Merge
diff --git a/.hgtags b/.hgtags
index 709be44..898c53b 100644
--- a/.hgtags
+++ b/.hgtags
@@ -1,3 +1,8 @@
+77a6dd86ef0546b3c439e268f31a044459cfc79d jdk8u20-b21
+d107468094209ee24fd86e2ef23255be8b087c78 jdk8u20-b20
+582979c2039fc1b90f3395bae5466a58d511f69a jdk8u40-b00
+3e9612aa7bc322b2ad3a167eb446919edb94c759 jdk8u20-b19
+3588c912b1012939eead9f9da8ad12d567658d39 jdk8u20-b18
6d80bca57a4d91b15e814f466143ceeb915e7b37 jdk8u5-b04
e694221608d0f593542e92b30e897e6e0cdba2d5 jdk8u11-b00
612c1079f821b5ec23fa0a398573cf4e62c98c88 jdk8u5-b05
@@ -285,4 +290,9 @@
a4b40051d762d972172a28dadf07557987124fee jdk8u20-b14
adf8dfcbcf48460b3d749afe5ffdb1c1f96508bd jdk8u20-b15
03b461ae1b8cabd5247ff68eeaed961f5ec0a595 jdk8u20-b16
-77a6dd86ef0546b3c439e268f31a044459cfc79d jdk8u20-b21
+e638761ad1e86cb301134cef882079ecefb967bd jdk8u20-b17
+46c260129267dfcd7073c18ba8738a5ed8b83a39 jdk8u25-b01
+b1fb5e86fa60aa2cd0084dc66fc712f8018f2a10 jdk8u25-b02
+f75d23fb93048dd5b0d782ffa2c80fc8b96d454f jdk8u25-b03
+73b72f2c3a60d8b9555e7044636da6819814d58d jdk8u25-b04
+1d1b516866bf9b773bc15291599b2517d663f5fc jdk8u25-b05
diff --git a/.hgtags-top-repo b/.hgtags-top-repo
index 4d2ab0a..8b72ad6 100644
--- a/.hgtags-top-repo
+++ b/.hgtags-top-repo
@@ -264,6 +264,7 @@
6f3357d3dbf83c1ef0098bcb853e3aa3b26f4cb8 jdk8u5-b02
794b4365b6884e9a15f0840792539f5821814127 jdk8u5-b03
c200d6cb184056e44afe7102913004b717896aa3 jdk8u5-b04
+eb537d7c31e069ac10de0901727515743f7535d2 jdk8u11-b00
eb537d7c31e069ac10de0901727515743f7535d2 jdk8u5-b05
75cdae18810a479cc3c0fe8eb9055d968ae31c63 jdk8u5-b06
b1585984f29320737ca0da5af029b1225a75c476 jdk8u5-b07
@@ -273,6 +274,20 @@
dd3bd272ceedbd69fabafc531b6b1e056659f733 jdk8u5-b11
3e05b6ae0a1e2bd7352462e9bf8e7262246fb77f jdk8u5-b12
d81e301cae70f1f95f4bb976ec053c915dee503a jdk8u5-b13
+19dd42ebf97c187fbf53884f45dca84274909c3e jdk8u5-b31
+397902f53444be14aa4e261cd47064fac82919c9 jdk8u11-b01
+6ffd41be920a3e63c5767f36ac725e9e3bf5ec50 jdk8u11-b02
+3078ab9b8d4ad37cf18bf6a1ed49c8015e70ec73 jdk8u11-b03
+7be4371ce4ed33cf779606ef3b6256f316898e08 jdk8u11-b04
+97c6d6a8e5bb3dfc24b9a32711aa0906ea110e23 jdk8u11-b05
+5ea1a19659427ea813ae4a00ae9d54338c7faec6 jdk8u11-b06
+fe460afb120e2312769454f4630cccd406ded3f6 jdk8u11-b07
+81f3392f551c45578cabe29552c670b87170d325 jdk8u11-b08
+390084098df7bffecd0eb2318facc6f0f9a46b70 jdk8u11-b09
+6d324f36e2448f486d0caa67f70e5a6cf5ac6c0d jdk8u11-b10
+f0b9fee1d40a6aae31be4780f70aba02148ec54c jdk8u11-b11
+e85bf9b28eb7f4098eeb25ba0e3afed34058ef09 jdk8u11-b12
+66b17e2403b04cfe98dc1cce270f15ed817d0336 jdk8u11-b31
ae6a3aec6aa29509a0fd5f53709889b99b1e27da jdk8u20-b06
cc868070f1959b849c8c3b867771fbdb07b9ba05 jdk8u20-b02
6a3d3b7feab4d4a8252c63b4ce7d0fab106cf2f7 jdk8u20-b03
@@ -293,3 +308,10 @@
1695032e51faa36ed9c39b2817baa374ca361513 jdk8u20-b18
2f40422f564b892a26cb04c62885bb5bc85984e3 jdk8u20-b19
5b76ecd0cdcf899261da2c9965862771f6da4e26 jdk8u20-b20
+0dccc4aca1859b1ff7dca9db214f7f38c4ddbbce jdk8u20-b21
+97c6d6a8e5bb3dfc24b9a32711aa0906ea110e23 jdk8u25-b00
+c4cfb4376f5916c5d7eb1f39a0e23402de0d9818 jdk8u25-b01
+b4d29a751077e5500e766b8104dd1cb7148a550f jdk8u25-b02
+d3df54be114a5c41d4881b61cd42fbb0e52aaf4a jdk8u25-b03
+64e7567a8539078a678853a384340eee469168b0 jdk8u25-b04
+6de13ae93be20b97f53e3837739947d59fb4fd65 jdk8u25-b05
diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh
index 0da1410..9b7911e 100644
--- a/common/autoconf/generated-configure.sh
+++ b/common/autoconf/generated-configure.sh
@@ -3868,7 +3868,7 @@
#CUSTOM_AUTOCONF_INCLUDE
# Do not change or remove the following line, it is needed for consistency checks:
-DATE_WHEN_GENERATED=1397150809
+DATE_WHEN_GENERATED=1403797630
###############################################################################
#
diff --git a/corba/.hgtags b/corba/.hgtags
index d068b7e..25f0cd1 100644
--- a/corba/.hgtags
+++ b/corba/.hgtags
@@ -260,6 +260,7 @@
c750098a3ef18de28a6d739666559f0333c76c78 jdk8u5-b02
3d9b40a53134aa33031bf13581dff9fccade9048 jdk8u5-b03
596f4e4c5587c29767345555c4e48a5be0a58b83 jdk8u5-b04
+1f95c888e5efe010550d95ef59020ddb15876463 jdk8u11-b00
1f95c888e5efe010550d95ef59020ddb15876463 jdk8u5-b05
edfa8bc86fda1b2fd064abbafb4506c80a47587e jdk8u5-b06
0a25d1c162bc046aa230577736429935716a2243 jdk8u5-b07
@@ -269,6 +270,20 @@
a2f7b36bfc1bc8df033fe5721b48fac1c3928a5b jdk8u5-b11
475b96f6d8cecf720ca9fd6d332dd4bafb0f654c jdk8u5-b12
897088ef059f53a8aa73267985666ad319223064 jdk8u5-b13
+0355626e88639a9b51b209f26f48dee28c924c72 jdk8u5-b31
+e2cfebaf3b9d0eae06c2d5ee7669180f1723f897 jdk8u11-b01
+152d1b91e5c5dfc940cccef1bfeae60a6604032a jdk8u11-b02
+60b073836311720d4f013d4493af2729ebe663f6 jdk8u11-b03
+4a0c834de2827b753e5ba2972ca3d9125a5c80eb jdk8u11-b04
+08aa9f55fe5bce1f04cfd2958f71e8df18643e29 jdk8u11-b05
+d6f052f3ad5d9244452d40236efdabe13be24716 jdk8u11-b06
+3052e1208958022173a6bf752edb88c7ad188797 jdk8u11-b07
+fff1b1687ed60d3d398b3d55c0dc71ee3450a601 jdk8u11-b08
+f846c0c1c330545b8a85fc05a36fa95f48757525 jdk8u11-b09
+3e4b895d06e8d292f7338aa2155849173722062f jdk8u11-b10
+ce324096c5626997634df1e5fa68f206909431ab jdk8u11-b11
+c4d817051c6a620a4f748e9e057423a774f172c7 jdk8u11-b12
+c79def3415b9c36e925d71d247de6bf60240a29b jdk8u11-b31
bfafb13aac1c8b2d9184d59ec510b45d965b7667 jdk8u20-b02
9059a1c857044ad5ce7564ddb71a064364f8fcf5 jdk8u20-b03
abe5b0157c367a72f9059269ca633ecfe15732d2 jdk8u20-b04
@@ -291,3 +306,10 @@
2c5113522ce5b887ce060b6accf225095349fc3c jdk8u20-b18
b078cb18ef95fe1afeacab70c2c313b6abbc959c jdk8u20-b19
aca1d25d10812c86024d9dbb7ec529876cca55e8 jdk8u20-b20
+7d1e0f0b63f1d66c77924d8b2a1accdf8f7480db jdk8u20-b21
+08aa9f55fe5bce1f04cfd2958f71e8df18643e29 jdk8u25-b00
+31f50e3c0dcbdfa7f11a895179065e6888c2cf3c jdk8u25-b01
+162703b7c2f16ce00d1b54a8f95d12eda9753eba jdk8u25-b02
+ddaa2a3e452c8fbb1a7046e743096d0f9489290e jdk8u25-b03
+a76e6e02711edbfab4931dc679cbd3df6169ec84 jdk8u25-b04
+2fab01326282ee9033c089933b2dc46aef127abd jdk8u25-b05
diff --git a/hotspot/.hgtags b/hotspot/.hgtags
index 66fe6fc..8662916 100644
--- a/hotspot/.hgtags
+++ b/hotspot/.hgtags
@@ -428,6 +428,7 @@
e5561d89fe8bfc79cd6c8fcc36d270cc6a49ec6e jdk8u5-b02
2f9eb9fcab6c42c8c84ddb44170ea33235116d84 jdk8u5-b03
5ac720d47ab83f8eb2f5fe3641667823a0298f41 jdk8u5-b04
+b90de55aca30678ab0fec05d6a61bb3468b783d2 jdk8u11-b00
b90de55aca30678ab0fec05d6a61bb3468b783d2 jdk8u5-b05
956c0e048ef29ee9a8026fb05858abe64b4e0ceb jdk8u5-b06
46fa2940e6861df18a107b6b83a2df85239e5ec7 jdk8u5-b07
@@ -437,6 +438,20 @@
17a75e692af397532e2b296b24f6b9b6c239c633 jdk8u5-b11
9b289963cb9a14636fbe8faaa2dd6d3678464a7b jdk8u5-b12
8a67179106085689906732013a282efeeb9bd5f4 jdk8u5-b13
+5c7ef8e396835b82c0460b73f23cac86ba34846f jdk8u5-b31
+f0d759a6a2309a1c149d530b29db24eda885f267 jdk8u11-b01
+3c079aebb516765784dd8097887daadda5a76ac1 jdk8u11-b02
+0037e964ce486c009984171f004259263628079f jdk8u11-b03
+4c40343ecdb33fe046833fe4b8970fd29859c4ad jdk8u11-b04
+a4d44dfb7d30eea54bc172e4429a655454ae0bbf jdk8u11-b05
+b73ee2b9027c4183e520b2c0884d785ef9e539cf jdk8u11-b06
+561045d225990b8423af11fd80d2d704954c89c2 jdk8u11-b07
+af747c288b0f379448bebf56e2982f50caac6972 jdk8u11-b08
+34de1e8eeabbcc6e690f92766fd619beb9f3f049 jdk8u11-b09
+7e4ae023277bef5b82361fd985262f4009eb2fe8 jdk8u11-b10
+e6b7384074325d5a4ede728d6928ecb7f1cc1326 jdk8u11-b11
+78df957d46ebd98ba5bb68f4d9654c8bea3f1587 jdk8u11-b12
+13f04650aa09df696d62a1912febe25fe4a64082 jdk8u11-b31
412d3b5fe90e54c0ff9d9ac7374b98607c561d5a hs25.20-b01
4638c4d7ff106db0f29ef7f18b128dd7e69bc470 hs25.20-b02
e56d11f8cc2158d4280f80e56d196193349c150a hs25.20-b03
@@ -477,3 +492,10 @@
b15553cde967dfd7781a4a5c669e4cb7db734317 jdk8u20-b19
4f18dea0312d601d0515976bc0c643ea7acc829d hs25.20-b20
9e4d27da4ac04c6e19291087f7c68a5c5803c7ca jdk8u20-b20
+4828415ebbf11e205dcc08e97ad5ae7dd03522f9 jdk8u20-b21
+a4d44dfb7d30eea54bc172e4429a655454ae0bbf jdk8u25-b00
+9a2152fbd929b0d8b2f5c326a5526214ae71731a jdk8u25-b01
+d3d5604ea0dea3812e87ba76ac199d0a8be6f49f jdk8u25-b02
+27348de6239bb527c37c0bf59e938ed127b619a7 jdk8u25-b03
+220eefb3609e250a0bb0ed26236c1213b8000050 jdk8u25-b04
+db8383148bc9417dd4c38fa4cea39510f17325f3 jdk8u25-b05
diff --git a/hotspot/make/bsd/makefiles/mapfile-vers-debug b/hotspot/make/bsd/makefiles/mapfile-vers-debug
index ddab6a2..44991d2 100644
--- a/hotspot/make/bsd/makefiles/mapfile-vers-debug
+++ b/hotspot/make/bsd/makefiles/mapfile-vers-debug
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -82,6 +82,7 @@
_JVM_EnableCompiler
_JVM_Exit
_JVM_FillInStackTrace
+ _JVM_FindClassFromCaller
_JVM_FindClassFromClass
_JVM_FindClassFromClassLoader
_JVM_FindClassFromBootLoader
diff --git a/hotspot/make/bsd/makefiles/mapfile-vers-product b/hotspot/make/bsd/makefiles/mapfile-vers-product
index db8c276..ed15428 100644
--- a/hotspot/make/bsd/makefiles/mapfile-vers-product
+++ b/hotspot/make/bsd/makefiles/mapfile-vers-product
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -82,6 +82,7 @@
_JVM_EnableCompiler
_JVM_Exit
_JVM_FillInStackTrace
+ _JVM_FindClassFromCaller
_JVM_FindClassFromClass
_JVM_FindClassFromClassLoader
_JVM_FindClassFromBootLoader
diff --git a/hotspot/make/hotspot_version b/hotspot/make/hotspot_version
index 52bd4ff..5c80184 100644
--- a/hotspot/make/hotspot_version
+++ b/hotspot/make/hotspot_version
@@ -34,8 +34,8 @@
HOTSPOT_VM_COPYRIGHT=Copyright 2014
HS_MAJOR_VER=25
-HS_MINOR_VER=20
-HS_BUILD_NUMBER=20
+HS_MINOR_VER=25
+HS_BUILD_NUMBER=01
JDK_MAJOR_VER=1
JDK_MINOR_VER=8
diff --git a/hotspot/make/linux/makefiles/mapfile-vers-debug b/hotspot/make/linux/makefiles/mapfile-vers-debug
index 41d5e9c..d20eb1e 100644
--- a/hotspot/make/linux/makefiles/mapfile-vers-debug
+++ b/hotspot/make/linux/makefiles/mapfile-vers-debug
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -84,6 +84,7 @@
JVM_EnableCompiler;
JVM_Exit;
JVM_FillInStackTrace;
+ JVM_FindClassFromCaller;
JVM_FindClassFromClass;
JVM_FindClassFromClassLoader;
JVM_FindClassFromBootLoader;
diff --git a/hotspot/make/linux/makefiles/mapfile-vers-product b/hotspot/make/linux/makefiles/mapfile-vers-product
index df433ad..976ea1b 100644
--- a/hotspot/make/linux/makefiles/mapfile-vers-product
+++ b/hotspot/make/linux/makefiles/mapfile-vers-product
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -84,6 +84,7 @@
JVM_EnableCompiler;
JVM_Exit;
JVM_FillInStackTrace;
+ JVM_FindClassFromCaller;
JVM_FindClassFromClass;
JVM_FindClassFromClassLoader;
JVM_FindClassFromBootLoader;
diff --git a/hotspot/make/solaris/makefiles/mapfile-vers b/hotspot/make/solaris/makefiles/mapfile-vers
index d2a3d5c6..f25b061 100644
--- a/hotspot/make/solaris/makefiles/mapfile-vers
+++ b/hotspot/make/solaris/makefiles/mapfile-vers
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -84,6 +84,7 @@
JVM_EnableCompiler;
JVM_Exit;
JVM_FillInStackTrace;
+ JVM_FindClassFromCaller;
JVM_FindClassFromClass;
JVM_FindClassFromClassLoader;
JVM_FindClassFromBootLoader;
diff --git a/hotspot/src/os/bsd/vm/os_bsd.cpp b/hotspot/src/os/bsd/vm/os_bsd.cpp
index 76a8606..46826ac 100644
--- a/hotspot/src/os/bsd/vm/os_bsd.cpp
+++ b/hotspot/src/os/bsd/vm/os_bsd.cpp
@@ -1168,10 +1168,6 @@
::abort();
}
-// unused on bsd for now.
-void os::set_error_file(const char *logfile) {}
-
-
// This method is a copy of JDK's sysGetLastErrorString
// from src/solaris/hpi/src/system_md.c
@@ -1826,6 +1822,7 @@
// determine if this is a legacy image or modules image
// modules image doesn't have "jre" subdirectory
len = strlen(buf);
+ assert(len < buflen, "Ran out of buffer space");
jrelib_p = buf + len;
// Add the appropriate library subdir
@@ -1859,7 +1856,7 @@
}
}
- strcpy(saved_jvm_path, buf);
+ strncpy(saved_jvm_path, buf, MAXPATHLEN);
}
void os::print_jni_name_prefix_on(outputStream* st, int args_size) {
diff --git a/hotspot/src/os/linux/vm/os_linux.cpp b/hotspot/src/os/linux/vm/os_linux.cpp
index 37cdc1f..c30aac5 100644
--- a/hotspot/src/os/linux/vm/os_linux.cpp
+++ b/hotspot/src/os/linux/vm/os_linux.cpp
@@ -1550,9 +1550,6 @@
::abort();
}
-// unused on linux for now.
