ -148,6 +154,7 @@ final class CipherBox {
random = JsseJce.getSecureRandom();
}
this.random = random;
this.isCBCMode = bulkCipher.isCBCMode;
/*
* RFC 4346 recommends two algorithms used to generated the
......@@ -694,4 +701,12 @@ final class CipherBox {
}
}
/*
* Does the cipher use CBC mode?
*
* @return true if the cipher use CBC mode, false otherwise.
*/
boolean isCBCMode() {
return isCBCMode;
}
}
src/share/classes/sun/security/ssl/CipherSuite.java
浏览文件 @ 394d3c91
......@@ -420,10 +420,16 @@ final class CipherSuite implements Comparable<CipherSuite> {
// exportable under 512/40 bit rules
final boolean exportable;
// Is the cipher algorithm of Cipher Block Chaining (CBC) mode?
final boolean isCBCMode;
BulkCipher(String transformation, int keySize,
int expandedKeySize, int ivSize, boolean allowed) {
this.transformation = transformation;
this.algorithm = transformation.split("/")[0];
String[] splits = transformation.split("/");
this.algorithm = splits[0];
this.isCBCMode =
splits.length <= 1 ? false : "CBC".equalsIgnoreCase(splits[1]);
this.description = this.algorithm + "/" + (keySize << 3);
this.keySize = keySize;
this.ivSize = ivSize;
......@@ -436,7 +442,10 @@ final class CipherSuite implements Comparable<CipherSuite> {
BulkCipher(String transformation, int keySize,
int ivSize, boolean allowed) {
this.transformation = transformation;
this.algorithm = transformation.split("/")[0];
String[] splits = transformation.split("/");
this.algorithm = splits[0];
this.isCBCMode =
splits.length <= 1 ? false : "CBC".equalsIgnoreCase(splits[1]);
this.description = this.algorithm + "/" + (keySize << 3);
this.keySize = keySize;
this.ivSize = ivSize;
......
src/share/classes/sun/security/ssl/EngineOutputRecord.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -46,6 +46,7 @@ import sun.misc.HexDumpEncoder;
*/
final class EngineOutputRecord extends OutputRecord {
private SSLEngineImpl engine;
private EngineWriter writer;
private boolean finishedMsg = false;
......@@ -62,6 +63,7 @@ final class EngineOutputRecord extends OutputRecord {
*/
EngineOutputRecord(byte type, SSLEngineImpl engine) {
super(type, recordSize(type));
this.engine = engine;
writer = engine.writer;
}
......@@ -227,11 +229,50 @@ final class EngineOutputRecord extends OutputRecord {
* implementations are fragile and don't like to see empty
* records, so this increases robustness.
*/
int length = Math.min(ea.getAppRemaining(), maxDataSize);
if (length == 0) {
if (ea.getAppRemaining() == 0) {
return;
}
/*
* By default, we counter chosen plaintext issues on CBC mode
* ciphersuites in SSLv3/TLS1.0 by sending one byte of application
* data in the first record of every payload, and the rest in
* subsequent record(s). Note that the issues have been solved in
* TLS 1.1 or later.
*
* It is not necessary to split the very first application record of
* a freshly negotiated TLS session, as there is no previous
* application data to guess. To improve compatibility, we will not
* split such records.
*
* Because of the compatibility, we'd better produce no more than
* SSLSession.getPacketBufferSize() net data for each wrap. As we
* need a one-byte record at first, the 2nd record size should be
* equal to or less than Record.maxDataSizeMinusOneByteRecord.
*
* This avoids issues in the outbound direction. For a full fix,
* the peer must have similar protections.
*/
int length;
if (engine.needToSplitPayload(writeCipher, protocolVersion)) {
write(ea, writeMAC, writeCipher, 0x01);
ea.resetLim(); // reset application data buffer limit
length = Math.min(ea.getAppRemaining(),
maxDataSizeMinusOneByteRecord);
} else {
length = Math.min(ea.getAppRemaining(), maxDataSize);
}
// Don't bother to really write empty records.
if (length > 0) {
write(ea, writeMAC, writeCipher, length);
}
return;
}
void write(EngineArgs ea, MAC writeMAC, CipherBox writeCipher,
int length) throws IOException {
/*
* Copy out existing buffer values.