-void os::set_error_file(const char *logfile) {}
-
// This method is a copy of JDK's sysGetLastErrorString
// from src/solaris/hpi/src/system_md.c
@@ -2341,6 +2338,7 @@
// determine if this is a legacy image or modules image
// modules image doesn't have "jre" subdirectory
len = strlen(buf);
+ assert(len < buflen, "Ran out of buffer room");
jrelib_p = buf + len;
snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch);
if (0 != access(buf, F_OK)) {
@@ -2361,7 +2359,7 @@
}
}
- strcpy(saved_jvm_path, buf);
+ strncpy(saved_jvm_path, buf, MAXPATHLEN);
}
void os::print_jni_name_prefix_on(outputStream* st, int args_size) {
diff --git a/hotspot/src/os/solaris/vm/os_solaris.cpp b/hotspot/src/os/solaris/vm/os_solaris.cpp
index 8023a15..5fa85b6 100644
--- a/hotspot/src/os/solaris/vm/os_solaris.cpp
+++ b/hotspot/src/os/solaris/vm/os_solaris.cpp
@@ -1710,9 +1710,6 @@
::abort(); // dump core (for debugging)
}
-// unused
-void os::set_error_file(const char *logfile) {}
-
// DLL functions
const char* os::dll_file_extension() { return ".so"; }
@@ -2356,6 +2353,7 @@
// determine if this is a legacy image or modules image
// modules image doesn't have "jre" subdirectory
len = strlen(buf);
+ assert(len < buflen, "Ran out of buffer space");
jrelib_p = buf + len;
snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch);
if (0 != access(buf, F_OK)) {
@@ -2374,7 +2372,7 @@
}
}
- strcpy(saved_jvm_path, buf);
+ strncpy(saved_jvm_path, buf, MAXPATHLEN);
}
diff --git a/hotspot/src/os/windows/vm/os_windows.cpp b/hotspot/src/os/windows/vm/os_windows.cpp
index 360643c..2c0126c 100644
--- a/hotspot/src/os/windows/vm/os_windows.cpp
+++ b/hotspot/src/os/windows/vm/os_windows.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1819,7 +1819,8 @@
// libjvm.so is installed there (append a fake suffix
// hotspot/libjvm.so).
char* java_home_var = ::getenv("JAVA_HOME");
- if (java_home_var != NULL && java_home_var[0] != 0) {
+ if (java_home_var != NULL && java_home_var[0] != 0 &&
+ strlen(java_home_var) < (size_t)buflen) {
strncpy(buf, java_home_var, buflen);
@@ -1837,9 +1838,9 @@
}
if(buf[0] == '\0') {
- GetModuleFileName(vm_lib_handle, buf, buflen);
+ GetModuleFileName(vm_lib_handle, buf, buflen);
}
- strcpy(saved_jvm_path, buf);
+ strncpy(saved_jvm_path, buf, MAX_PATH);
}
@@ -2290,20 +2291,9 @@
}
*/
-#endif //_WIN64
+#endif // _WIN64
-// Fatal error reporting is single threaded so we can make this a
-// static and preallocated. If it's more than MAX_PATH silently ignore
-// it.
-static char saved_error_file[MAX_PATH] = {0};
-
-void os::set_error_file(const char *logfile) {
- if (strlen(logfile) <= MAX_PATH) {
- strncpy(saved_error_file, logfile, MAX_PATH);
- }
-}
-
static inline void report_error(Thread* t, DWORD exception_code,
address addr, void* siginfo, void* context) {
VMError err(t, exception_code, addr, siginfo, context);
diff --git a/hotspot/src/share/vm/classfile/classFileParser.cpp b/hotspot/src/share/vm/classfile/classFileParser.cpp
index 87eca8e..5a5554e 100644
--- a/hotspot/src/share/vm/classfile/classFileParser.cpp
+++ b/hotspot/src/share/vm/classfile/classFileParser.cpp
@@ -931,7 +931,7 @@
"Wrong size %u for field's Signature attribute in class file %s",
attribute_length, CHECK);
}
- generic_signature_index = cfs->get_u2(CHECK);
+ generic_signature_index = parse_generic_signature_attribute(CHECK);
} else if (attribute_name == vmSymbols::tag_runtime_visible_annotations()) {
runtime_visible_annotations_length = attribute_length;
runtime_visible_annotations = cfs->get_u1_buffer();
@@ -2305,8 +2305,7 @@
"Invalid Signature attribute length %u in class file %s",
method_attribute_length, CHECK_(nullHandle));
}
- cfs->guarantee_more(2, CHECK_(nullHandle)); // generic_signature_index
- generic_signature_index = cfs->get_u2_fast();
+ generic_signature_index = parse_generic_signature_attribute(CHECK_(nullHandle));
} else if (method_attribute_name == vmSymbols::tag_runtime_visible_annotations()) {
runtime_visible_annotations_length = method_attribute_length;
runtime_visible_annotations = cfs->get_u1_buffer();
@@ -2616,6 +2615,17 @@
return method_ordering;
}
+// Parse generic_signature attribute for methods and fields
+u2 ClassFileParser::parse_generic_signature_attribute(TRAPS) {
+ ClassFileStream* cfs = stream();
+ cfs->guarantee_more(2, CHECK_0); // generic_signature_index
+ u2 generic_signature_index = cfs->get_u2_fast();
+ check_property(
+ valid_symbol_at(generic_signature_index),
+ "Invalid Signature attribute at constant pool index %u in class file %s",
+ generic_signature_index, CHECK_0);
+ return generic_signature_index;
+}
void ClassFileParser::parse_classfile_sourcefile_attribute(TRAPS) {
ClassFileStream* cfs = stream();
@@ -2770,7 +2780,8 @@
ClassFileStream* cfs = stream();
u1* current_start = cfs->current();
- cfs->guarantee_more(2, CHECK); // length
+ cfs->guarantee_more(attribute_byte_length, CHECK);
+
int attribute_array_length = cfs->get_u2_fast();
guarantee_property(_max_bootstrap_specifier_index < attribute_array_length,
@@ -2815,6 +2826,11 @@
"bootstrap_method_index %u has bad constant type in class file %s",
bootstrap_method_index,
CHECK);
+
+ guarantee_property((operand_fill_index + 1 + argument_count) < operands->length(),
+ "Invalid BootstrapMethods num_bootstrap_methods or num_bootstrap_arguments value in class file %s",
+ CHECK);
+
operands->at_put(operand_fill_index++, bootstrap_method_index);
operands->at_put(operand_fill_index++, argument_count);
@@ -2832,7 +2848,6 @@
}
assert(operand_fill_index == operands->length(), "exact fill");
- assert(ConstantPool::operand_array_length(operands) == attribute_array_length, "correct decode");
u1* current_end = cfs->current();
guarantee_property(current_end == current_start + attribute_byte_length,
diff --git a/hotspot/src/share/vm/classfile/classFileParser.hpp b/hotspot/src/share/vm/classfile/classFileParser.hpp
index 8421bb5..84037b4 100644
--- a/hotspot/src/share/vm/classfile/classFileParser.hpp
+++ b/hotspot/src/share/vm/classfile/classFileParser.hpp
@@ -266,6 +266,7 @@
u1* parse_stackmap_table(u4 code_attribute_length, TRAPS);
// Classfile attribute parsing
+ u2 parse_generic_signature_attribute(TRAPS);
void parse_classfile_sourcefile_attribute(TRAPS);
void parse_classfile_source_debug_extension_attribute(int length, TRAPS);
u2 parse_classfile_inner_classes_attribute(u1* inner_classes_attribute_start,
diff --git a/hotspot/src/share/vm/classfile/stackMapFrame.cpp b/hotspot/src/share/vm/classfile/stackMapFrame.cpp
index c3f6946..a06ef2c 100644
--- a/hotspot/src/share/vm/classfile/stackMapFrame.cpp
+++ b/hotspot/src/share/vm/classfile/stackMapFrame.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -163,7 +163,7 @@
VerificationType* from, VerificationType* to, int32_t len, TRAPS) const {
int32_t i = 0;
for (i = 0; i < len; i++) {
- if (!to[i].is_assignable_from(from[i], verifier(), THREAD)) {
+ if (!to[i].is_assignable_from(from[i], verifier(), false, THREAD)) {
break;
}
}
@@ -260,7 +260,7 @@
}
VerificationType top = _stack[--_stack_size];
bool subtype = type.is_assignable_from(
- top, verifier(), CHECK_(VerificationType::bogus_type()));
+ top, verifier(), false, CHECK_(VerificationType::bogus_type()));
if (!subtype) {
verifier()->verify_error(
ErrorContext::bad_type(_offset, stack_top_ctx(),
@@ -280,7 +280,7 @@
return VerificationType::bogus_type();
}
bool subtype = type.is_assignable_from(_locals[index],
- verifier(), CHECK_(VerificationType::bogus_type()));
+ verifier(), false, CHECK_(VerificationType::bogus_type()));
if (!subtype) {
verifier()->verify_error(
ErrorContext::bad_type(_offset,
@@ -303,14 +303,14 @@
"get long/double overflows locals");
return;
}
- bool subtype = type1.is_assignable_from(_locals[index], verifier(), CHECK);
+ bool subtype = type1.is_assignable_from(_locals[index], verifier(), false, CHECK);
if (!subtype) {
verifier()->verify_error(
ErrorContext::bad_type(_offset,
TypeOrigin::local(index, this), TypeOrigin::implicit(type1)),
"Bad local variable type");
} else {
- subtype = type2.is_assignable_from(_locals[index + 1], verifier(), CHECK);
+ subtype = type2.is_assignable_from(_locals[index + 1], verifier(), false, CHECK);
if (!subtype) {
/* Unreachable? All local store routines convert a split long or double
* into a TOP during the store. So we should never end up seeing an
diff --git a/hotspot/src/share/vm/classfile/stackMapFrame.hpp b/hotspot/src/share/vm/classfile/stackMapFrame.hpp
index 237acce..52e1558 100644
--- a/hotspot/src/share/vm/classfile/stackMapFrame.hpp
+++ b/hotspot/src/share/vm/classfile/stackMapFrame.hpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -238,7 +238,7 @@
if (_stack_size != 0) {
VerificationType top = _stack[_stack_size - 1];
bool subtype = type.is_assignable_from(
- top, verifier(), CHECK_(VerificationType::bogus_type()));
+ top, verifier(), false, CHECK_(VerificationType::bogus_type()));
if (subtype) {
--_stack_size;
return top;
@@ -253,9 +253,9 @@
assert(type2.is_long() || type2.is_double(), "must be long/double_2");
if (_stack_size >= 2) {
VerificationType top1 = _stack[_stack_size - 1];
- bool subtype1 = type1.is_assignable_from(top1, verifier(), CHECK);
+ bool subtype1 = type1.is_assignable_from(top1, verifier(), false, CHECK);
VerificationType top2 = _stack[_stack_size - 2];
- bool subtype2 = type2.is_assignable_from(top2, verifier(), CHECK);
+ bool subtype2 = type2.is_assignable_from(top2, verifier(), false, CHECK);
if (subtype1 && subtype2) {
_stack_size -= 2;
return;
diff --git a/hotspot/src/share/vm/classfile/stackMapTable.cpp b/hotspot/src/share/vm/classfile/stackMapTable.cpp
index 3db348f..feb5ae2 100644
--- a/hotspot/src/share/vm/classfile/stackMapTable.cpp
+++ b/hotspot/src/share/vm/classfile/stackMapTable.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -134,6 +134,7 @@
}
// check if uninitialized objects exist on backward branches
check_new_object(frame, target, CHECK_VERIFY(frame->verifier()));
+ frame->verifier()->update_furthest_jump(target);
}
void StackMapTable::check_new_object(
diff --git a/hotspot/src/share/vm/classfile/verificationType.cpp b/hotspot/src/share/vm/classfile/verificationType.cpp
index 561618b..120d9a3 100644
--- a/hotspot/src/share/vm/classfile/verificationType.cpp
+++ b/hotspot/src/share/vm/classfile/verificationType.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,8 @@
}
bool VerificationType::is_reference_assignable_from(
- const VerificationType& from, ClassVerifier* context, TRAPS) const {
+ const VerificationType& from, ClassVerifier* context,
+ bool from_field_is_protected, TRAPS) const {
instanceKlassHandle klass = context->current_class();
if (from.is_null()) {
// null is assignable to any reference
@@ -62,9 +63,11 @@
Handle(THREAD, klass->protection_domain()), true, CHECK_false);
KlassHandle this_class(THREAD, obj);
- if (this_class->is_interface()) {
- // We treat interfaces as java.lang.Object, including
- // java.lang.Cloneable and java.io.Serializable
+ if (this_class->is_interface() && (!from_field_is_protected ||
+ from.name() != vmSymbols::java_lang_Object())) {
+ // If we are not trying to access a protected field or method in
+ // java.lang.Object then we treat interfaces as java.lang.Object,
+ // including java.lang.Cloneable and java.io.Serializable.
return true;
} else if (from.is_object()) {
Klass* from_class = SystemDictionary::resolve_or_fail(
@@ -76,7 +79,8 @@
VerificationType comp_this = get_component(context, CHECK_false);
VerificationType comp_from = from.get_component(context, CHECK_false);
if (!comp_this.is_bogus() && !comp_from.is_bogus()) {
- return comp_this.is_assignable_from(comp_from, context, CHECK_false);
+ return comp_this.is_assignable_from(comp_from, context,
+ from_field_is_protected, CHECK_false);
}
}
return false;
diff --git a/hotspot/src/share/vm/classfile/verificationType.hpp b/hotspot/src/share/vm/classfile/verificationType.hpp
index 1626647..43bd79e 100644
--- a/hotspot/src/share/vm/classfile/verificationType.hpp
+++ b/hotspot/src/share/vm/classfile/verificationType.hpp
@@ -265,7 +265,8 @@
// is assignable to another. Returns true if one can assign 'from' to
// this.
bool is_assignable_from(
- const VerificationType& from, ClassVerifier* context, TRAPS) const {
+ const VerificationType& from, ClassVerifier* context,
+ bool from_field_is_protected, TRAPS) const {
if (equals(from) || is_bogus()) {
return true;
} else {
@@ -286,7 +287,9 @@
return from.is_integer();
default:
if (is_reference() && from.is_reference()) {
- return is_reference_assignable_from(from, context, CHECK_false);
+ return is_reference_assignable_from(from, context,
+ from_field_is_protected,
+ CHECK_false);
} else {
return false;
}
@@ -308,7 +311,8 @@
private:
bool is_reference_assignable_from(
- const VerificationType&, ClassVerifier*, TRAPS) const;
+ const VerificationType&, ClassVerifier*, bool from_field_is_protected,
+ TRAPS) const;
};
#endif // SHARE_VM_CLASSFILE_VERIFICATIONTYPE_HPP
diff --git a/hotspot/src/share/vm/classfile/verifier.cpp b/hotspot/src/share/vm/classfile/verifier.cpp
index 6ddf936..5b77496 100644
--- a/hotspot/src/share/vm/classfile/verifier.cpp
+++ b/hotspot/src/share/vm/classfile/verifier.cpp
@@ -633,6 +633,9 @@
bool no_control_flow = false; // Set to true when there is no direct control
// flow from current instruction to the next
// instruction in sequence
+
+ set_furthest_jump(0);
+
Bytecodes::Code opcode;
while (!bcs.is_last_bytecode()) {
// Check for recursive re-verification before each bytecode.
@@ -1733,7 +1736,7 @@
VerificationType throwable =
VerificationType::reference_type(vmSymbols::java_lang_Throwable());
bool is_subclass = throwable.is_assignable_from(
- catch_type, this, CHECK_VERIFY(this));
+ catch_type, this, false, CHECK_VERIFY(this));
if (!is_subclass) {
// 4286534: should throw VerifyError according to recent spec change
verify_error(ErrorContext::bad_type(handler_pc,
@@ -2188,7 +2191,7 @@
stack_object_type = current_type();
}
is_assignable = target_class_type.is_assignable_from(
- stack_object_type, this, CHECK_VERIFY(this));
+ stack_object_type, this, false, CHECK_VERIFY(this));
if (!is_assignable) {
verify_error(ErrorContext::bad_type(bci,
current_frame->stack_top_ctx(),
@@ -2215,7 +2218,7 @@
// It's protected access, check if stack object is assignable to
// current class.
is_assignable = current_type().is_assignable_from(
- stack_object_type, this, CHECK_VERIFY(this));
+ stack_object_type, this, true, CHECK_VERIFY(this));
if (!is_assignable) {
verify_error(ErrorContext::bad_type(bci,
current_frame->stack_top_ctx(),
@@ -2248,6 +2251,29 @@
"Bad <init> method call");
return;
}
+
+ // Make sure that this call is not jumped over.
+ if (bci < furthest_jump()) {
+ verify_error(ErrorContext::bad_code(bci),
+ "Bad <init> method call from inside of a branch");
+ return;
+ }
+
+ // Make sure that this call is not done from within a TRY block because
+ // that can result in returning an incomplete object. Simply checking
+ // (bci >= start_pc) also ensures that this call is not done after a TRY
+ // block. That is also illegal because this call must be the first Java
+ // statement in the constructor.
+ ExceptionTable exhandlers(_method());
+ int exlength = exhandlers.length();
+ for(int i = 0; i < exlength; i++) {
+ if (bci >= exhandlers.start_pc(i)) {
+ verify_error(ErrorContext::bad_code(bci),
+ "Bad <init> method call from after the start of a try block");
+ return;
+ }
+ }
+
current_frame->initialize_object(type, current_type());
*this_uninit = true;
} else if (type.is_uninitialized()) {
@@ -2283,18 +2309,20 @@
ref_class_type.name(), CHECK_VERIFY(this));
Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
vmSymbols::object_initializer_name(),
- cp->signature_ref_at(bcs->get_index_u2()),
- Klass::normal);
- instanceKlassHandle mh(THREAD, m->method_holder());
- if (m->is_protected() && !mh->is_same_class_package(_klass())) {
- bool assignable = current_type().is_assignable_from(
- objectref_type, this, CHECK_VERIFY(this));
- if (!assignable) {
- verify_error(ErrorContext::bad_type(bci,
- TypeOrigin::cp(new_class_index, objectref_type),
- TypeOrigin::implicit(current_type())),
- "Bad access to protected <init> method");
- return;
+ cp->signature_ref_at(bcs->get_index_u2()), Klass::normal);
+ // Do nothing if method is not found. Let resolution detect the error.
+ if (m != NULL) {
+ instanceKlassHandle mh(THREAD, m->method_holder());
+ if (m->is_protected() && !mh->is_same_class_package(_klass())) {
+ bool assignable = current_type().is_assignable_from(
+ objectref_type, this, true, CHECK_VERIFY(this));
+ if (!assignable) {
+ verify_error(ErrorContext::bad_type(bci,
+ TypeOrigin::cp(new_class_index, objectref_type),
+ TypeOrigin::implicit(current_type())),
+ "Bad access to protected <init> method");
+ return;
+ }
}
}
}
@@ -2462,11 +2490,11 @@
bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
if (!current_class()->is_anonymous()) {
subtype = ref_class_type.is_assignable_from(
- current_type(), this, CHECK_VERIFY(this));
+ current_type(), this, false, CHECK_VERIFY(this));
} else {
VerificationType host_klass_type =
VerificationType::reference_type(current_class()->host_klass()->name());
- subtype = ref_class_type.is_assignable_from(host_klass_type, this, CHECK_VERIFY(this));
+ subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
// If invokespecial of IMR, need to recheck for same or
// direct interface relative to the host class
@@ -2510,7 +2538,7 @@
VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
VerificationType hosttype =
VerificationType::reference_type(current_class()->host_klass()->name());
- bool subtype = hosttype.is_assignable_from(top, this, CHECK_VERIFY(this));
+ bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
if (!subtype) {
verify_error( ErrorContext::bad_type(current_frame->offset(),
current_frame->stack_top_ctx(),
@@ -2535,7 +2563,7 @@
// It's protected access, check if stack object is
// assignable to current class.
bool is_assignable = current_type().is_assignable_from(
- stack_object_type, this, CHECK_VERIFY(this));
+ stack_object_type, this, true, CHECK_VERIFY(this));
if (!is_assignable) {
if (ref_class_type.name() == vmSymbols::java_lang_Object()
&& stack_object_type.is_array()
@@ -2718,7 +2746,7 @@
"Method expects a return value");
return;
}
- bool match = return_type.is_assignable_from(type, this, CHECK_VERIFY(this));
+ bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
if (!match) {
verify_error(ErrorContext::bad_type(bci,
current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
diff --git a/hotspot/src/share/vm/classfile/verifier.hpp b/hotspot/src/share/vm/classfile/verifier.hpp
index 557f567..6eecd4b 100644
--- a/hotspot/src/share/vm/classfile/verifier.hpp
+++ b/hotspot/src/share/vm/classfile/verifier.hpp
@@ -258,6 +258,9 @@
ErrorContext _error_context; // contains information about an error
+ // Used to detect illegal jumps over calls to super() nd this() in ctors.