*/
......
src/share/classes/sun/security/ssl/Record.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -67,6 +67,23 @@ interface Record {
+ maxPadding // padding
+ trailerSize; // MAC
static final boolean enableCBCProtection =
Debug.getBooleanProperty("jsse.enableCBCProtection", true);
/*
* For CBC protection in SSL3/TLS1, we break some plaintext into two
* packets. Max application data size for the second packet.
*/
static final int maxDataSizeMinusOneByteRecord =
maxDataSize // max data size
- ( // max one byte record size
headerSize // header
+ maxIVLength // iv
+ 1 // one byte data
+ maxPadding // padding
+ trailerSize // MAC
);
/*
* The maximum large record size.
*
......
src/share/classes/sun/security/ssl/SSLEngineImpl.java
浏览文件 @ 394d3c91
......@@ -308,6 +308,11 @@ final public class SSLEngineImpl extends SSLEngine {
private Object unwrapLock;
Object writeLock;
/*
* Is it the first application record to write?
*/
private boolean isFirstAppOutputRecord = true;
/*
* Class and subclass dynamic debugging support
*/
......@@ -612,6 +617,9 @@ final public class SSLEngineImpl extends SSLEngine {
// See comment above.
oldCipher.dispose();
// reset the flag of the first application record
isFirstAppOutputRecord = true;
}
/*
......@@ -1286,9 +1294,35 @@ final public class SSLEngineImpl extends SSLEngine {
}
}
/*
* turn off the flag of the first application record if we really
* consumed at least byte.
*/
if (isFirstAppOutputRecord && ea.deltaApp() > 0) {
isFirstAppOutputRecord = false;
}
return hsStatus;
}
/*
* Need to split the payload except the following cases:
*
* 1. protocol version is TLS 1.1 or later;
* 2. bulk cipher does not use CBC mode, including null bulk cipher suites.
* 3. the payload is the first application record of a freshly
* negotiated TLS session.
* 4. the CBC protection is disabled;
*
* More details, please refer to
* EngineOutputRecord.write(EngineArgs, MAC, CipherBox).
*/
boolean needToSplitPayload(CipherBox cipher, ProtocolVersion protocol) {
return (protocol.v <= ProtocolVersion.TLS10.v) &&
cipher.isCBCMode() && !isFirstAppOutputRecord &&
Record.enableCBCProtection;
}
/*
* Non-application OutputRecords go through here.
*/
......
src/share/classes/sun/security/ssl/SSLSocketImpl.java
浏览文件 @ 394d3c91
......@@ -369,6 +369,11 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
/* Class and subclass dynamic debugging support */
private static final Debug debug = Debug.getInstance("ssl");
/*
* Is it the first application record to write?
*/
private boolean isFirstAppOutputRecord = true;
//
// CONSTRUCTORS AND INITIALIZATION CODE
//
......@@ -802,8 +807,35 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
if (connectionState < cs_ERROR) {
checkSequenceNumber(writeMAC, r.contentType());
}
// turn off the flag of the first application record
if (isFirstAppOutputRecord &&
r.contentType() == Record.ct_application_data) {
isFirstAppOutputRecord = false;
}
}
/*
* Need to split the payload except the following cases:
*
* 1. protocol version is TLS 1.1 or later;
* 2. bulk cipher does not use CBC mode, including null bulk cipher suites.
* 3. the payload is the first application record of a freshly
* negotiated TLS session.
* 4. the CBC protection is disabled;
*
* More details, please refer to AppOutputStream.write(byte[], int, int).
*/
boolean needToSplitPayload() {
writeLock.lock();
try {
return (protocolVersion.v <= ProtocolVersion.TLS10.v) &&
writeCipher.isCBCMode() && !isFirstAppOutputRecord &&
Record.enableCBCProtection;
} finally {
writeLock.unlock();
}
}
/*
* Read an application data record. Alerts and handshake
......@@ -2030,6 +2062,9 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
// See comment above.
oldCipher.dispose();
// reset the flag of the first application record
isFirstAppOutputRecord = true;
}
/*
......
src/share/native/com/sun/java/util/jar/pack/unpack.cpp
浏览文件 @ 394d3c91
......@@ -1112,11 +1112,14 @@ void unpacker::read_Utf8_values(entry* cpMap, int len) {
uint size3 = suffix * 3;
if (suffix == 0) continue; // done with empty string
chars.malloc(size3);
CHECK;
byte* chp = chars.ptr;
band saved_band = cp_Utf8_big_chars;
cp_Utf8_big_chars.readData(suffix);
CHECK;
for (int j = 0; j < suffix; j++) {
unsigned short ch = cp_Utf8_big_chars.getInt();
CHECK;
chp = store_Utf8_char(chp, ch);
}
chars.realloc(chp - chars.ptr);
......@@ -1134,10 +1137,12 @@ void unpacker::read_Utf8_values(entry* cpMap, int len) {
CHECK;
int prevlen = 0; // previous string length (in chars)
tmallocs.add(bigbuf.ptr); // free after this block
CHECK;
cp_Utf8_prefix.rewind();
for (i = 0; i < len; i++) {
bytes& chars = allsuffixes[i];
int prefix = (i < PREFIX_SKIP_2)? 0: cp_Utf8_prefix.getInt();
CHECK;
int suffix = (int)chars.len;
byte* fillp;
// by induction, the buffer is already filled with the prefix
......
src/share/native/com/sun/java/util/jar/pack/utils.cpp
浏览文件 @ 394d3c91
/*
* Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -52,7 +52,7 @@ void* must_malloc(size_t size) {
if (msize >= 0 && msize < sizeof(int))
msize = sizeof(int); // see 0xbaadf00d below
#endif
void* ptr = (msize > PSIZE_MAX) ? null : malloc(msize);
void* ptr = (msize > PSIZE_MAX || msize <= 0) ? null : malloc(msize);
if (ptr != null) {
memset(ptr, 0, size);
} else {
......
src/share/native/com/sun/java/util/jar/pack/utils.h
浏览文件 @ 394d3c91
/*
* Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -33,7 +33,7 @@ void mtrace(char c, void* ptr, size_t size);
#endif
// overflow management
#define OVERFLOW ((size_t)-1)
#define OVERFLOW ((uint)-1)
#define PSIZE_MAX (OVERFLOW/2) /* normal size limit */
inline size_t scale_size(size_t size, size_t scale) {
......
src/share/native/sun/java2d/loops/TransformHelper.c
浏览文件 @ 394d3c91
/*
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -284,7 +284,7 @@ Java_sun_java2d_loops_TransformHelper_Transform
TransformHelperFunc *pHelperFunc;
TransformInterpFunc *pInterpFunc;
jdouble xorig, yorig;
jint numedges;
jlong numedges;
jint *pEdges;
jint edgebuf[2 + MAXEDGES * 2];
union {
......@@ -379,19 +379,44 @@ Java_sun_java2d_loops_TransformHelper_Transform
}
Region_IntersectBounds(&clipInfo, &dstInfo.bounds);
numedges = (dstInfo.bounds.y2 - dstInfo.bounds.y1);
if (numedges > MAXEDGES) {
pEdges = malloc((2 + 2 * numedges) * sizeof (*pEdges));
if (pEdges == NULL) {
SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
/* edgeArray should already contain zeros for min/maxy */
return;
}
numedges = (((jlong) dstInfo.bounds.y2) - ((jlong) dstInfo.bounds.y1));
if (numedges <= 0) {
pEdges = NULL;
} else if (!JNU_IsNull(env, edgeArray)) {
/*
* Ideally Java should allocate an array large enough, but if
* we ever have a miscommunication about the number of edge
* lines, or if the Java array calculation should overflow to
* a positive number and succeed in allocating an array that
* is too small, we need to verify that it can still hold the
* number of integers that we plan to store to be safe.