+ int32_t _furthest_jump;
+
void verify_method(methodHandle method, TRAPS);
char* generate_code_data(methodHandle m, u4 code_length, TRAPS);
void verify_exception_handler_table(u4 code_length, char* code_data,
@@ -403,6 +406,20 @@
Symbol* create_temporary_symbol(const char *s, int length, TRAPS);
TypeOrigin ref_ctx(const char* str, TRAPS);
+
+ // Keep track of the furthest branch done in a method to make sure that
+ // there are no branches over calls to super() or this() from inside of
+ // a constructor.
+ int32_t furthest_jump() { return _furthest_jump; }
+
+ void set_furthest_jump(int32_t target) {
+ _furthest_jump = target;
+ }
+
+ void update_furthest_jump(int32_t target) {
+ if (target > _furthest_jump) _furthest_jump = target;
+ }
+
};
inline int ClassVerifier::change_sig_to_verificationType(
diff --git a/hotspot/src/share/vm/compiler/compileBroker.cpp b/hotspot/src/share/vm/compiler/compileBroker.cpp
index c5d1f8f..7b1a355 100644
--- a/hotspot/src/share/vm/compiler/compileBroker.cpp
+++ b/hotspot/src/share/vm/compiler/compileBroker.cpp
@@ -2089,6 +2089,7 @@
ResourceMark rm;
char* method_name = method->name()->as_C_string();
strncpy(_last_method_compiled, method_name, CompileBroker::name_buffer_length);
+ _last_method_compiled[CompileBroker::name_buffer_length - 1] = '\0'; // ensure null terminated
char current_method[CompilerCounters::cmname_buffer_length];
size_t maxLen = CompilerCounters::cmname_buffer_length;
diff --git a/hotspot/src/share/vm/interpreter/linkResolver.cpp b/hotspot/src/share/vm/interpreter/linkResolver.cpp
index ef7e428..ec8d933 100644
--- a/hotspot/src/share/vm/interpreter/linkResolver.cpp
+++ b/hotspot/src/share/vm/interpreter/linkResolver.cpp
@@ -246,6 +246,12 @@
// Ignore overpasses so statics can be found during resolution
Method* result_oop = klass->uncached_lookup_method(name, signature, Klass::skip_overpass);
+ if (klass->oop_is_array()) {
+ // Only consider klass and super klass for arrays
+ result = methodHandle(THREAD, result_oop);
+ return;
+ }
+
// JDK 8, JVMS 5.4.3.4: Interface method resolution should
// ignore static and non-public methods of java.lang.Object,
// like clone, finalize, registerNatives.
@@ -290,6 +296,11 @@
result = methodHandle(THREAD, super_klass->uncached_lookup_method(name, signature, Klass::normal));
}
+ if (klass->oop_is_array()) {
+ // Only consider klass and super klass for arrays
+ return;
+ }
+
if (result.is_null()) {
Array<Method*>* default_methods = InstanceKlass::cast(klass())->default_methods();
if (default_methods != NULL) {
@@ -546,7 +557,7 @@
// 2. lookup method in resolved klass and its super klasses
lookup_method_in_klasses(resolved_method, resolved_klass, method_name, method_signature, true, false, CHECK);
- if (resolved_method.is_null()) { // not found in the class hierarchy
+ if (resolved_method.is_null() && !resolved_klass->oop_is_array()) { // not found in the class hierarchy
// 3. lookup method in all the interfaces implemented by the resolved klass
lookup_method_in_interfaces(resolved_method, resolved_klass, method_name, method_signature, CHECK);
@@ -559,16 +570,16 @@
CLEAR_PENDING_EXCEPTION;
}
}
+ }
- if (resolved_method.is_null()) {
- // 4. method lookup failed
- ResourceMark rm(THREAD);
- THROW_MSG_CAUSE(vmSymbols::java_lang_NoSuchMethodError(),
- Method::name_and_sig_as_C_string(resolved_klass(),
- method_name,
- method_signature),
- nested_exception);
- }
+ if (resolved_method.is_null()) {
+ // 4. method lookup failed
+ ResourceMark rm(THREAD);
+ THROW_MSG_CAUSE(vmSymbols::java_lang_NoSuchMethodError(),
+ Method::name_and_sig_as_C_string(resolved_klass(),
+ method_name,
+ method_signature),
+ nested_exception);
}
// 5. access checks, access checking may be turned off when calling from within the VM.
@@ -634,17 +645,18 @@
// JDK8: also look for static methods
lookup_method_in_klasses(resolved_method, resolved_klass, method_name, method_signature, false, true, CHECK);
- if (resolved_method.is_null()) {
+ if (resolved_method.is_null() && !resolved_klass->oop_is_array()) {
// lookup method in all the super-interfaces
lookup_method_in_interfaces(resolved_method, resolved_klass, method_name, method_signature, CHECK);
- if (resolved_method.is_null()) {
- // no method found
- ResourceMark rm(THREAD);
- THROW_MSG(vmSymbols::java_lang_NoSuchMethodError(),
- Method::name_and_sig_as_C_string(resolved_klass(),
- method_name,
- method_signature));
- }
+ }
+
+ if (resolved_method.is_null()) {
+ // no method found
+ ResourceMark rm(THREAD);
+ THROW_MSG(vmSymbols::java_lang_NoSuchMethodError(),
+ Method::name_and_sig_as_C_string(resolved_klass(),
+ method_name,
+ method_signature));
}
if (check_access) {
@@ -776,7 +788,7 @@
}
// Resolve instance field
- KlassHandle sel_klass(THREAD, InstanceKlass::cast(resolved_klass())->find_field(field, sig, &fd));
+ KlassHandle sel_klass(THREAD, resolved_klass->find_field(field, sig, &fd));
// check if field exists; i.e., if a klass containing the field def has been selected
if (sel_klass.is_null()) {
ResourceMark rm(THREAD);
diff --git a/hotspot/src/share/vm/oops/arrayKlass.cpp b/hotspot/src/share/vm/oops/arrayKlass.cpp
index c55992f..58ce060 100644
--- a/hotspot/src/share/vm/oops/arrayKlass.cpp
+++ b/hotspot/src/share/vm/oops/arrayKlass.cpp
@@ -64,6 +64,13 @@
return NULL;
}
+// find field according to JVM spec 5.4.3.2, returns the klass in which the field is defined
+Klass* ArrayKlass::find_field(Symbol* name, Symbol* sig, fieldDescriptor* fd) const {
+ // There are no fields in an array klass but look to the super class (Object)
+ assert(super(), "super klass must be present");
+ return super()->find_field(name, sig, fd);
+}
+
Method* ArrayKlass::uncached_lookup_method(Symbol* name, Symbol* signature, MethodLookupMode mode) const {
// There are no methods in an array klass but the super class (Object) has some
assert(super(), "super klass must be present");
diff --git a/hotspot/src/share/vm/oops/arrayKlass.hpp b/hotspot/src/share/vm/oops/arrayKlass.hpp
index f42d96e..a5cea12 100644
--- a/hotspot/src/share/vm/oops/arrayKlass.hpp
+++ b/hotspot/src/share/vm/oops/arrayKlass.hpp
@@ -28,6 +28,7 @@
#include "memory/universe.hpp"
#include "oops/klass.hpp"
+class fieldDescriptor;
class klassVtable;
// ArrayKlass is the abstract baseclass for all array classes
@@ -85,6 +86,9 @@
virtual oop multi_allocate(int rank, jint* sizes, TRAPS);
objArrayOop allocate_arrayArray(int n, int length, TRAPS);
+ // find field according to JVM spec 5.4.3.2, returns the klass in which the field is defined
+ Klass* find_field(Symbol* name, Symbol* sig, fieldDescriptor* fd) const;
+
// Lookup operations
Method* uncached_lookup_method(Symbol* name, Symbol* signature, MethodLookupMode mode) const;
diff --git a/hotspot/src/share/vm/oops/klass.cpp b/hotspot/src/share/vm/oops/klass.cpp
index 27dc20c..98b3c96 100644
--- a/hotspot/src/share/vm/oops/klass.cpp
+++ b/hotspot/src/share/vm/oops/klass.cpp
@@ -128,6 +128,15 @@
return is_subclass_of(k);
}
+Klass* Klass::find_field(Symbol* name, Symbol* sig, fieldDescriptor* fd) const {
+#ifdef ASSERT
+ tty->print_cr("Error: find_field called on a klass oop."
+ " Likely error: reflection method does not correctly"
+ " wrap return value in a mirror object.");
+#endif
+ ShouldNotReachHere();
+ return NULL;
+}
Method* Klass::uncached_lookup_method(Symbol* name, Symbol* signature, MethodLookupMode mode) const {
#ifdef ASSERT
diff --git a/hotspot/src/share/vm/oops/klass.hpp b/hotspot/src/share/vm/oops/klass.hpp
index 0d9dbce..f66fa10 100644
--- a/hotspot/src/share/vm/oops/klass.hpp
+++ b/hotspot/src/share/vm/oops/klass.hpp
@@ -91,6 +91,7 @@
class klassVtable;
class ParCompactionManager;
class KlassSizeStats;
+class fieldDescriptor;
class Klass : public Metadata {
friend class VMStructs;
@@ -423,6 +424,7 @@
virtual void initialize(TRAPS);
// lookup operation for MethodLookupCache
friend class MethodLookupCache;
+ virtual Klass* find_field(Symbol* name, Symbol* signature, fieldDescriptor* fd) const;
virtual Method* uncached_lookup_method(Symbol* name, Symbol* signature, MethodLookupMode mode) const;
public:
Method* lookup_method(Symbol* name, Symbol* signature) const {
diff --git a/hotspot/src/share/vm/oops/klassVtable.cpp b/hotspot/src/share/vm/oops/klassVtable.cpp
index 6d122de..7f8fee0 100644
--- a/hotspot/src/share/vm/oops/klassVtable.cpp
+++ b/hotspot/src/share/vm/oops/klassVtable.cpp
@@ -251,6 +251,17 @@
// For bytecodes not produced by javac together it is possible that a method does not override
// the superclass's method, but might indirectly override a super-super class's vtable entry
// If none found, return a null superk, else return the superk of the method this does override
+// For public and protected methods: if they override a superclass, they will
+// also be overridden themselves appropriately.
+// Private methods do not override and are not overridden.
+// Package Private methods are trickier:
+// e.g. P1.A, pub m
+// P2.B extends A, package private m
+// P1.C extends B, public m
+// P1.C.m needs to override P1.A.m and can not override P2.B.m
+// Therefore: all package private methods need their own vtable entries for
+// them to be the root of an inheritance overriding decision
+// Package private methods may also override other vtable entries
InstanceKlass* klassVtable::find_transitive_override(InstanceKlass* initialsuper, methodHandle target_method,
int vtable_index, Handle target_loader, Symbol* target_classname, Thread * THREAD) {
InstanceKlass* superk = initialsuper;
@@ -398,8 +409,11 @@
target_classname, THREAD))
!= (InstanceKlass*)NULL))))
{
- // overriding, so no new entry
- allocate_new = false;
+ // Package private methods always need a new entry to root their own
+ // overriding. They may also override other methods.
+ if (!target_method()->is_package_private()) {
+ allocate_new = false;
+ }
if (checkconstraints) {
// Override vtable entry if passes loader constraint check
@@ -543,8 +557,9 @@
AccessFlags class_flags,
TRAPS) {
if (class_flags.is_interface()) {
- // Interfaces do not use vtables, so there is no point to assigning
- // a vtable index to any of their methods. If we refrain from doing this,
+ // Interfaces do not use vtables, except for java.lang.Object methods,
+ // so there is no point to assigning
+ // a vtable index to any of their local methods. If we refrain from doing this,
// we can use Method::_vtable_index to hold the itable index
return false;
}
@@ -582,6 +597,12 @@
return true;
}
+ // Package private methods always need a new entry to root their own
+ // overriding. This allows transitive overriding to work.
+ if (target_method()->is_package_private()) {
+ return true;
+ }
+
// search through the super class hierarchy to see if we need
// a new entry
ResourceMark rm;
diff --git a/hotspot/src/share/vm/prims/jvm.cpp b/hotspot/src/share/vm/prims/jvm.cpp
index 3beabbb..7427488 100644
--- a/hotspot/src/share/vm/prims/jvm.cpp
+++ b/hotspot/src/share/vm/prims/jvm.cpp
@@ -803,6 +803,7 @@
return (jclass) JNIHandles::make_local(env, k->java_mirror());
JVM_END
+// Not used; JVM_FindClassFromCaller replaces this.
JVM_ENTRY(jclass, JVM_FindClassFromClassLoader(JNIEnv* env, const char* name,
jboolean init, jobject loader,
jboolean throwError))
@@ -829,6 +830,42 @@
return result;
JVM_END
+// Find a class with this name in this loader, using the caller's protection domain.
+JVM_ENTRY(jclass, JVM_FindClassFromCaller(JNIEnv* env, const char* name,
+ jboolean init, jobject loader,
+ jclass caller))
+ JVMWrapper2("JVM_FindClassFromCaller %s throws ClassNotFoundException", name);
+ // Java libraries should ensure that name is never null...
+ if (name == NULL || (int)strlen(name) > Symbol::max_length()) {
+ // It's impossible to create this class; the name cannot fit
+ // into the constant pool.
+ THROW_MSG_0(vmSymbols::java_lang_ClassNotFoundException(), name);
+ }
+
+ TempNewSymbol h_name = SymbolTable::new_symbol(name, CHECK_NULL);
+
+ oop loader_oop = JNIHandles::resolve(loader);
+ oop from_class = JNIHandles::resolve(caller);
+ oop protection_domain = NULL;
+ // If loader is null, shouldn't call ClassLoader.checkPackageAccess; otherwise get
+ // NPE. Put it in another way, the bootstrap class loader has all permission and
+ // thus no checkPackageAccess equivalence in the VM class loader.
+ // The caller is also passed as NULL by the java code if there is no security
+ // manager to avoid the performance cost of getting the calling class.
+ if (from_class != NULL && loader_oop != NULL) {
+ protection_domain = java_lang_Class::as_Klass(from_class)->protection_domain();
+ }
+
+ Handle h_loader(THREAD, loader_oop);
+ Handle h_prot(THREAD, protection_domain);
+ jclass result = find_class_from_class_loader(env, h_name, init, h_loader,
+ h_prot, false, THREAD);
+
+ if (TraceClassResolution && result != NULL) {
+ trace_class_resolution(java_lang_Class::as_Klass(JNIHandles::resolve_non_null(result)));
+ }
+ return result;
+JVM_END
JVM_ENTRY(jclass, JVM_FindClassFromClass(JNIEnv *env, const char *name,
jboolean init, jclass from))
@@ -3984,10 +4021,15 @@
// Shared JNI/JVM entry points //////////////////////////////////////////////////////////////
-jclass find_class_from_class_loader(JNIEnv* env, Symbol* name, jboolean init, Handle loader, Handle protection_domain, jboolean throwError, TRAPS) {
+jclass find_class_from_class_loader(JNIEnv* env, Symbol* name, jboolean init,
+ Handle loader, Handle protection_domain,
+ jboolean throwError, TRAPS) {
// Security Note:
// The Java level wrapper will perform the necessary security check allowing
- // us to pass the NULL as the initiating class loader.
+ // us to pass the NULL as the initiating class loader. The VM is responsible for
+ // the checkPackageAccess relative to the initiating class loader via the
+ // protection_domain. The protection_domain is passed as NULL by the java code
+ // if there is no security manager in 3-arg Class.forName().
Klass* klass = SystemDictionary::resolve_or_fail(name, loader, protection_domain, throwError != 0, CHECK_NULL);
KlassHandle klass_handle(THREAD, klass);
diff --git a/hotspot/src/share/vm/prims/jvm.h b/hotspot/src/share/vm/prims/jvm.h
index eb8be0e..5da3e25 100644
--- a/hotspot/src/share/vm/prims/jvm.h
+++ b/hotspot/src/share/vm/prims/jvm.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -420,6 +420,19 @@
JVM_FindClassFromBootLoader(JNIEnv *env, const char *name);
/*
+ * Find a class from a given class loader. Throws ClassNotFoundException.
+ * name: name of class
+ * init: whether initialization is done
+ * loader: class loader to look up the class. This may not be the same as the caller's
+ * class loader.
+ * caller: initiating class. The initiating class may be null when a security
+ * manager is not installed.
+ */
+JNIEXPORT jclass JNICALL
+JVM_FindClassFromCaller(JNIEnv *env, const char *name, jboolean init,
+ jobject loader, jclass caller);
+
+/*
* Find a class from a given class.
*/
JNIEXPORT jclass JNICALL
diff --git a/hotspot/src/share/vm/runtime/arguments.cpp b/hotspot/src/share/vm/runtime/arguments.cpp
index e6cbc2e..f66d853 100644
--- a/hotspot/src/share/vm/runtime/arguments.cpp
+++ b/hotspot/src/share/vm/runtime/arguments.cpp
@@ -2387,6 +2387,10 @@
warning("The VM option CICompilerCountPerCPU overrides CICompilerCount.");
}
+#ifdef COMPILER1
+ status &= verify_interval(SafepointPollOffset, 0, os::vm_page_size() - BytesPerWord, "SafepointPollOffset");
+#endif
+
return status;
}
diff --git a/hotspot/src/share/vm/runtime/globals.hpp b/hotspot/src/share/vm/runtime/globals.hpp
index fdd6db5..5341c9c 100644
--- a/hotspot/src/share/vm/runtime/globals.hpp
+++ b/hotspot/src/share/vm/runtime/globals.hpp
@@ -1142,11 +1142,11 @@
"Prevent spurious or premature wakeups from object.wait " \
"(Solaris only)") \
\
- product(intx, NativeMonitorTimeout, -1, "(Unstable)") \
+ experimental(intx, NativeMonitorTimeout, -1, "(Unstable)") \
\
- product(intx, NativeMonitorFlags, 0, "(Unstable)") \
+ experimental(intx, NativeMonitorFlags, 0, "(Unstable)") \
\
- product(intx, NativeMonitorSpinLimit, 20, "(Unstable)") \
+ experimental(intx, NativeMonitorSpinLimit, 20, "(Unstable)") \
\
develop(bool, UsePthreads, false, \
"Use pthread-based instead of libthread-based synchronization " \
diff --git a/hotspot/src/share/vm/runtime/os.hpp b/hotspot/src/share/vm/runtime/os.hpp
index 154502e..a0b6434 100644
--- a/hotspot/src/share/vm/runtime/os.hpp
+++ b/hotspot/src/share/vm/runtime/os.hpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -480,9 +480,6 @@
// run cmd in a separate process and return its exit code; or -1 on failures
static int fork_and_exec(char *cmd);
- // Set file to send error reports.
- static void set_error_file(const char *logfile);
-
// os::exit() is merged with vm_exit()
// static void exit(int num);
diff --git a/hotspot/src/share/vm/runtime/reflection.cpp b/hotspot/src/share/vm/runtime/reflection.cpp
index a8d24fa..f0df88c 100644
--- a/hotspot/src/share/vm/runtime/reflection.cpp
+++ b/hotspot/src/share/vm/runtime/reflection.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -482,7 +482,7 @@
ik = InstanceKlass::cast(hc);
// There's no way to make a host class loop short of patching memory.
- // Therefore there cannot be a loop here unles there's another bug.
+ // Therefore there cannot be a loop here unless there's another bug.
// Still, let's check for it.
assert(--inf_loop_check > 0, "no host_klass loop");
}
@@ -551,7 +551,8 @@
if (access.is_protected()) {
if (!protected_restriction) {
// See if current_class (or outermost host class) is a subclass of field_class
- if (host_class->is_subclass_of(field_class)) {
+ // An interface may not access protected members of j.l.Object
+ if (!host_class->is_interface() && host_class->is_subclass_of(field_class)) {
if (access.is_static() || // static fields are ok, see 6622385
current_class == resolved_class ||
field_class == resolved_class ||
diff --git a/hotspot/src/share/vm/utilities/vmError.cpp b/hotspot/src/share/vm/utilities/vmError.cpp
index 6947564..df0d344 100644
--- a/hotspot/src/share/vm/utilities/vmError.cpp
+++ b/hotspot/src/share/vm/utilities/vmError.cpp
@@ -988,7 +988,6 @@
if (fd != -1) {
out.print_raw("# An error report file with more information is saved as:\n# ");
out.print_raw_cr(buffer);
- os::set_error_file(buffer);
log.set_fd(fd);
} else {
diff --git a/jaxp/.hgtags b/jaxp/.hgtags
index 3dba30a..7e1f79d 100644
--- a/jaxp/.hgtags
+++ b/jaxp/.hgtags
@@ -260,6 +260,9 @@
bd97ff5f82588c627869218df02a9c2dbb9402d0 jdk8u5-b02
195b74b3e57905b6d6c9ed9b32139c6781ba7d28 jdk8u5-b03
106fdcde4b8a6981be13dac34a3de99d6fece97c jdk8u5-b04
+8f859b1b0f0b18ee7e231d6887b18b5721c2404e jdk8u11-b00
+57c695af3fe838c36eaef647f2af543cd60533e4 jdk8u5-b05
+0000000000000000000000000000000000000000 jdk8u5-b05
8f859b1b0f0b18ee7e231d6887b18b5721c2404e jdk8u5-b05
e22bc548b58a695eede0304399777314ae473562 jdk8u5-b06
0f96584b02b399df706bec2052a7fe48bdc6058b jdk8u5-b07
@@ -269,6 +272,20 @@
c17a827bec287f4c7565c72c195667e52154772b jdk8u5-b11
0e5317cbe451d57f9ffcbb835de07fe553a8aa34 jdk8u5-b12
a303ebb338518a716c267b17986634e3574e7cfe jdk8u5-b13
+acd066c854b11ffed62d8f132205f222963f4f1e jdk8u5-b31
+3e1631f54539cc21770659dcf61440693ac5fa79 jdk8u11-b01
+6eaf565691a13328e82473d70dfd0feb8fb2f5e8 jdk8u11-b02
+36d713c3339ad945521d298eeb21c67ee856344e jdk8u11-b03
+a25020bdca11acad85454a35a9912fd1b4168d83 jdk8u11-b04
+65e5ee249ebc81c0ccfff23946a0a2a6d4becdcc jdk8u11-b05
+beafeb0b7a178a3906bcb7dcf46f3c9a9c9717c5 jdk8u11-b06
+1923c759e5ed7e9a92512797269d997cae1135b8 jdk8u11-b07
+61faafa45502e4e6db6ce9026d2a7f2121dcae3f jdk8u11-b08
+a01fd971ef667977a131f5fbaaee300e500424c3 jdk8u11-b09
+1d894a9d308c4b3a64e876097c2e0e1e577cfd73 jdk8u11-b10
+41edd71af41f1100b965e0fab88f97d3c130e3de jdk8u11-b11
+838183af6d700c91b914843992ffa0212bcb7ddc jdk8u11-b12
+40590bbe6fc244dbdec4b660963bcfc25bd2fec1 jdk8u11-b31
de9ec1246a0c5c0b32ce3818386019fd4a6fceaa jdk8u20-b02
47cdfe271b1e97e5906eb1b96cd7d15f0717a118 jdk8u20-b03
f6742d0cf71201f1ffd0584c1f2990df343bc5eb jdk8u20-b04
@@ -291,3 +308,10 @@
262363175ec8cd9f6f78b33d567f1161e2e7d494 jdk8u20-b18
beb64f6b1989bc49954a4aa26ada54a91eef69eb jdk8u20-b19
255d961955e4fdb83ce105ae990c26b87022363f jdk8u20-b20
+3a1bba8076da4e54882123e98e219eab1c31ccef jdk8u20-b21
+65e5ee249ebc81c0ccfff23946a0a2a6d4becdcc jdk8u25-b00
+b29277565edfdece4e3928b135d4fd86ae141e4f jdk8u25-b01
+09df5bda467090041090873f71d418eebcadf516 jdk8u25-b02
+f3567e6bed22eaf89c3c7d64e0b1fa308707260f jdk8u25-b03
+a4d0f11cf08d5dae91c5e9ad387b1ff88388503d jdk8u25-b04
+0c4917cea678dc2a3745baca74016f0d6f169012 jdk8u25-b05
diff --git a/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java b/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
index 095a6e7..70f31a1 100644
--- a/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
@@ -91,6 +91,13 @@
*/
public static final String JDK_XML_NAME_LIMIT =
ORACLE_JAXP_PROPERTY_PREFIX + "maxXMLNameLimit";
+
+ /**
+ * JDK maxElementDepth limit
+ */
+ public static final String JDK_MAX_ELEMENT_DEPTH =
+ ORACLE_JAXP_PROPERTY_PREFIX + "maxElementDepth";
+
/**
* JDK property indicating whether the parser shall print out entity
* count information
@@ -139,6 +146,11 @@
*/
public static final String SP_XML_NAME_LIMIT = "jdk.xml.maxXMLNameLimit";
+ /**
+ * JDK maxElementDepth limit
+ */
+ public static final String SP_MAX_ELEMENT_DEPTH = "jdk.xml.maxElementDepth";
+
//legacy System Properties
public final static String ENTITY_EXPANSION_LIMIT = "entityExpansionLimit";
public static final String ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ;
diff --git a/jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java b/jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java
index ad700329..0883841 100644
--- a/jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java
@@ -76,7 +76,9 @@
GENERAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT,
XalanConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
- XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000);
+ XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
+ MAX_ELEMENT_DEPTH_LIMIT(XalanConstants.JDK_MAX_ELEMENT_DEPTH,
+ XalanConstants.SP_MAX_ELEMENT_DEPTH, 0, 0);
final String apiProperty;
final String systemProperty;
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java b/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java
index 4eab0fa..1f67a9f 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java
@@ -252,6 +252,13 @@
*/
public static final String JDK_XML_NAME_LIMIT =
ORACLE_JAXP_PROPERTY_PREFIX + "maxXMLNameLimit";
+
+ /**
+ * JDK maxElementDepth limit
+ */
+ public static final String JDK_MAX_ELEMENT_DEPTH =
+ ORACLE_JAXP_PROPERTY_PREFIX + "maxElementDepth";
+
/**
* JDK property to allow printing out information from the limit analyzer
*/
@@ -297,6 +304,11 @@
*/
public static final String SP_XML_NAME_LIMIT = "jdk.xml.maxXMLNameLimit";
+ /**
+ * JDK maxElementDepth limit
+ */
+ public static final String SP_MAX_ELEMENT_DEPTH = "jdk.xml.maxElementDepth";
+
//legacy System Properties
public final static String ENTITY_EXPANSION_LIMIT = "entityExpansionLimit";
public static final String ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ;
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
index c3e1910..d7080ca 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
@@ -612,9 +612,9 @@
//fElementStack2.clear();
//fReplaceEntityReferences = true;
//fSupportExternalEntities = true;
- Boolean bo = (Boolean)propertyManager.getProperty(XMLInputFactoryImpl.IS_REPLACING_ENTITY_REFERENCES);
+ Boolean bo = (Boolean)propertyManager.getProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES);
fReplaceEntityReferences = bo.booleanValue();
- bo = (Boolean)propertyManager.getProperty(XMLInputFactoryImpl.IS_SUPPORTING_EXTERNAL_ENTITIES);
+ bo = (Boolean)propertyManager.getProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES);
fSupportExternalEntities = bo.booleanValue();
Boolean cdata = (Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.STAX_REPORT_CDATA_EVENT) ;
if(cdata != null)
@@ -1309,6 +1309,7 @@
fAttributes.removeAllAttributes();
+ checkDepth(rawname);
if(!seekCloseOfStartTag()){
fReadingAttributes = true;
fAttributeCacheUsedCount =0;
@@ -1913,6 +1914,21 @@
// utility methods
/**
+ * Check if the depth exceeds the maxElementDepth limit
+ * @param elementName name of the current element
+ */
+ void checkDepth(String elementName) {
+ fLimitAnalyzer.addValue(Limit.MAX_ELEMENT_DEPTH_LIMIT, elementName, fElementStack.fDepth);
+ if (fSecurityManager.isOverLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT,fLimitAnalyzer)) {
+ fSecurityManager.debugPrint(fLimitAnalyzer);
+ reportFatalError("MaxElementDepthLimit", new Object[]{elementName,
+ fLimitAnalyzer.getTotalValue(Limit.MAX_ELEMENT_DEPTH_LIMIT),
+ fSecurityManager.getLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT),
+ "maxElementDepth"});
+ }
+ }
+
+ /**
* Calls document handler with a single character resulting from
* built-in entity resolution.
*
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
index 09a8260..d0f036f 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
@@ -53,6 +53,7 @@
import java.util.Map;
import java.util.Stack;
import javax.xml.XMLConstants;
+import javax.xml.stream.XMLInputFactory;
/**
@@ -305,6 +306,11 @@
/** Property Manager. This is used from Stax */
protected PropertyManager fPropertyManager ;
+ /** StAX properties */
+ boolean fSupportDTD = true;
+ boolean fReplaceEntityReferences = true;
+ boolean fSupportExternalEntities = true;
+
/** used to restrict external access */
protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
@@ -1136,7 +1142,8 @@
boolean parameter = entityName.startsWith("%");
boolean general = !parameter;
if (unparsed || (general && !fExternalGeneralEntities) ||
- (parameter && !fExternalParameterEntities)) {
+ (parameter && !fExternalParameterEntities) ||
+ !fSupportDTD || !fSupportExternalEntities) {
if (fEntityHandler != null) {
fResourceIdentifier.clear();
@@ -1431,6 +1438,10 @@
fStaxEntityResolver = null;
}
+ fSupportDTD = ((Boolean)propertyManager.getProperty(XMLInputFactory.SUPPORT_DTD)).booleanValue();
+ fReplaceEntityReferences = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES)).booleanValue();
+ fSupportExternalEntities = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES)).booleanValue();
+
// Zephyr feature ignore-external-dtd is the opposite of Xerces' load-external-dtd
fLoadExternalDTD = !((Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD)).booleanValue();
@@ -1502,6 +1513,11 @@
fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER, null);
entityExpansionIndex = fSecurityManager.getIndex(Constants.JDK_ENTITY_EXPANSION_LIMIT);
+ //StAX Property
+ fSupportDTD = true;
+ fReplaceEntityReferences = true;
+ fSupportExternalEntities = true;
+
// JAXP 1.5 feature
XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null);
if (spm == null) {
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java
index 66b8179..a97da68 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java
@@ -220,6 +220,7 @@
fCurrentElement = fElementQName;
String rawname = fElementQName.rawname;
+ checkDepth(rawname);
if (fBindNamespaces) {
fNamespaceContext.pushContext();
if (fScannerState == SCANNER_STATE_ROOT_ELEMENT) {
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties
index 200b904..24087e2 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\".
TotalEntitySizeLimit=JAXP00010004: The accumulated size \"{0}\" of entities exceeded the \"{1}\" limit set by \"{2}\".
MaxXMLNameLimit=JAXP00010005: The name \"{0}\" exceeded the \"{1}\" limit set by \"{2}\".
+ MaxElementDepthLimit=JAXP00010006: The element \"{0}\" has a depth of \"{1}\" that exceeds the limit \"{2}\" set by \"{3}\".
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_de.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_de.properties
index c82bc5b..905a5bf 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_de.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_de.properties
@@ -251,7 +251,7 @@
NMTOKENInvalid = Attributwert "{0}" mit dem Typ NMTOKEN muss ein Namenstoken sein.
NMTOKENSInvalid = Attributwert "{0}" mit dem Typ NMTOKENS muss mindestens ein Namenstoken sein.
NoNotationOnEmptyElement = Elementtyp "{0}", der als EMPTY deklariert wurde, kann nicht das Attribut "{1}" mit dem Typ NOTATION deklarieren.
- RootElementTypeMustMatchDoctypedecl = Dokument-Root-Element "{1}"muss mit DOCTYPE-Root "{0}" \u00FCbereinstimmen.
+ RootElementTypeMustMatchDoctypedecl = Document Root-Element "{1}"muss mit DOCTYPE-Root "{0}" \u00FCbereinstimmen.
UndeclaredElementInContentSpec = Contentmodell des Elements "{0}" verweist auf das nicht deklarierte Element "{1}".
UniqueNotationName = Deklaration f\u00FCr die Notation "{0}" ist nicht eindeutig. Ein jeweiliger Name darf nicht in mehreren Notationsdeklarationen deklariert werden.
ENTITYFailedInitializeGrammar = ENTITYDatatype-Validator: Nicht erfolgreich. Initialisierungsmethode muss mit einer g\u00FCltigen Grammatikreferenz aufgerufen werden. \t
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: Die L\u00E4nge von Entit\u00E4t "{0}" ist "{1}" und \u00FCberschreitet den Grenzwert "{2}", der von "{3}" festgelegt wurde.
TotalEntitySizeLimit=JAXP00010004: Die akkumulierte Gr\u00F6\u00DFe "{0}" der Entit\u00E4ten \u00FCberschreitet den Grenzwert "{1}", der von "{2}" festgelegt wurde.
MaxXMLNameLimit=JAXP00010005: Der Name "{0}" \u00FCberschreitet den Grenzwert "{1}", der von "{2}" festgelegt wurde.
+ MaxElementDepthLimit=JAXP00010006: Die Tiefe von Element "{0}" ist "{1}" und \u00FCberschreitet den Grenzwert "{2}", der von "{3}" festgelegt wurde.
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_es.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_es.properties
index 1243b21..30cb90a 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_es.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_es.properties
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: la longitud de la entidad "{0}" es "{1}", que excede el l\u00EDmite de "{2}" que ha definido "{3}".
TotalEntitySizeLimit=JAXP00010004: el tama\u00F1o acumulado "{0}" de las entidades ha excedido el l\u00EDmite de "{1}" que ha definido "{2}".
MaxXMLNameLimit=JAXP00010005: el nombre "{0}" ha excedido el l\u00EDmite de "{1}" que ha definido "{2}".
+ MaxElementDepthLimit=JAXP00010006: El elemento "{0}" tiene una profundidad de "{1}" que excede el l\u00EDmite "{2}" definido por "{3}".
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_fr.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_fr.properties
index 5a2b76c..6beb135 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_fr.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_fr.properties
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003 : La longueur de l''entit\u00E9 "{0}" est de "{1}". Cette valeur d\u00E9passe la limite de "{2}" d\u00E9finie par "{3}".
TotalEntitySizeLimit=JAXP00010004 : La taille cumul\u00E9e des entit\u00E9s ("{0}") d\u00E9passe la limite de "{1}" d\u00E9finie par "{2}".
MaxXMLNameLimit=JAXP00010005 : le nom "{0}" d\u00E9passe la limite de "{1}" d\u00E9finie par "{2}".
+ MaxElementDepthLimit=JAXP00010006 : l''\u00E9l\u00E9ment "{0}" a une profondeur de "{1}" qui d\u00E9passe la limite de "{2}" d\u00E9finie par "{3}".
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_it.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_it.properties
index 1f8ec89..6dce952 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_it.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_it.properties
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: la lunghezza dell''entit\u00E0 "{0}" \u00E8 "{1}". Tale valore supera il limite "{2}" definito da "{3}".
TotalEntitySizeLimit=JAXP00010004: le dimensioni accumulate "{0}" delle entit\u00E0 supera il limite "{1}" definito da "{2}".
MaxXMLNameLimit=JAXP00010005: il nome "{0}" supera il limite "{1}" definito da "{2}".
+ MaxElementDepthLimit=JAXP00010006: la profondit\u00E0 dell''elemento "{0}" \u00E8 "{1}". Tale valore supera il limite "{2}" definito da "{3}".
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ja.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ja.properties
index 6330e9f..3256875 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ja.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ja.properties
@@ -122,7 +122,7 @@
ExpectedByte = {1}\u30D0\u30A4\u30C8\u306EUTF-8\u30B7\u30FC\u30B1\u30F3\u30B9\u306E\u30D0\u30A4\u30C8{0}\u304C\u5FC5\u8981\u3067\u3059\u3002
InvalidHighSurrogate = UTF-8\u30B7\u30FC\u30B1\u30F3\u30B9\u306E\u4E0A\u4F4D\u30B5\u30ED\u30B2\u30FC\u30C8\u30FB\u30D3\u30C3\u30C8\u306E\u4E0A\u9650\u306F0x10\u3067\u3059\u304C\u30010x{0}\u304C\u691C\u51FA\u3055\u308C\u307E\u3057\u305F\u3002
OperationNotSupported = \u64CD\u4F5C"{0}"\u306F{1}\u30EA\u30FC\u30C0\u30FC\u3067\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002
- InvalidASCII = \u30D0\u30A4\u30C8"{0}"\u306F\u3001(7\u30D3\u30C3\u30C8) ASCII\u30AD\u30E3\u30E9\u30AF\u30BF\u30FB\u30BB\u30C3\u30C8\u306E\u30E1\u30F3\u30D0\u30FC\u3067\u306F\u3042\u308A\u307E\u305B\u3093\u3002
+ InvalidASCII = \u30D0\u30A4\u30C8"{0}"\u306F\u3001(7\u30D3\u30C3\u30C8) ASCII\u6587\u5B57\u30BB\u30C3\u30C8\u306E\u30E1\u30F3\u30D0\u30FC\u3067\u306F\u3042\u308A\u307E\u305B\u3093\u3002
CharConversionFailure = \u7279\u5B9A\u306E\u30A8\u30F3\u30B3\u30FC\u30C7\u30A3\u30F3\u30B0\u3067\u3042\u308B\u3068\u78BA\u5B9A\u3055\u308C\u305F\u30A8\u30F3\u30C6\u30A3\u30C6\u30A3\u306B\u306F\u3001\u305D\u306E\u30A8\u30F3\u30B3\u30FC\u30C7\u30A3\u30F3\u30B0\u3067\u4E0D\u6B63\u306A\u30B7\u30FC\u30B1\u30F3\u30B9\u3092\u542B\u3081\u308B\u3053\u3068\u306F\u3067\u304D\u307E\u305B\u3093\u3002
# DTD Messages
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: \u30A8\u30F3\u30C6\u30A3\u30C6\u30A3"{0}"\u306E\u9577\u3055\u306F"{1}"\u3067\u3001"{3}"\u3067\u8A2D\u5B9A\u3055\u308C\u305F\u5236\u9650"{2}"\u3092\u8D85\u3048\u3066\u3044\u307E\u3059\u3002
TotalEntitySizeLimit=JAXP00010004: \u30A8\u30F3\u30C6\u30A3\u30C6\u30A3\u306E\u7D2F\u7A4D\u30B5\u30A4\u30BA"{0}"\u306F\u3001"{2}"\u3067\u8A2D\u5B9A\u3055\u308C\u305F\u5236\u9650"{1}"\u3092\u8D85\u3048\u307E\u3057\u305F\u3002
MaxXMLNameLimit=JAXP00010005: \u540D\u524D"{0}"\u306F\u3001"{2}"\u3067\u8A2D\u5B9A\u3055\u308C\u305F\u5236\u9650"{1}"\u3092\u8D85\u3048\u3066\u3044\u307E\u3059\u3002
+ MaxElementDepthLimit=JAXP00010006: \u8981\u7D20"{0}"\u306E\u6DF1\u3055\u306F"{1}"\u3067\u3001"{3}"\u3067\u8A2D\u5B9A\u3055\u308C\u305F\u5236\u9650"{2}"\u3092\u8D85\u3048\u3066\u3044\u307E\u3059\u3002
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ko.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ko.properties
index fc7533a..961d4a1 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ko.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ko.properties
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: "{0}" \uC5D4\uD2F0\uD2F0\uC758 \uAE38\uC774\uAC00 "{3}"\uC5D0\uC11C \uC124\uC815\uB41C "{2}" \uC81C\uD55C\uC744 \uCD08\uACFC\uD558\uB294 "{1}"\uC785\uB2C8\uB2E4.