*/
jsize edgesize = (*env)->GetArrayLength(env, edgeArray);
/* (edgesize/2 - 1) should avoid any overflow or underflow. */
pEdges = (((edgesize / 2) - 1) >= numedges)
? (*env)->GetPrimitiveArrayCritical(env, edgeArray, NULL)
: NULL;
} else if (numedges > MAXEDGES) {
/* numedges variable (jlong) can be at most ((1<<32)-1) */
/* memsize can overflow a jint, but not a jlong */
jlong memsize = ((numedges * 2) + 2) * sizeof(*pEdges);
pEdges = (memsize == ((size_t) memsize))
? malloc((size_t) memsize)
: NULL;
} else {
pEdges = edgebuf;
}
if (pEdges == NULL) {
if (numedges > 0) {
JNU_ThrowInternalError(env, "Unable to allocate edge list");
}
SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
/* edgeArray should already contain zeros for min/maxy */
return;
}
Transform_GetInfo(env, itxform, &itxInfo);
if (!Region_IsEmpty(&clipInfo)) {
......@@ -500,14 +525,14 @@ Java_sun_java2d_loops_TransformHelper_Transform
} else {
pEdges[0] = pEdges[1] = 0;
}
SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
if (!JNU_IsNull(env, edgeArray)) {
(*env)->SetIntArrayRegion(env, edgeArray, 0, 2+numedges*2, pEdges);
}
if (pEdges != edgebuf) {
(*env)->ReleasePrimitiveArrayCritical(env, edgeArray, pEdges, 0);
} else if (pEdges != edgebuf) {
free(pEdges);
}
SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
}
static void
......
src/windows/classes/java/lang/ProcessImpl.java
浏览文件 @ 394d3c91
......@@ -60,10 +60,11 @@ final class ProcessImpl extends Process {
throws IOException
{
if (append) {
String path = f.getPath();
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkWrite(f.getPath());
long handle = openForAtomicAppend(f.getPath());
sm.checkWrite(path);
long handle = openForAtomicAppend(path);
final FileDescriptor fd = new FileDescriptor();
fdAccess.setHandle(fd, handle);
return AccessController.doPrivileged(
......
src/windows/native/sun/windows/awt_Window.cpp
浏览文件 @ 394d3c91
......@@ -355,7 +355,7 @@ void AwtWindow::RepositionSecurityWarning(JNIEnv *env)
RECT rect;
CalculateWarningWindowBounds(env, &rect);
::SetWindowPos(warningWindow, IsAlwaysOnTop() ? HWND_TOPMOST : GetHWnd(),
::SetWindowPos(warningWindow, IsAlwaysOnTop() ? HWND_TOPMOST : HWND_NOTOPMOST,
rect.left, rect.top,
rect.right - rect.left, rect.bottom - rect.top,
SWP_ASYNCWINDOWPOS | SWP_NOACTIVATE |
......@@ -835,7 +835,7 @@ void AwtWindow::StartSecurityAnimation(AnimationKind kind)
if (securityAnimationKind == akShow) {
::SetWindowPos(warningWindow,
IsAlwaysOnTop() ? HWND_TOPMOST : GetHWnd(),
IsAlwaysOnTop() ? HWND_TOPMOST : HWND_NOTOPMOST,
0, 0, 0, 0,
SWP_NOACTIVATE | SWP_NOSIZE | SWP_NOMOVE |
SWP_SHOWWINDOW | SWP_NOOWNERZORDER);
......
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/GenSSLConfigs/main.java
浏览文件 @ 394d3c91
/*
* @test
* @build TestThread Traffic Handler ServerHandler ServerThread ClientThread
* @run main/othervm/timeout=140 main
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @run main/othervm/timeout=140 -Djsse.enableCBCProtection=false main
* @summary Make sure that different configurations of SSL sockets work
*/
......
test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -29,6 +29,8 @@
* This is a simple hack to test a bunch of conditions and check
* their return codes.
*
* @run main/othervm -Djsse.enableCBCProtection=false CheckStatus
*
* @author Brad Wetmore
*/
......
test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 2004, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -30,6 +30,8 @@
* This is to test larger buffer arrays, and make sure the maximum
* is being passed.
*
* @run main/othervm -Djsse.enableCBCProtection=false LargeBufs
*
* @author Brad R. Wetmore
*/
......
test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargePacket.java
浏览文件 @ 394d3c91
/*
* Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -27,10 +27,7 @@
* @bug 6388456
* @summary Need adjustable TLS max record size for interoperability
* with non-compliant
* @run main/othervm LargePacket
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @run main/othervm -Djsse.enableCBCProtection=false LargePacket
*
* @author Xuelei Fan
*/
......
test/sun/tools/jstatd/jstatdExternalRegistry.sh
浏览文件 @ 394d3c91
......@@ -22,7 +22,7 @@
#
# @test
# @bug 4990825
# @bug 4990825 7092186
# @run shell/timeout=90 jstatdExternalRegistry.sh
# @summary Test functionality of 'jstatd -p<port>&' with an external RMI registry
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册