TotalEntitySizeLimit=JAXP00010004: \uC5D4\uD2F0\uD2F0\uC758 \uB204\uC801 \uD06C\uAE30 "{0}"\uC774(\uAC00) "{2}"\uC5D0\uC11C \uC124\uC815\uB41C "{1}" \uC81C\uD55C\uC744 \uCD08\uACFC\uD588\uC2B5\uB2C8\uB2E4.
MaxXMLNameLimit=JAXP00010005: "{0}" \uC774\uB984\uC774 "{2}"\uC5D0\uC11C \uC124\uC815\uB41C "{1}" \uC81C\uD55C\uC744 \uCD08\uACFC\uD588\uC2B5\uB2C8\uB2E4.
+ MaxElementDepthLimit=JAXP00010006: "{0}" \uC694\uC18C\uC758 \uAE4A\uC774\uAC00 "{3}"\uC5D0\uC11C \uC124\uC815\uB41C "{2}" \uC81C\uD55C\uC744 \uCD08\uACFC\uD558\uB294 "{1}"\uC785\uB2C8\uB2E4.
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_pt_BR.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_pt_BR.properties
index 8481a1e..8715895 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_pt_BR.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_pt_BR.properties
@@ -129,7 +129,7 @@
# 2.2 Characters
InvalidCharInEntityValue = Um caractere XML inv\u00E1lido (Unicode: 0x {0}) foi encontrado no valor da entidade da literal.
InvalidCharInExternalSubset = Um caractere XML inv\u00E1lido (Unicode: 0x {0}) foi encontrado no subconjunto externo do DTD.
- InvalidCharInIgnoreSect = Um caractere XML inv\u00E1lido (Unicode: 0x{0}) foi encontrado na se\u00E7\u00E3o condicional deletada.
+ InvalidCharInIgnoreSect = Um caractere XML inv\u00E1lido (Unicode: 0x{0}) foi encontrado na se\u00E7\u00E3o condicional exclu\u00EDda.
InvalidCharInPublicID = Um caractere XML inv\u00E1lido (Unicode: 0x{0}) foi encontrado no identificador p\u00FAblico.
InvalidCharInSystemID = Um caractere XML inv\u00E1lido (Unicode: 0x{0}) foi encontrado no identificador do sistema.
# 2.3 Common Syntactic Constructs
@@ -148,7 +148,7 @@
PEReferenceWithinMarkup = A refer\u00EAncia da entidade do par\u00E2metro "%{0};" n\u00E3o pode ocorrer na marca\u00E7\u00E3o no subconjunto interno do DTD.
MSG_MARKUP_NOT_RECOGNIZED_IN_DTD = As declara\u00E7\u00F5es de marca\u00E7\u00E3o contidas ou apontadas pela declara\u00E7\u00E3o do tipo de documento devem estar corretas.
# 2.10 White Space Handling
- MSG_XML_SPACE_DECLARATION_ILLEGAL = Deve ser fornecida a declara\u00E7\u00E3o do atributo para "xml:space" como um tipo enumerado, cujo os \u00FAnicos valores poss\u00EDveis s\u00E3o "default" e "preserve".
+ MSG_XML_SPACE_DECLARATION_ILLEGAL = Deve ser fornecida a declara\u00E7\u00E3o do atributo para "xml:space" como um tipo enumerado, cujo os \u00FAnicos valores poss\u00EDveis s\u00E3o "padr\u00E3o" e "preserve".
# 3.2 Element Type Declarations
MSG_SPACE_REQUIRED_BEFORE_ELEMENT_TYPE_IN_ELEMENTDECL = O espa\u00E7o em branco \u00E9 necess\u00E1rio ap\u00F3s "<!ELEMENT" na declara\u00E7\u00E3o do tipo de elemento.
MSG_ELEMENT_TYPE_REQUIRED_IN_ELEMENTDECL = O tipo de elemento \u00E9 necess\u00E1rio na declara\u00E7\u00E3o do tipo de elemento.
@@ -169,7 +169,7 @@
AttNameRequiredInAttDef = O nome do atributo deve ser especificado na declara\u00E7\u00E3o da lista de atributos do elemento "{0}".
MSG_SPACE_REQUIRED_BEFORE_ATTTYPE_IN_ATTDEF = \u00C9 necess\u00E1rio o espa\u00E7o em branco antes do tipo de atributo na declara\u00E7\u00E3o do atributo "{1}" do elemento "{0}".
AttTypeRequiredInAttDef = \u00C9 necess\u00E1rio o tipo de atributo na declara\u00E7\u00E3o do atributo "{1}" do elemento "{0}".
- MSG_SPACE_REQUIRED_BEFORE_DEFAULTDECL_IN_ATTDEF = \u00C9 necess\u00E1rio o espa\u00E7o em branco antes do default do atributo na declara\u00E7\u00E3o do atributo "{1}" do elemento "{0}".
+ MSG_SPACE_REQUIRED_BEFORE_DEFAULTDECL_IN_ATTDEF = \u00C9 necess\u00E1rio o espa\u00E7o em branco antes do padr\u00E3o do atributo na declara\u00E7\u00E3o do atributo "{1}" do elemento "{0}".
MSG_DUPLICATE_ATTRIBUTE_DEFINITION = Mais de uma defini\u00E7\u00E3o de atributo fornecida para o mesmo atributo "{1}" de um determinado elemento "{0}".
# 3.3.1 Attribute Types
MSG_SPACE_REQUIRED_AFTER_NOTATION_IN_NOTATIONTYPE = O espa\u00E7o em branco deve aparecer ap\u00F3s "NOTATION" na declara\u00E7\u00E3o do atributo "{1}".
@@ -216,7 +216,7 @@
DuplicateTypeInMixedContent = O tipo de elemento "{1}" j\u00E1 foi especificado no modelo de conte\u00FAdo da declara\u00E7\u00E3o do elemento "{0}".
ENTITIESInvalid = O valor do atributo "{1}" do tipo ENTITIES deve ser o nome de uma ou mais entidades n\u00E3o submetidas a parsing.
ENTITYInvalid = O valor do atributo "{1}" do tipo ENTITY deve ser o nome de uma entidade n\u00E3o submetida a parsing.
- IDDefaultTypeInvalid = O atributo do ID "{0}" deve ter um default declarado "#IMPLIED" ou "#REQUIRED".
+ IDDefaultTypeInvalid = O atributo do ID "{0}" deve ter um padr\u00E3o declarado "#IMPLIED" ou "#REQUIRED".
IDInvalid = O valor do atributo "{0}" do ID de tipo deve ser um nome.
IDInvalidWithNamespaces = O valor do atributo "{0}" do ID de tipo deve ser um NCName quando os namespaces estiverem ativados.
IDNotUnique = O valor do atributo "{0}" do ID de tipo deve ser exclusivo no documento.
@@ -233,7 +233,7 @@
MSG_CONTENT_INCOMPLETE = O conte\u00FAdo do tipo de elemento "{0}" est\u00E1 incompleto; ele deve corresponder a "{1}".
MSG_CONTENT_INVALID = O conte\u00FAdo do tipo de elemento "{0}" deve corresponder a "{1}".
MSG_CONTENT_INVALID_SPECIFIED = O conte\u00FAdo do tipo de elemento "{0}" deve corresponder a "{1}". N\u00E3o s\u00E3o permitidos os filhos do tipo "{2}".
- MSG_DEFAULTED_ATTRIBUTE_NOT_SPECIFIED = O atributo "{1}" do tipo de elemento "{0}" tem um valor default e deve ser especificado em um documento stand-alone.
+ MSG_DEFAULTED_ATTRIBUTE_NOT_SPECIFIED = O atributo "{1}" do tipo de elemento "{0}" tem um valor padr\u00E3o e deve ser especificado em um documento stand-alone.
MSG_DUPLICATE_ATTDEF = O atributo "{1}" j\u00E1 foi declarado para o tipo de elemento "{0}".
MSG_ELEMENT_ALREADY_DECLARED = O tipo de elemento "{0}" n\u00E3o deve ser declarado mais de uma vez.
MSG_ELEMENT_NOT_DECLARED = O tipo de elemento "{0}" deve ser declarado.
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: o tamanho da entidade "{0}" \u00E9 "{1}", o que excede o limite de "{2}" definido por "{3}".
TotalEntitySizeLimit=JAXP00010004: o tamanho acumulado "{0}" de entidades excedeu o limite de "{1}" definido por "{2}".
MaxXMLNameLimit=JAXP00010005: o nome "{0}" excedeu o limite de "{1}" definido por "{2}".
+ MaxElementDepthLimit=JAXP00010006: o elemento "{0}" tem uma profundidade de "{1}" que excede o limite de "{2}" definido por "{3}".
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties
index bbc5db4..ccd9631 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties
@@ -7,7 +7,7 @@
FormatFailed = Ett internt fel intr\u00E4ffade vid formatering av f\u00F6ljande meddelande:\n
# Document messages
- PrematureEOF=F\u00F6r tidigt filslut (EOF).
+ PrematureEOF=Filen har avslutats f\u00F6r tidigt.
# 2.1 Well-Formed XML Documents
RootElementRequired = Rotelementet kr\u00E4vs i ett v\u00E4lformulerat dokument.
# 2.2 Characters
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: L\u00E4ngden p\u00E5 enheten "{0}" \u00E4r "{1}" som \u00F6verskriver gr\u00E4nsv\u00E4rdet p\u00E5 "{2}" som anges av "{3}".
TotalEntitySizeLimit=JAXP00010004: Den ackumulerade storleken "{0}" f\u00F6r enheter \u00F6verskred gr\u00E4nsv\u00E4rdet p\u00E5 "{1}" som anges av "{2}".
MaxXMLNameLimit=JAXP00010005: Namnet "{0}" \u00F6verskred gr\u00E4nsv\u00E4rdet p\u00E5 "{1}" som anges av "{2}".
+ MaxElementDepthLimit=JAXP00010006: Elementet "{0}" har djupet "{1}" vilket \u00E4r st\u00F6rre \u00E4n gr\u00E4nsen "{2}" som anges av "{3}".
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_CN.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_CN.properties
index bb02a0d..1003da9 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_CN.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_CN.properties
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: \u5B9E\u4F53 "{0}" \u7684\u957F\u5EA6\u4E3A "{1}", \u8D85\u8FC7\u4E86 "{3}" \u8BBE\u7F6E\u7684 "{2}" \u9650\u5236\u3002
TotalEntitySizeLimit=JAXP00010004: \u5B9E\u4F53\u7684\u7D2F\u8BA1\u5927\u5C0F "{0}" \u8D85\u8FC7\u4E86 "{2}" \u8BBE\u7F6E\u7684 "{1}" \u9650\u5236\u3002
MaxXMLNameLimit=JAXP00010005: \u540D\u79F0 "{0}" \u8D85\u8FC7\u4E86 "{2}" \u8BBE\u7F6E\u7684 "{1}" \u9650\u5236\u3002
+ MaxElementDepthLimit=JAXP00010006: \u5143\u7D20 "{0}" \u7684\u6DF1\u5EA6 "{1}" \u8D85\u8FC7\u4E86 "{3}" \u8BBE\u7F6E\u7684\u9650\u5236 "{2}"\u3002
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_TW.properties b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_TW.properties
index 2f2e1a3..f76a479 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_TW.properties
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_TW.properties
@@ -299,4 +299,5 @@
MaxEntitySizeLimit=JAXP00010003: \u5BE6\u9AD4 "{0}" \u7684\u9577\u5EA6\u70BA "{1}"\uFF0C\u8D85\u904E "{3}" \u6240\u8A2D\u5B9A\u7684 "{2}" \u9650\u5236\u3002
TotalEntitySizeLimit=JAXP00010004: \u5BE6\u9AD4\u7684\u7D2F\u7A4D\u5927\u5C0F "{0}" \u8D85\u904E "{2}" \u8A2D\u5B9A\u7684 "{1}" \u9650\u5236\u3002
MaxXMLNameLimit=JAXP00010005: \u540D\u7A31 "{0}" \u8D85\u904E "{2}" \u8A2D\u5B9A\u7684 "{1}" \u9650\u5236\u3002
+ MaxElementDepthLimit=JAXP00010006: \u5143\u7D20 "{0}" \u7684\u6DF1\u5EA6\u70BA "{1}"\uFF0C\u8D85\u904E "{3}" \u8A2D\u5B9A\u7684 "{2}" \u9650\u5236\u3002
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java b/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java
index 4c30871..e8e723a 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java
@@ -132,6 +132,10 @@
totalValue[index] += value;
return;
}
+ if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
+ totalValue[index] = value;
+ return;
+ }
Map<String, Integer> cache;
if (caches[index] == null) {
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java b/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java
index 96e196e..1b2911f 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java
@@ -66,7 +66,8 @@
ELEMENT_ATTRIBUTE_LIMIT(Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
TOTAL_ENTITY_SIZE_LIMIT(Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
GENERAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
- PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000);
+ PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
+ MAX_ELEMENT_DEPTH_LIMIT(Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0);
final String apiProperty;
final String systemProperty;
@@ -429,9 +430,10 @@
return false;
}
- if (index==Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
- index==Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
- index==Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
+ if (index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
+ index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
+ index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() ||
+ index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
return (limitAnalyzer.getTotalValue(index) > values[index]);
} else {
return (limitAnalyzer.getValue(index) > values[index]);
diff --git a/jaxws/.hgtags b/jaxws/.hgtags
index 4b99780..43132c7 100644
--- a/jaxws/.hgtags
+++ b/jaxws/.hgtags
@@ -260,6 +260,7 @@
384ccf4e14cb90c89570e16a5f4ca440a69d6d93 jdk8u5-b02
e423a4f2ec72ea0e24bea0fa77dd105095bbee67 jdk8u5-b03
738b966ee0b00d994445d34eb7eb087bd41a5478 jdk8u5-b04
+3960c6ef7bd1782d6357c510dab393d291164045 jdk8u11-b00
3960c6ef7bd1782d6357c510dab393d291164045 jdk8u5-b05
0543f4dddddc67b142b4706b2d403a654809e605 jdk8u5-b06
0eb7f9f88e93587ace50614385f85afd221f5cb1 jdk8u5-b07
@@ -269,6 +270,20 @@
75fd3933daaf5826e7c03bfb318026ac8a4c07ef jdk8u5-b11
e2454d30b525bcb6ebcc711bd2928fbd29c11143 jdk8u5-b12
d2200a87d5ad6a9d06d9df144376ea5511b3916b jdk8u5-b13
+ad56fa1dc3d375a6e909d3e005939626ba44a4b5 jdk8u5-b31
+d2732c66f0f927d7f31dead4cce1a0612b9ff2a1 jdk8u11-b01
+152cc523baf1fdfe48514e3fe0d8e5a9b3c01ba4 jdk8u11-b02
+c2c073f04f0566c868fec49b96e5885ad69f065c jdk8u11-b03
+d1dbc7bc54291d447fce5655e0878b8689ad25b7 jdk8u11-b04
+9626907d2521220a0214129733088bad35656239 jdk8u11-b05
+6b71476418c1f6a085fb10460dcfedc5346e69af jdk8u11-b06
+c29ede8e947c365ce55174eba716050c48461576 jdk8u11-b07
+ca91f03660789a75710b4a081cd32aab00e80964 jdk8u11-b08
+6e994ba1e4610b367f292a41a0d2c77091f93ab6 jdk8u11-b09
+aa3f37b9fbdca195ac9430b8c301db7f33347241 jdk8u11-b10
+5d161297f3031a82d04953bf60721f31e7c18da1 jdk8u11-b11
+beaec77113928b64365d7ea9b564ee02d1625b89 jdk8u11-b12
+5ceaffbb168fb84168cd49da83c469fdfaec4ee8 jdk8u11-b31
ba061957b8bdb5f04e58154b27405fbf6fe3c71f jdk8u20-b02
337a3a4086235e926e1d684bf4d0b2add70d6f55 jdk8u20-b03
579caba2483ee3c9e32d87b31ab46e86f1aa9cd3 jdk8u20-b04
@@ -291,3 +306,10 @@
a3b85d6097c52cbff3e514ad6dc4f705fbaaa8bb jdk8u20-b18
615fdd17d4e24af63fe63a0fe85cfda3645e6826 jdk8u20-b19
4681b10c0c3197f591b88eadc481a283ae90d003 jdk8u20-b20
+31d43d250c836c13fcc87025837783788c5cd0de jdk8u20-b21
+efc85d318f4697f40bdd1f3757677be97f1758d9 jdk8u25-b00
+a76779e1b0376650dfc29a1f3b14760f05e0fc6d jdk8u25-b01
+3d31955043b9f1807c9d695c7b5d604d11c132cf jdk8u25-b02
+c67cb85b249c69a96d7ac72734c35bc18644befe jdk8u25-b03
+81129354f0e821f3d41dbcf8a68ce82f9d776127 jdk8u25-b04
+5f78130b0a64df9568a827f9ea589fdc3a7c080c jdk8u25-b05
diff --git a/jaxws/src/share/jaxws_classes/com/sun/tools/internal/xjc/model/nav/Utils.java b/jaxws/src/share/jaxws_classes/com/sun/tools/internal/xjc/model/nav/Utils.java
index 945f3fd..556bf4f 100644
--- a/jaxws/src/share/jaxws_classes/com/sun/tools/internal/xjc/model/nav/Utils.java
+++ b/jaxws/src/share/jaxws_classes/com/sun/tools/internal/xjc/model/nav/Utils.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -38,22 +40,32 @@
* Utils class.
* Has *package private* access to avoid inappropriate usage.
*/
-/* package */ final class Utils {
+final class Utils {
private static final Logger LOGGER = Logger.getLogger(Utils.class.getName());
/**
* static ReflectionNavigator field to avoid usage of reflection every time we use it.
*/
- /* package */ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
+ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
static { // we statically initializing REFLECTION_NAVIGATOR property
- Class refNav = null;
try {
- refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
+ Class refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
//noinspection unchecked
- Method getInstance = refNav.getDeclaredMethod("getInstance");
- getInstance.setAccessible(true);
+ final Method getInstance = refNav.getDeclaredMethod("getInstance");
+
+ // requires accessClassInPackage privilege
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ getInstance.setAccessible(true);
+ return null;
+ }
+ }
+ );
+
//noinspection unchecked
REFLECTION_NAVIGATOR = (Navigator<Type, Class, Field, Method>) getInstance.invoke(null);
} catch (ClassNotFoundException e) {
diff --git a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/api/Utils.java b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/api/Utils.java
index 350062f..db75360 100644
--- a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/api/Utils.java
+++ b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/api/Utils.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -38,22 +40,32 @@
* Utils class.
* Has *package private* access to avoid inappropriate usage.
*/
-/* package */ final class Utils {
+final class Utils {
private static final Logger LOGGER = Logger.getLogger(Utils.class.getName());
/**
* static ReflectionNavigator field to avoid usage of reflection every time we use it.
*/
- /* package */ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
+ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
static { // we statically initializing REFLECTION_NAVIGATOR property
- Class refNav = null;
try {
- refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
+ Class refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
//noinspection unchecked
- Method getInstance = refNav.getDeclaredMethod("getInstance");
- getInstance.setAccessible(true);
+ final Method getInstance = refNav.getDeclaredMethod("getInstance");
+
+ // requires accessClassInPackage privilege
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ getInstance.setAccessible(true);
+ return null;
+ }
+ }
+ );
+
//noinspection unchecked
REFLECTION_NAVIGATOR = (Navigator<Type, Class, Field, Method>) getInstance.invoke(null);
} catch (ClassNotFoundException e) {
diff --git a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/Utils.java b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/Utils.java
index 84b7f0c..10cbc94 100644
--- a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/Utils.java
+++ b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/impl/Utils.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -38,22 +40,32 @@
* Utils class.
* Has *package private* access to avoid inappropriate usage.
*/
-/* package */ final class Utils {
+final class Utils {
private static final Logger LOGGER = Logger.getLogger(Utils.class.getName());
/**
* static ReflectionNavigator field to avoid usage of reflection every time we use it.
*/
- /* package */ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
+ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
static { // we statically initializing REFLECTION_NAVIGATOR property
- Class refNav = null;
try {
- refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
+ Class refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
//noinspection unchecked
- Method getInstance = refNav.getDeclaredMethod("getInstance");
- getInstance.setAccessible(true);
+ final Method getInstance = refNav.getDeclaredMethod("getInstance");
+
+ // requires accessClassInPackage privilege
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ getInstance.setAccessible(true);
+ return null;
+ }
+ }
+ );
+
//noinspection unchecked
REFLECTION_NAVIGATOR = (Navigator<Type, Class, Field, Method>) getInstance.invoke(null);
} catch (ClassNotFoundException e) {
diff --git a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/Utils.java b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/Utils.java
index f4bf2b8..0b9601f 100644
--- a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/Utils.java
+++ b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/Utils.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -38,22 +40,32 @@
* Utils class.
* Has *package private* access to avoid inappropriate usage.
*/
-/* package */ final class Utils {
+final class Utils {
private static final Logger LOGGER = Logger.getLogger(Utils.class.getName());
/**
* static ReflectionNavigator field to avoid usage of reflection every time we use it.
*/
- /* package */ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
+ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
static { // we statically initializing REFLECTION_NAVIGATOR property
- Class refNav = null;
try {
- refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
+ Class refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
//noinspection unchecked
- Method getInstance = refNav.getDeclaredMethod("getInstance");
- getInstance.setAccessible(true);
+ final Method getInstance = refNav.getDeclaredMethod("getInstance");
+
+ // requires accessClassInPackage privilege
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ getInstance.setAccessible(true);
+ return null;
+ }
+ }
+ );
+
//noinspection unchecked
REFLECTION_NAVIGATOR = (Navigator<Type, Class, Field, Method>) getInstance.invoke(null);
} catch (ClassNotFoundException e) {
diff --git a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/property/Utils.java b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/property/Utils.java
index 39cb615..69eaa2a 100644
--- a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/property/Utils.java
+++ b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/property/Utils.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -38,22 +40,32 @@
* Utils class.
* Has *package private* access to avoid inappropriate usage.
*/
-/* package */ final class Utils {
+final class Utils {
private static final Logger LOGGER = Logger.getLogger(Utils.class.getName());
/**
* static ReflectionNavigator field to avoid usage of reflection every time we use it.
*/
- /* package */ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
+ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
static { // we statically initializing REFLECTION_NAVIGATOR property
- Class refNav = null;
try {
- refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
+ Class refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
//noinspection unchecked
- Method getInstance = refNav.getDeclaredMethod("getInstance");
- getInstance.setAccessible(true);
+ final Method getInstance = refNav.getDeclaredMethod("getInstance");
+
+ // requires accessClassInPackage privilege
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ getInstance.setAccessible(true);
+ return null;
+ }
+ }
+ );
+
//noinspection unchecked
REFLECTION_NAVIGATOR = (Navigator<Type, Class, Field, Method>) getInstance.invoke(null);
} catch (ClassNotFoundException e) {
diff --git a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/Utils.java b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/Utils.java
index 011bf19..384d367 100644
--- a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/Utils.java
+++ b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/Utils.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -38,22 +40,32 @@
* Utils class.
* Has *package private* access to avoid inappropriate usage.
*/
-/* package */ final class Utils {
+final class Utils {
private static final Logger LOGGER = Logger.getLogger(Utils.class.getName());
/**
* static ReflectionNavigator field to avoid usage of reflection every time we use it.
*/
- /* package */ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
+ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
static { // we statically initializing REFLECTION_NAVIGATOR property
- Class refNav = null;
try {
- refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
+ Class refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
//noinspection unchecked
- Method getInstance = refNav.getDeclaredMethod("getInstance");
- getInstance.setAccessible(true);
+ final Method getInstance = refNav.getDeclaredMethod("getInstance");
+
+ // requires accessClassInPackage privilege
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ getInstance.setAccessible(true);
+ return null;
+ }
+ }
+ );
+
//noinspection unchecked
REFLECTION_NAVIGATOR = (Navigator<Type, Class, Field, Method>) getInstance.invoke(null);
} catch (ClassNotFoundException e) {
diff --git a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/model/Utils.java b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/model/Utils.java
index 2f77682..9310bf8 100644
--- a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/model/Utils.java
+++ b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/model/Utils.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -41,22 +43,32 @@
*
* Has *package private* access to avoid inappropriate usage.
*/
-/* package */ final class Utils {
+final class Utils {
private static final Logger LOGGER = Logger.getLogger(Utils.class.getName());
/**
* static ReflectionNavigator field to avoid usage of reflection every time we use it.
*/
- /* package */ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
+ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
static { // we statically initializing REFLECTION_NAVIGATOR property
- Class refNav = null;
try {
- refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
+ Class refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
//noinspection unchecked
- Method getInstance = refNav.getDeclaredMethod("getInstance");
- getInstance.setAccessible(true);
+ final Method getInstance = refNav.getDeclaredMethod("getInstance");
+
+ // requires accessClassInPackage privilege
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ getInstance.setAccessible(true);
+ return null;
+ }
+ }
+ );
+
//noinspection unchecked
REFLECTION_NAVIGATOR = (Navigator<Type, Class, Field, Method>) getInstance.invoke(null);
} catch (ClassNotFoundException e) {
diff --git a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/db/Utils.java b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/db/Utils.java
index 51de25d..ef40263 100644
--- a/jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/db/Utils.java
+++ b/jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/db/Utils.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -41,22 +43,32 @@
*
* Has *package private* access to avoid inappropriate usage.
*/
-/* package */ final class Utils {
+final class Utils {
private static final Logger LOGGER = Logger.getLogger(Utils.class.getName());
/**
* static ReflectionNavigator field to avoid usage of reflection every time we use it.
*/
- /* package */ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
+ static final Navigator<Type, Class, Field, Method> REFLECTION_NAVIGATOR;
static { // we statically initializing REFLECTION_NAVIGATOR property
- Class refNav = null;
try {
- refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
+ Class refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
//noinspection unchecked
- Method getInstance = refNav.getDeclaredMethod("getInstance");
- getInstance.setAccessible(true);
+ final Method getInstance = refNav.getDeclaredMethod("getInstance");
+
+ // requires accessClassInPackage privilege
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ getInstance.setAccessible(true);
+ return null;
+ }
+ }
+ );
+
//noinspection unchecked
REFLECTION_NAVIGATOR = (Navigator<Type, Class, Field, Method>) getInstance.invoke(null);
} catch (ClassNotFoundException e) {
diff --git a/jdk/.hgtags b/jdk/.hgtags
index fc38049..6b2b31e 100644
--- a/jdk/.hgtags
+++ b/jdk/.hgtags
@@ -260,6 +260,7 @@
343f4f8ba0982b3516e33c859b01634d919243c4 jdk8u5-b02
c35571198602a5856280d5c7c10bda4e7b769104 jdk8u5-b03
55e6175fb6904d771bfaec4ada4f5e20b54f4791 jdk8u5-b04
+911d590f34aaa7f7b9ef300d0c0a019e70a62d1d jdk8u11-b00
911d590f34aaa7f7b9ef300d0c0a019e70a62d1d jdk8u5-b05
94fe0ed14bfcca335ff72abd20cf871dab100e79 jdk8u5-b06
469c2c1a4885ddedc114e17902bb2f7f7326a4b7 jdk8u5-b07
@@ -269,6 +270,20 @@
f4f3b7ccd2801a0a87dd4677332f5b93191d08f2 jdk8u5-b11
9ff7f7909e122bb54f7df80efd0fc7a03ce7efff jdk8u5-b12
c6836440c427800a9f48168af29759b79857781d jdk8u5-b13
+8ba5281f1dce1122edac9e7d12b6c42e6da6297b jdk8u5-b31
+5eff6b1060758eae51125156a6f9c7725905e64e jdk8u11-b01
+cb1b9eca5890807476935051b8a5f13f4d3e5c63 jdk8u11-b02
+5efce41be1c8637b399980ea227f19e0f98341bc jdk8u11-b03
+4af24a3f52aeb07b51d3860049b0d1504e400feb jdk8u11-b04
+726370d73baebc513d0d83df71bb7629703ef7d0 jdk8u11-b05
+dc8eb8ba138a53df4cc80f6379ed25ef20644667 jdk8u11-b06
+69ea8bc3ce29eda152d9c2ebea91a9ce233bde9e jdk8u11-b07
+bec9dcd4c06358154cce431c4b70da56530827de jdk8u11-b08
+801e730c85eb822ac3b00466b32d42e089cb7233 jdk8u11-b09
+105753f0465e534e3664d0935016f5a0d061829d jdk8u11-b10
+bd5f7651116e2634c09adf073609811c60a4d5e7 jdk8u11-b11
+cbdfb9fdf1b3819f0299991a07e6ca72b3573625 jdk8u11-b12
+35329d502d6fb65e4f089fd338d4ee0757811b36 jdk8u11-b31
9543b632ab87368c887d8b29b21157ebb44228d0 jdk8u20-b02
5a9f04957f826ce23639479c9791c7d8fd282b01 jdk8u20-b03
c347889445c1153f11aaa56092d44a911e497454 jdk8u20-b04
@@ -291,3 +306,10 @@
266302e9c31172984493404d5b223979315b59ac jdk8u20-b18
38548d32c91cfa57b1d31eec0a5e79c936e86f11 jdk8u20-b19
5c0406ee9e820140b5322db006baed199c165b4f jdk8u20-b20
+693025bbc45d683676fa78bb76201b665e0d8f2d jdk8u20-b21
+abca9f6f1a10e9f91b2538bbe7870f54f550d986 jdk8u25-b00
+7d0627679c9fdeaaaa9fe15c7cc11af0763621ec jdk8u25-b01
+b0277ec994b751ebb761814675352506cd56bcd6 jdk8u25-b02
+5606d84f30bab5ed4bc5776572edd469fb013e13 jdk8u25-b03
+40630cd55da8a2db7980249dc31af285965cb5e9 jdk8u25-b04
+75b48287a1b3fc5757ac473f72c8918c7f345ffc jdk8u25-b05
diff --git a/jdk/javax/management/remote/security/CacheMapRemovalTest.java b/jdk/javax/management/remote/security/CacheMapRemovalTest.java
new file mode 100644
index 0000000..faf5539
--- /dev/null
+++ b/jdk/javax/management/remote/security/CacheMapRemovalTest.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+/**
+ * @test
+ * @bug 8029755
+ * @summary Test that class com/sun/jmx/remote/util/CacheMap and fields principalsCache, accCache of SubjectDelegator were removed
+ *
+ * @compile CacheMapRemovalTest.java
+ * @run main CacheMapRemovalTest
+ */
+public class CacheMapRemovalTest {
+ public static void main(String[] args) {
+ try {
+ Class.forName("com.sun.jmx.remote.util.CacheMap");
+ throw new AssertionError("Class CacheMap was not removed");
+ } catch (ClassNotFoundException e) {
+ System.out.println("com.sun.jmx.remote.util.CacheMap removal verified");
+ }
+
+ try {
+ com.sun.jmx.remote.security.SubjectDelegator.class.getDeclaredField("principalsCache");
+ throw new AssertionError("principalsCache field of SubjectDelegator was not removed");
+ } catch (NoSuchFieldException e) {
+ System.out.println("principalsCache field of SubjectDelegator removal verified");
+ }
+
+ try {
+ com.sun.jmx.remote.security.SubjectDelegator.class.getDeclaredField("accCache");
+ throw new AssertionError("accCache field of SubjectDelegator was not removed");
+ } catch (NoSuchFieldException e) {
+ System.out.println("accCache field of SubjectDelegator removal verified");
+ }
+ }
+}
diff --git a/jdk/make/mapfiles/libnet/mapfile-vers b/jdk/make/mapfiles/libnet/mapfile-vers
index 1b6a148..9e07f44 100644
--- a/jdk/make/mapfiles/libnet/mapfile-vers
+++ b/jdk/make/mapfiles/libnet/mapfile-vers
@@ -28,6 +28,8 @@
SUNWprivate_1.1 {
global:
JNI_OnLoad;
+ Java_java_net_AbstractPlainDatagramSocketImpl_init;
+ Java_java_net_AbstractPlainDatagramSocketImpl_dataAvailable;
Java_java_net_PlainSocketImpl_socketListen;
Java_java_net_PlainDatagramSocketImpl_getTTL;
Java_java_net_PlainDatagramSocketImpl_init;
diff --git a/jdk/make/mapfiles/libsunec/mapfile-vers b/jdk/make/mapfiles/libsunec/mapfile-vers
index a1da80c..3295322 100644
--- a/jdk/make/mapfiles/libsunec/mapfile-vers
+++ b/jdk/make/mapfiles/libsunec/mapfile-vers
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -28,10 +28,9 @@
SUNWprivate_1.1 {
global:
Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair;
- Java_sun_security_ec_ECKeyPairGenerator_getEncodedBytes;
- Java_sun_security_ec_ECDSASignature_signDigest;
- Java_sun_security_ec_ECDSASignature_verifySignedDigest;
- Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
+ Java_sun_security_ec_ECDSASignature_signDigest;
+ Java_sun_security_ec_ECDSASignature_verifySignedDigest;
+ Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
local:
*;
};
diff --git a/jdk/make/profile-includes.txt b/jdk/make/profile-includes.txt
index 105f9d3..86f1f85 100644
--- a/jdk/make/profile-includes.txt
+++ b/jdk/make/profile-includes.txt
@@ -73,6 +73,7 @@
rt.jar \
security/US_export_policy.jar \
security/blacklist \
+ security/blacklisted.certs \
security/cacerts \
security/java.policy \
security/java.security \
diff --git a/jdk/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java b/jdk/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java
index a69c501..536e231 100644
--- a/jdk/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java
+++ b/jdk/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,22 +34,14 @@
import javax.management.remote.SubjectDelegationPermission;
-import com.sun.jmx.remote.util.CacheMap;
-import java.util.ArrayList;
-import java.util.Collection;
+import java.util.*;
public class SubjectDelegator {
- private static final int PRINCIPALS_CACHE_SIZE = 10;
- private static final int ACC_CACHE_SIZE = 10;
-
- private CacheMap<Subject, Principal[]> principalsCache;
- private CacheMap<Subject, AccessControlContext> accCache;
-
/* Return the AccessControlContext appropriate to execute an
operation on behalf of the delegatedSubject. If the
authenticatedAccessControlContext does not have permission to
delegate to that subject, throw SecurityException. */
- public synchronized AccessControlContext
+ public AccessControlContext
delegatedContext(AccessControlContext authenticatedACC,
Subject delegatedSubject,
boolean removeCallerContext)
@@ -58,56 +50,14 @@
if (System.getSecurityManager() != null && authenticatedACC == null) {
throw new SecurityException("Illegal AccessControlContext: null");
}
- if (principalsCache == null || accCache == null) {
- principalsCache =
- new CacheMap<>(PRINCIPALS_CACHE_SIZE);
- accCache =
- new CacheMap<>(ACC_CACHE_SIZE);
- }
-
- // Retrieve the principals for the given
- // delegated subject from the cache
- //
- Principal[] delegatedPrincipals = principalsCache.get(delegatedSubject);
-
- // Convert the set of principals stored in the
- // delegated subject into an array of principals
- // and store it in the cache
- //
- if (delegatedPrincipals == null) {
- delegatedPrincipals =
- delegatedSubject.getPrincipals().toArray(new Principal[0]);
- principalsCache.put(delegatedSubject, delegatedPrincipals);
- }
-
- // Retrieve the access control context for the
- // given delegated subject from the cache
- //
- AccessControlContext delegatedACC = accCache.get(delegatedSubject);
-
- // Build the access control context to be used
- // when executing code as the delegated subject
- // and store it in the cache
- //
- if (delegatedACC == null) {
- if (removeCallerContext) {
- delegatedACC =
- JMXSubjectDomainCombiner.getDomainCombinerContext(
- delegatedSubject);
- } else {
- delegatedACC =
- JMXSubjectDomainCombiner.getContext(delegatedSubject);
- }
- accCache.put(delegatedSubject, delegatedACC);
- }
// Check if the subject delegation permission allows the
// authenticated subject to assume the identity of each
// principal in the delegated subject
//
- final Principal[] dp = delegatedPrincipals;
- final Collection<Permission> permissions = new ArrayList<>(dp.length);
- for(Principal p : dp) {
+ Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
+ final Collection<Permission> permissions = new ArrayList<>(ps.size());
+ for(Principal p : ps) {
final String pname = p.getClass().getName() + "." + p.getName();
permissions.add(new SubjectDelegationPermission(pname));
}
@@ -122,7 +72,15 @@
};
AccessController.doPrivileged(action, authenticatedACC);
- return delegatedACC;
+ return getDelegatedAcc(delegatedSubject, removeCallerContext);
+ }
+
+ private AccessControlContext getDelegatedAcc(Subject delegatedSubject, boolean removeCallerContext) {
+ if (removeCallerContext) {
+ return JMXSubjectDomainCombiner.getDomainCombinerContext(delegatedSubject);
+ } else {
+ return JMXSubjectDomainCombiner.getContext(delegatedSubject);
+ }
}
/**
@@ -137,11 +95,9 @@
public static synchronized boolean
checkRemoveCallerContext(Subject subject) {
try {
- final Principal[] dp =
- subject.getPrincipals().toArray(new Principal[0]);
- for (int i = 0 ; i < dp.length ; i++) {
+ for (Principal p : getSubjectPrincipals(subject)) {
final String pname =
- dp[i].getClass().getName() + "." + dp[i].getName();
+ p.getClass().getName() + "." + p.getName();
final Permission sdp =
new SubjectDelegationPermission(pname);
AccessController.checkPermission(sdp);
@@ -151,4 +107,19 @@
}
return true;
}
+
+ /**
+ * Retrieves the {@linkplain Subject} principals
+ * @param subject The subject
+ * @return If the {@code Subject} is immutable it will return the principals directly.
+ * If the {@code Subject} is mutable it will create an unmodifiable copy.
+ */
+ private static Collection<Principal> getSubjectPrincipals(Subject subject) {
+ if (subject.isReadOnly()) {
+ return subject.getPrincipals();
+ }
+
+ List<Principal> principals = Arrays.asList(subject.getPrincipals().toArray(new Principal[0]));
+ return Collections.unmodifiableList(principals);
+ }
}
diff --git a/jdk/src/share/classes/com/sun/jmx/remote/util/CacheMap.java b/jdk/src/share/classes/com/sun/jmx/remote/util/CacheMap.java
deleted file mode 100644
index ae21d07..0000000
--- a/jdk/src/share/classes/com/sun/jmx/remote/util/CacheMap.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.jmx.remote.util;
-
-import java.lang.ref.SoftReference;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.WeakHashMap;
-
-import com.sun.jmx.mbeanserver.Util;
-
-/**
- * <p>Like WeakHashMap, except that the keys of the <em>n</em> most
- * recently-accessed entries are kept as {@link SoftReference soft
- * references}. Accessing an element means creating it, or retrieving
- * it with {@link #get(Object) get}. Because these entries are kept
- * with soft references, they will tend to remain even if their keys
- * are not referenced elsewhere. But if memory is short, they will
- * be removed.</p>
- */
-public class CacheMap<K, V> extends WeakHashMap<K, V> {
- /**
- * <p>Create a <code>CacheMap</code> that can keep up to
- * <code>nSoftReferences</code> as soft references.</p>
- *
- * @param nSoftReferences Maximum number of keys to keep as soft
- * references. Access times for {@link #get(Object) get} and
- * {@link #put(Object, Object) put} have a component that scales
- * linearly with <code>nSoftReferences</code>, so this value
- * should not be too great.
- *
- * @throws IllegalArgumentException if
- * <code>nSoftReferences</code> is negative.
- */
- public CacheMap(int nSoftReferences) {
- if (nSoftReferences < 0) {
- throw new IllegalArgumentException("nSoftReferences = " +
- nSoftReferences);
- }
- this.nSoftReferences = nSoftReferences;
- }
-
- public V put(K key, V value) {
- cache(key);
- return super.put(key, value);
- }
-
- public V get(Object key) {
- cache(Util.<K>cast(key));
- return super.get(key);
- }
-
- /* We don't override remove(Object) or try to do something with
- the map's iterators to detect removal. So we may keep useless
- entries in the soft reference list for keys that have since
- been removed. The assumption is that entries are added to the
- cache but never removed. But the behavior is not wrong if
- they are in fact removed -- the caching is just less
- performant. */
-
- private void cache(K key) {
- Iterator<SoftReference<K>> it = cache.iterator();
- while (it.hasNext()) {
- SoftReference<K> sref = it.next();
- K key1 = sref.get();
- if (key1 == null)
- it.remove();
- else if (key.equals(key1)) {
- // Move this element to the head of the LRU list
- it.remove();
- cache.add(0, sref);
- return;
- }
- }
-
- int size = cache.size();
- if (size == nSoftReferences) {
- if (size == 0)
- return; // degenerate case, equivalent to WeakHashMap
- it.remove();
- }
-
- cache.add(0, new SoftReference<K>(key));
- }
-
- /* List of soft references for the most-recently referenced keys.
- The list is in most-recently-used order, i.e. the first element
- is the most-recently referenced key. There are never more than
- nSoftReferences elements of this list.
-
- If we didn't care about J2SE 1.3 compatibility, we could use
- LinkedHashSet in conjunction with a subclass of SoftReference
- whose equals and hashCode reflect the referent. */
- private final LinkedList<SoftReference<K>> cache =
- new LinkedList<SoftReference<K>>();
- private final int nSoftReferences;
-}
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java
index 6176370..5f3b9f5 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java
@@ -25,6 +25,8 @@
import java.io.InputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
@@ -35,6 +37,7 @@
import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
+import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver;
import com.sun.org.apache.xml.internal.security.transforms.Transform;
import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
@@ -118,43 +121,50 @@
log.log(java.util.logging.Level.FINE, "Registering default algorithms");
}
try {
- //
- // Bind the default prefixes
- //
- ElementProxy.registerDefaultPrefixes();
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Void>(){
+ @Override public Void run() throws XMLSecurityException {
+ //
+ // Bind the default prefixes
+ //
+ ElementProxy.registerDefaultPrefixes();
- //
- // Set the default Transforms
- //
- Transform.registerDefaultAlgorithms();
+ //
+ // Set the default Transforms
+ //
+ Transform.registerDefaultAlgorithms();
- //
- // Set the default signature algorithms
- //
- SignatureAlgorithm.registerDefaultAlgorithms();
+ //
+ // Set the default signature algorithms
+ //
+ SignatureAlgorithm.registerDefaultAlgorithms();
- //
- // Set the default JCE algorithms
- //
- JCEMapper.registerDefaultAlgorithms();
+ //
+ // Set the default JCE algorithms
+ //
+ JCEMapper.registerDefaultAlgorithms();
- //
- // Set the default c14n algorithms
- //
- Canonicalizer.registerDefaultAlgorithms();
+ //
+ // Set the default c14n algorithms
+ //
+ Canonicalizer.registerDefaultAlgorithms();
- //
- // Register the default resolvers
- //
- ResourceResolver.registerDefaultResolvers();
+ //
+ // Register the default resolvers
+ //
+ ResourceResolver.registerDefaultResolvers();
- //
- // Register the default key resolvers
- //
- KeyResolver.registerDefaultResolvers();
- } catch (Exception ex) {
- log.log(java.util.logging.Level.SEVERE, ex.getMessage(), ex);
- ex.printStackTrace();
+ //
+ // Register the default key resolvers
+ //
+ KeyResolver.registerDefaultResolvers();
+
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException ex) {
+ XMLSecurityException xse = (XMLSecurityException)ex.getException();
+ log.log(java.util.logging.Level.SEVERE, xse.getMessage(), xse);
+ xse.printStackTrace();
}
}
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
index ca7d42a..9fc3525 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
@@ -27,6 +27,7 @@
import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
import org.w3c.dom.Element;
@@ -49,8 +50,11 @@
*
* @param id
* @param algorithm
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the JCE algorithm
*/
public static void register(String id, Algorithm algorithm) {
+ JavaUtils.checkRegisterPermission();
algorithmsMap.put(id, algorithm);
}
@@ -292,8 +296,11 @@
/**
* Sets the default Provider for obtaining the security algorithms
* @param provider the default providerId.
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the JCE provider
*/
public static void setProviderId(String provider) {
+ JavaUtils.checkRegisterPermission();
providerName = provider;
}
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
index 4748a6b..ada9ea5 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
@@ -37,6 +37,7 @@
import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -314,18 +315,21 @@
}
/**
- * Registers implementing class of the Transform algorithm with algorithmURI
+ * Registers implementing class of the SignatureAlgorithm with algorithmURI
*
- * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
+ * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
* @param implementingClass <code>implementingClass</code> the implementing class of
* {@link SignatureAlgorithmSpi}
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
* @throws XMLSignatureException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the signature algorithm
*/
@SuppressWarnings("unchecked")
public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
XMLSignatureException {
+ JavaUtils.checkRegisterPermission();
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
}
@@ -352,15 +356,18 @@
/**
* Registers implementing class of the Transform algorithm with algorithmURI
*
- * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
+ * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
* @param implementingClass <code>implementingClass</code> the implementing class of
* {@link SignatureAlgorithmSpi}
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
* @throws XMLSignatureException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the signature algorithm
*/
public static void register(String algorithmURI, Class<? extends SignatureAlgorithmSpi> implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
XMLSignatureException {
+ JavaUtils.checkRegisterPermission();
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
}
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
index 2f0b31f..ae33b72 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
@@ -41,6 +41,7 @@
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315WithComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerPhysical;
import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -142,10 +143,13 @@
* @param algorithmURI
* @param implementingClass
* @throws AlgorithmAlreadyRegisteredException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the canonicalizer
*/
@SuppressWarnings("unchecked")
public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
+ JavaUtils.checkRegisterPermission();
// check whether URI is already registered
Class<? extends CanonicalizerSpi> registeredClass =
canonicalizerHash.get(algorithmURI);
@@ -166,9 +170,12 @@
* @param algorithmURI
* @param implementingClass
* @throws AlgorithmAlreadyRegisteredException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the canonicalizer
*/
- public static void register(String algorithmURI, Class<CanonicalizerSpi> implementingClass)
+ public static void register(String algorithmURI, Class<? extends CanonicalizerSpi> implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
+ JavaUtils.checkRegisterPermission();
// check whether URI is already registered
Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI);
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
index fe541ff..e8622d9 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
@@ -42,6 +42,7 @@
import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SKIResolver;
import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SubjectNameResolver;
import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -175,9 +176,12 @@
* @throws InstantiationException
* @throws IllegalAccessException
* @throws ClassNotFoundException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the key resolver
*/
public static void register(String className, boolean globalResolver)
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+ JavaUtils.checkRegisterPermission();
KeyResolverSpi keyResolverSpi =
(KeyResolverSpi) Class.forName(className).newInstance();
keyResolverSpi.setGlobalResolver(globalResolver);
@@ -195,8 +199,11 @@
*
* @param className
* @param globalResolver Whether the KeyResolverSpi is a global resolver or not
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the key resolver
*/
public static void registerAtStart(String className, boolean globalResolver) {
+ JavaUtils.checkRegisterPermission();
KeyResolverSpi keyResolverSpi = null;
Exception ex = null;
try {
@@ -228,11 +235,14 @@
*
* @param keyResolverSpi a KeyResolverSpi instance to register
* @param start whether to register the KeyResolverSpi at the start of the list or not
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the key resolver
*/
public static void register(
KeyResolverSpi keyResolverSpi,
boolean start
) {
+ JavaUtils.checkRegisterPermission();
KeyResolver resolver = new KeyResolver(keyResolverSpi);
if (start) {
resolverVector.add(0, resolver);
@@ -254,9 +264,12 @@
* @throws InstantiationException
* @throws IllegalAccessException
* @throws ClassNotFoundException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the key resolver
*/
public static void registerClassNames(List<String> classNames)
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+ JavaUtils.checkRegisterPermission();
List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>(classNames.size());
for (String className : classNames) {
KeyResolverSpi keyResolverSpi =
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
index 37d67ba..3fc1d21 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
@@ -46,6 +46,7 @@
import com.sun.org.apache.xml.internal.security.transforms.implementations.TransformXSLT;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.HelperNodeList;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import org.w3c.dom.Document;
@@ -181,11 +182,14 @@
* class of {@link TransformSpi}
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
* is already registered
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the transform
*/
@SuppressWarnings("unchecked")
public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
InvalidTransformException {
+ JavaUtils.checkRegisterPermission();
// are we already registered?
Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
if (transformSpi != null) {
@@ -206,9 +210,12 @@
* class of {@link TransformSpi}
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
* is already registered
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the transform
*/
public static void register(String algorithmURI, Class<? extends TransformSpi> implementingClass)
throws AlgorithmAlreadyRegisteredException {
+ JavaUtils.checkRegisterPermission();
// are we already registered?
Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
if (transformSpi != null) {
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
index ac7a53e..fe8bdb1 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
@@ -468,9 +468,12 @@
* @param namespace
* @param prefix
* @throws XMLSecurityException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the default prefix
*/
public static void setDefaultPrefix(String namespace, String prefix)
throws XMLSecurityException {
+ JavaUtils.checkRegisterPermission();
if (prefixMappings.containsValue(prefix)) {
String storedPrefix = prefixMappings.get(namespace);
if (!storedPrefix.equals(prefix)) {
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java
index cf55f40..ee3dfbe 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java
@@ -28,6 +28,7 @@
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.SecurityPermission;
/**
* A collection of different, general-purpose methods for JAVA-specific things
@@ -39,6 +40,10 @@
private static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(JavaUtils.class.getName());
+ private static final SecurityPermission REGISTER_PERMISSION =
+ new SecurityPermission(
+ "com.sun.org.apache.xml.internal.security.register");
+
private JavaUtils() {
// we don't allow instantiation
}
@@ -145,4 +150,21 @@
return retBytes;
}
+
+ /**
+ * Throws a {@code SecurityException} if a security manager is installed
+ * and the caller is not allowed to register an implementation of an
+ * algorithm, transform, or other security sensitive XML Signature function.
+ *
+ * @throws SecurityException if a security manager is installed and the
+ * caller has not been granted the
+ * {@literal "com.sun.org.apache.xml.internal.security.register"}
+ * {@code SecurityPermission}
+ */
+ public static void checkRegisterPermission() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(REGISTER_PERMISSION);
+ }
+ }
}
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java
index 620b673..585f7f6 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java
@@ -80,32 +80,44 @@
/**
* Set the prefix for the digital signature namespace
* @param prefix the new prefix for the digital signature namespace
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the prefix
*/
public static void setDsPrefix(String prefix) {
+ JavaUtils.checkRegisterPermission();
dsPrefix = prefix;
}
/**
* Set the prefix for the digital signature 1.1 namespace
* @param prefix the new prefix for the digital signature 1.1 namespace
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the prefix
*/
public static void setDs11Prefix(String prefix) {
+ JavaUtils.checkRegisterPermission();
ds11Prefix = prefix;
}
/**
* Set the prefix for the encryption namespace
* @param prefix the new prefix for the encryption namespace
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the prefix
*/
public static void setXencPrefix(String prefix) {
+ JavaUtils.checkRegisterPermission();
xencPrefix = prefix;
}
/**
* Set the prefix for the encryption namespace 1.1
* @param prefix the new prefix for the encryption namespace 1.1
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the prefix
*/
public static void setXenc11Prefix(String prefix) {
+ JavaUtils.checkRegisterPermission();
xenc11Prefix = prefix;
}
diff --git a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java
index 7570a01..012d2fb 100644
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java
@@ -27,6 +27,7 @@
import java.util.Map;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP;
import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment;
import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverLocalFilesystem;
@@ -199,9 +200,12 @@
* the class cannot be registered.
*
* @param className the name of the ResourceResolverSpi class to be registered
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register a resource resolver
*/
@SuppressWarnings("unchecked")
public static void register(String className) {
+ JavaUtils.checkRegisterPermission();
try {
Class<ResourceResolverSpi> resourceResolverClass =
(Class<ResourceResolverSpi>) Class.forName(className);
@@ -216,9 +220,12 @@
* list. This method logs a warning if the class cannot be registered.
*
* @param className the name of the ResourceResolverSpi class to be registered
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register a resource resolver
*/
@SuppressWarnings("unchecked")
public static void registerAtStart(String className) {
+ JavaUtils.checkRegisterPermission();
try {
Class<ResourceResolverSpi> resourceResolverClass =
(Class<ResourceResolverSpi>) Class.forName(className);
@@ -233,8 +240,11 @@
* cannot be registered.
* @param className
* @param start
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register a resource resolver
*/
public static void register(Class<? extends ResourceResolverSpi> className, boolean start) {
+ JavaUtils.checkRegisterPermission();
try {
ResourceResolverSpi resourceResolverSpi = className.newInstance();
register(resourceResolverSpi, start);
@@ -250,8 +260,11 @@
* cannot be registered.
* @param resourceResolverSpi
* @param start
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register a resource resolver
*/
public static void register(ResourceResolverSpi resourceResolverSpi, boolean start) {
+ JavaUtils.checkRegisterPermission();
synchronized(resolverList) {
if (start) {
resolverList.add(0, new ResourceResolver(resourceResolverSpi));
diff --git a/jdk/src/share/classes/com/sun/security/sasl/CramMD5Base.java b/jdk/src/share/classes/com/sun/security/sasl/CramMD5Base.java
index 5d0309c..559b0bc 100644
--- a/jdk/src/share/classes/com/sun/security/sasl/CramMD5Base.java
+++ b/jdk/src/share/classes/com/sun/security/sasl/CramMD5Base.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@
import java.security.NoSuchAlgorithmException;
import java.security.MessageDigest;
+import java.util.Arrays;
import java.util.logging.Logger;
/**
@@ -159,7 +160,7 @@
MessageDigest md5 = MessageDigest.getInstance("MD5");
/* digest the key if longer than 64 bytes */
- if (key.length > 64) {
+ if (key.length > MD5_BLOCKSIZE) {
key = md5.digest(key);
}
@@ -169,13 +170,9 @@
int i;
/* store key in pads */
- for (i = 0; i < MD5_BLOCKSIZE; i++) {
- for ( ; i < key.length; i++) {
- ipad[i] = key[i];
- opad[i] = key[i];
- }
- ipad[i] = 0x00;
- opad[i] = 0x00;
+ for (i = 0; i < key.length; i++) {
+ ipad[i] = key[i];
+ opad[i] = key[i];
}
/* XOR key with pads */
@@ -207,6 +204,11 @@
}
}
+ Arrays.fill(ipad, (byte)0);
+ Arrays.fill(opad, (byte)0);
+ ipad = null;
+ opad = null;
+
return (digestString.toString());
}
diff --git a/jdk/src/share/classes/java/lang/Class.java b/jdk/src/share/classes/java/lang/Class.java
index eb2b8b8..d4c36bc 100644
--- a/jdk/src/share/classes/java/lang/Class.java
+++ b/jdk/src/share/classes/java/lang/Class.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -256,8 +256,8 @@
@CallerSensitive
public static Class<?> forName(String className)
throws ClassNotFoundException {
- return forName0(className, true,
- ClassLoader.getClassLoader(Reflection.getCallerClass()));
+ Class<?> caller = Reflection.getCallerClass();
+ return forName0(className, true, ClassLoader.getClassLoader(caller), caller);
}
@@ -327,22 +327,27 @@
ClassLoader loader)
throws ClassNotFoundException
{
- if (sun.misc.VM.isSystemDomainLoader(loader)) {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- ClassLoader ccl = ClassLoader.getClassLoader(Reflection.getCallerClass());
+ Class<?> caller = null;
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ // Reflective call to get caller class is only needed if a security manager
+ // is present. Avoid the overhead of making this call otherwise.
+ caller = Reflection.getCallerClass();
+ if (sun.misc.VM.isSystemDomainLoader(loader)) {
+ ClassLoader ccl = ClassLoader.getClassLoader(caller);
if (!sun.misc.VM.isSystemDomainLoader(ccl)) {
sm.checkPermission(
SecurityConstants.GET_CLASSLOADER_PERMISSION);
}
}
}
- return forName0(name, initialize, loader);
+ return forName0(name, initialize, loader, caller);
}
- /** Called after security checks have been made. */
+ /** Called after security check for system loader access checks have been made. */
private static native Class<?> forName0(String name, boolean initialize,
- ClassLoader loader)
+ ClassLoader loader,
+ Class<?> caller)
throws ClassNotFoundException;
/**
diff --git a/jdk/src/share/classes/java/lang/ProcessBuilder.java b/jdk/src/share/classes/java/lang/ProcessBuilder.java
index efa30fd..fc58abc 100644
--- a/jdk/src/share/classes/java/lang/ProcessBuilder.java
+++ b/jdk/src/share/classes/java/lang/ProcessBuilder.java
@@ -1019,6 +1019,12 @@
String dir = directory == null ? null : directory.toString();
+ for (int i = 1; i < cmdarray.length; i++) {
+ if (cmdarray[i].indexOf('\u0000') >= 0) {
+ throw new IOException("invalid null character in command");
+ }
+ }
+
try {
return ProcessImpl.start(cmdarray,
environment,
diff --git a/jdk/src/share/classes/java/lang/invoke/MethodHandles.java b/jdk/src/share/classes/java/lang/invoke/MethodHandles.java
index cdc764d..09103d5 100644
--- a/jdk/src/share/classes/java/lang/invoke/MethodHandles.java
+++ b/jdk/src/share/classes/java/lang/invoke/MethodHandles.java
@@ -39,7 +39,9 @@
import sun.security.util.SecurityConstants;
import static java.lang.invoke.MethodHandleStatics.*;
import static java.lang.invoke.MethodHandleNatives.Constants.*;
+
import java.util.concurrent.ConcurrentHashMap;
+
import sun.security.util.SecurityConstants;
/**
@@ -1504,6 +1506,10 @@
// that is *not* the bytecode behavior.
mods ^= Modifier.PROTECTED | Modifier.PUBLIC;
}
+ if (Modifier.isProtected(mods) && refKind == REF_newInvokeSpecial) {
+ // cannot "new" a protected ctor in a different package
+ mods ^= Modifier.PROTECTED;
+ }
if (Modifier.isFinal(mods) &&
MethodHandleNatives.refKindIsSetter(refKind))
throw m.makeAccessException("unexpected set of a final field", this);
diff --git a/jdk/src/share/classes/java/lang/invoke/MethodType.java b/jdk/src/share/classes/java/lang/invoke/MethodType.java
index c2646004..08c17d7 100644
--- a/jdk/src/share/classes/java/lang/invoke/MethodType.java
+++ b/jdk/src/share/classes/java/lang/invoke/MethodType.java
@@ -653,7 +653,7 @@
* @return the parameter types (as an immutable list)
*/
public List<Class<?>> parameterList() {
- return Collections.unmodifiableList(Arrays.asList(ptypes));
+ return Collections.unmodifiableList(Arrays.asList(ptypes.clone()));
}
/*non-public*/ Class<?> lastParameterType() {
diff --git a/jdk/src/share/classes/java/lang/reflect/Proxy.java b/jdk/src/share/classes/java/lang/reflect/Proxy.java
index 20e62b6..7b80e45 100644
--- a/jdk/src/share/classes/java/lang/reflect/Proxy.java
+++ b/jdk/src/share/classes/java/lang/reflect/Proxy.java
@@ -362,12 +362,13 @@
Class<?>... interfaces)
throws IllegalArgumentException
{
- SecurityManager sm = System.getSecurityManager();
+ final Class<?>[] intfs = interfaces.clone();
+ final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- checkProxyAccess(Reflection.getCallerClass(), loader, interfaces);
+ checkProxyAccess(Reflection.getCallerClass(), loader, intfs);
}
- return getProxyClass0(loader, interfaces);
+ return getProxyClass0(loader, intfs);
}
/*
@@ -706,15 +707,16 @@
{
Objects.requireNonNull(h);
+ final Class<?>[] intfs = interfaces.clone();
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- checkProxyAccess(Reflection.getCallerClass(), loader, interfaces);
+ checkProxyAccess(Reflection.getCallerClass(), loader, intfs);
}
/*
* Look up or generate the designated proxy class.
*/
- Class<?> cl = getProxyClass0(loader, interfaces);
+ Class<?> cl = getProxyClass0(loader, intfs);
/*
* Invoke its constructor with the designated invocation handler.
diff --git a/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java b/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
index 555ca84..1793cfc 100644
--- a/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
+++ b/jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
@@ -68,6 +68,7 @@
return null;
}
});
+ init();
}
/**
@@ -362,4 +363,7 @@
protected boolean nativeConnectDisabled() {
return connectDisabled;
}
+
+ native int dataAvailable();
+ private static native void init();
}
diff --git a/jdk/src/share/classes/java/net/DatagramSocket.java b/jdk/src/share/classes/java/net/DatagramSocket.java
index 54799a8..bbe3e1b 100644
--- a/jdk/src/share/classes/java/net/DatagramSocket.java
+++ b/jdk/src/share/classes/java/net/DatagramSocket.java
@@ -83,6 +83,17 @@
*/
boolean oldImpl = false;
+ /**
+ * Set when a socket is ST_CONNECTED until we are certain
+ * that any packets which might have been received prior
+ * to calling connect() but not read by the application
+ * have been read. During this time we check the source
+ * address of all packets received to be sure they are from
+ * the connected destination. Other packets are read but
+ * silently dropped.
+ */
+ private boolean explicitFilter = false;
+ private int bytesLeftToFilter;
/*
* Connection state:
* ST_NOT_CONNECTED = socket not connected
@@ -142,6 +153,15 @@
// socket is now connected by the impl
connectState = ST_CONNECTED;
+ // Do we need to filter some packets?
+ int avail = getImpl().dataAvailable();
+ if (avail == -1) {
+ throw new SocketException();
+ }
+ explicitFilter = avail > 0;
+ if (explicitFilter) {
+ bytesLeftToFilter = getReceiveBufferSize();
+ }
} catch (SocketException se) {
// connection will be emulated by DatagramSocket
@@ -490,6 +510,7 @@
connectedAddress = null;
connectedPort = -1;
connectState = ST_NOT_CONNECTED;
+ explicitFilter = false;
}
}
@@ -748,10 +769,12 @@
} // end of while
}
}
- if (connectState == ST_CONNECTED_NO_IMPL) {
+ if ((connectState == ST_CONNECTED_NO_IMPL) || explicitFilter) {
// We have to do the filtering the old fashioned way since
// the native impl doesn't support connect or the connect
- // via the impl failed.
+ // via the impl failed, or .. "explicitFilter" may be set when
+ // a socket is connected via the impl, for a period of time
+ // when packets from other sources might be queued on socket.
boolean stop = false;
while (!stop) {
InetAddress peekAddress = null;
@@ -770,8 +793,12 @@
if ((!connectedAddress.equals(peekAddress)) ||
(connectedPort != peekPort)) {
// throw the packet away and silently continue
- DatagramPacket tmp = new DatagramPacket(new byte[1], 1);
+ DatagramPacket tmp = new DatagramPacket(
+ new byte[1024], 1024);
getImpl().receive(tmp);
+ if (explicitFilter) {
+ bytesLeftToFilter -= tmp.getLength();
+ }
} else {
stop = true;
}
@@ -780,6 +807,15 @@
// If the security check succeeds, or the datagram is
// connected then receive the packet
getImpl().receive(p);
+ if (explicitFilter) {
+ bytesLeftToFilter -= p.getLength();
+ if (bytesLeftToFilter <= 0) {
+ explicitFilter = false;
+ } else {
+ // break out of filter, if there is no more data queued
+ explicitFilter = getImpl().dataAvailable() > 0;
+ }
+ }
}
}
diff --git a/jdk/src/share/classes/java/net/DatagramSocketImpl.java b/jdk/src/share/classes/java/net/DatagramSocketImpl.java
index c2b1158..537edfe 100644
--- a/jdk/src/share/classes/java/net/DatagramSocketImpl.java
+++ b/jdk/src/share/classes/java/net/DatagramSocketImpl.java
@@ -47,6 +47,12 @@
*/
protected FileDescriptor fd;
+ int dataAvailable() {
+ // default impl returns zero, which disables the calling
+ // functionality
+ return 0;
+ }
+
/**
* The DatagramSocket or MulticastSocket
* that owns this impl
diff --git a/jdk/src/share/classes/java/security/Provider.java b/jdk/src/share/classes/java/security/Provider.java
index 7e3def8..1eadb0e 100644
--- a/jdk/src/share/classes/java/security/Provider.java
+++ b/jdk/src/share/classes/java/security/Provider.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1372,7 +1372,7 @@
* <p>This class defines the methods {@link #supportsParameter
* supportsParameter()} and {@link #newInstance newInstance()}
* which are used by the Java security framework when it searches for
- * suitable services and instantes them. The valid arguments to those
+ * suitable services and instantiates them. The valid arguments to those
* methods depend on the type of service. For the service types defined
* within Java SE, see the
* <a href="../../../technotes/guides/security/crypto/CryptoSpec.html">
@@ -1562,7 +1562,7 @@
*
* @throws InvalidParameterException if the value of
* constructorParameter is invalid for this type of service.
- * @throws NoSuchAlgorithmException if instantation failed for
+ * @throws NoSuchAlgorithmException if instantiation failed for
* any other reason.
*/
public Object newInstance(Object constructorParameter)
@@ -1590,7 +1590,9 @@
+ " engines");
}
Class<?> clazz = getImplClass();
- return clazz.newInstance();
+ Class<?>[] empty = {};
+ Constructor<?> con = clazz.getConstructor(empty);
+ return con.newInstance();
} else {
Class<?> paramClass = cap.getConstructorParameterClass();
if (constructorParameter != null) {
@@ -1633,13 +1635,18 @@
} else {
clazz = cl.loadClass(className);
}
+ if (!Modifier.isPublic(clazz.getModifiers())) {
+ throw new NoSuchAlgorithmException
+ ("class configured for " + type + " (provider: " +
+ provider.getName() + ") is not public.");
+ }
classRef = new WeakReference<Class<?>>(clazz);
}
return clazz;
} catch (ClassNotFoundException e) {
throw new NoSuchAlgorithmException
- ("class configured for " + type + "(provider: " +
- provider.getName() + ")" + "cannot be found.", e);
+ ("class configured for " + type + " (provider: " +
+ provider.getName() + ") cannot be found.", e);
}
}
@@ -1652,15 +1659,21 @@
throws Exception {
Class<?> clazz = getImplClass();
if (constructorParameter == null) {
- Object o = clazz.newInstance();
- return o;
+ // create instance with public no-arg constructor if it exists
+ try {
+ Class<?>[] empty = {};
+ Constructor<?> con = clazz.getConstructor(empty);
+ return con.newInstance();
+ } catch (NoSuchMethodException e) {
+ throw new NoSuchAlgorithmException("No public no-arg "
+ + "constructor found in class " + className);
+ }
}
Class<?> argClass = constructorParameter.getClass();
Constructor[] cons = clazz.getConstructors();
// find first public constructor that can take the
// argument as parameter
- for (int i = 0; i < cons.length; i++) {
- Constructor<?> con = cons[i];
+ for (Constructor<?> con : cons) {
Class<?>[] paramTypes = con.getParameterTypes();
if (paramTypes.length != 1) {
continue;
@@ -1668,10 +1681,9 @@
if (paramTypes[0].isAssignableFrom(argClass) == false) {
continue;
}
- Object o = con.newInstance(new Object[] {constructorParameter});
- return o;
+ return con.newInstance(constructorParameter);
}
- throw new NoSuchAlgorithmException("No constructor matching "
+ throw new NoSuchAlgorithmException("No public constructor matching "
+ argClass.getName() + " found in class " + className);
}
diff --git a/jdk/src/share/classes/java/security/Signature.java b/jdk/src/share/classes/java/security/Signature.java
index 7c5bd96..9394284 100644
--- a/jdk/src/share/classes/java/security/Signature.java
+++ b/jdk/src/share/classes/java/security/Signature.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -590,6 +590,9 @@
if (outbuf == null) {
throw new IllegalArgumentException("No output buffer given");
}
+ if (offset < 0 || len < 0) {
+ throw new IllegalArgumentException("offset or len is less than 0");
+ }
if (outbuf.length - offset < len) {
throw new IllegalArgumentException
("Output buffer too small for specified offset and length");
@@ -658,9 +661,16 @@
public final boolean verify(byte[] signature, int offset, int length)
throws SignatureException {
if (state == VERIFY) {
- if ((signature == null) || (offset < 0) || (length < 0) ||
- (length > signature.length - offset)) {
- throw new IllegalArgumentException("Bad arguments");
+ if (signature == null) {
+ throw new IllegalArgumentException("signature is null");
+ }
+ if (offset < 0 || length < 0) {
+ throw new IllegalArgumentException
+ ("offset or length is less than 0");
+ }
+ if (signature.length - offset < length) {
+ throw new IllegalArgumentException
+ ("signature too small for specified offset and length");
}
return engineVerify(signature, offset, length);
@@ -713,6 +723,16 @@
public final void update(byte[] data, int off, int len)
throws SignatureException {
if (state == SIGN || state == VERIFY) {
+ if (data == null) {
+ throw new IllegalArgumentException("data is null");
+ }
+ if (off < 0 || len < 0) {
+ throw new IllegalArgumentException("off or len is less than 0");
+ }
+ if (data.length - off < len) {
+ throw new IllegalArgumentException
+ ("data too small for specified offset and length");
+ }
engineUpdate(data, off, len);
} else {
throw new SignatureException("object not initialized for "
diff --git a/jdk/src/share/classes/java/security/cert/CertificateRevokedException.java b/jdk/src/share/classes/java/security/cert/CertificateRevokedException.java
index a545627..505a007 100644
--- a/jdk/src/share/classes/java/security/cert/CertificateRevokedException.java
+++ b/jdk/src/share/classes/java/security/cert/CertificateRevokedException.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -94,7 +94,10 @@
this.revocationDate = new Date(revocationDate.getTime());
this.reason = reason;
this.authority = authority;
- this.extensions = new HashMap<String, Extension>(extensions);
+ // make sure Map only contains correct types
+ this.extensions = Collections.checkedMap(new HashMap<>(),
+ String.class, Extension.class);
+ this.extensions.putAll(extensions);
}
/**
@@ -172,7 +175,8 @@
public String getMessage() {
return "Certificate has been revoked, reason: "
+ reason + ", revocation date: " + revocationDate
- + ", authority: " + authority + ", extensions: " + extensions;
+ + ", authority: " + authority + ", extension OIDs: "
+ + extensions.keySet();
}
/**
diff --git a/jdk/src/share/classes/java/util/ResourceBundle.java b/jdk/src/share/classes/java/util/ResourceBundle.java
index d70b61a..134894c 100644
--- a/jdk/src/share/classes/java/util/ResourceBundle.java
+++ b/jdk/src/share/classes/java/util/ResourceBundle.java
@@ -2650,7 +2650,10 @@
} catch (ClassNotFoundException e) {
}
} else if (format.equals("java.properties")) {
- final String resourceName = toResourceName(bundleName, "properties");
+ final String resourceName = toResourceName0(bundleName, "properties");
+ if (resourceName == null) {
+ return bundle;
+ }
final ClassLoader classLoader = loader;
final boolean reloadFlag = reload;
InputStream stream = null;
@@ -2804,7 +2807,10 @@
}
boolean result = false;
try {
- String resourceName = toResourceName(toBundleName(baseName, locale), format);
+ String resourceName = toResourceName0(toBundleName(baseName, locale), format);
+ if (resourceName == null) {
+ return result;
+ }
URL url = loader.getResource(resourceName);
if (url != null) {
long lastModified = 0;
@@ -2938,6 +2944,15 @@
sb.append(bundleName.replace('.', '/')).append('.').append(suffix);
return sb.toString();
}
+
+ private String toResourceName0(String bundleName, String suffix) {
+ // application protocol check
+ if (bundleName.contains("://")) {
+ return null;
+ } else {
+ return toResourceName(bundleName, suffix);
+ }
+ }
}
private static class SingleFormatControl extends Control {
diff --git a/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java b/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java
index f0a0840..4408ff3 100644
--- a/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java
+++ b/jdk/src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java
@@ -334,6 +334,8 @@
if (vclass != fieldClass)
throw new ClassCastException();
+ if (vclass.isPrimitive())
+ throw new IllegalArgumentException("Must be reference type");
if (!Modifier.isVolatile(modifiers))
throw new IllegalArgumentException("Must be volatile type");
diff --git a/jdk/src/share/classes/java/util/logging/LogRecord.java b/jdk/src/share/classes/java/util/logging/LogRecord.java
index 50444f1..d9255f4 100644
--- a/jdk/src/share/classes/java/util/logging/LogRecord.java
+++ b/jdk/src/share/classes/java/util/logging/LogRecord.java
@@ -513,7 +513,13 @@
// If necessary, try to regenerate the resource bundle.
if (resourceBundleName != null) {
try {
- resourceBundle = ResourceBundle.getBundle(resourceBundleName);
+ // use system class loader to ensure the ResourceBundle
+ // instance is a different instance than null loader uses
+ final ResourceBundle bundle =
+ ResourceBundle.getBundle(resourceBundleName,
+ Locale.getDefault(),
+ ClassLoader.getSystemClassLoader());
+ resourceBundle = bundle;
} catch (MissingResourceException ex) {
// This is not a good place to throw an exception,
// so we simply leave the resourceBundle null.
diff --git a/jdk/src/share/classes/java/util/logging/Logger.java b/jdk/src/share/classes/java/util/logging/Logger.java
index 90cbb87..4629320 100644
--- a/jdk/src/share/classes/java/util/logging/Logger.java
+++ b/jdk/src/share/classes/java/util/logging/Logger.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1934,6 +1934,9 @@
}
setCallersClassLoaderRef(callersClass);
+ if (isSystemLogger && getCallersClassLoader() != null) {
+ checkPermission();
+ }
if (findResourceBundle(name, true) == null) {
// We've failed to find an expected ResourceBundle.
// unset the caller's ClassLoader since we were unable to find the
@@ -2168,11 +2171,13 @@
return trb;
}
final String rbName = isSystemLogger
- ? trb.resourceBundleName
+ // ancestor of a system logger is expected to be a system logger.
+ // ignore resource bundle name if it's not.
+ ? (target.isSystemLogger ? trb.resourceBundleName : null)
: target.getResourceBundleName();
if (rbName != null) {
return LoggerBundle.get(rbName,
- findResourceBundle(rbName, true));
+ findResourceBundle(rbName, true));
}
target = isSystemLogger ? target.parent : target.getParent();
}
diff --git a/jdk/src/share/classes/javax/crypto/CipherInputStream.java b/jdk/src/share/classes/javax/crypto/CipherInputStream.java
index 0e80a60..d777ca0 100644
--- a/jdk/src/share/classes/javax/crypto/CipherInputStream.java
+++ b/jdk/src/share/classes/javax/crypto/CipherInputStream.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -88,6 +88,8 @@
private int ofinish = 0;
// stream status
private boolean closed = false;
+ // The stream has been read from. False if the stream has never been read.
+ private boolean read = false;
/**
* private convenience function.
@@ -103,13 +105,15 @@
private int getMoreData() throws IOException {
if (done) return -1;
int readin = input.read(ibuffer);
+ read = true;
if (readin == -1) {
done = true;
try {
obuffer = cipher.doFinal();
+ } catch (IllegalBlockSizeException | BadPaddingException e) {
+ obuffer = null;
+ throw new IOException(e);
}
- catch (IllegalBlockSizeException e) {obuffer = null;}
- catch (BadPaddingException e) {obuffer = null;}
if (obuffer == null)
return -1;
else {
@@ -120,7 +124,10 @@
}
try {
obuffer = cipher.update(ibuffer, 0, readin);
- } catch (IllegalStateException e) {obuffer = null;};
+ } catch (IllegalStateException e) {
+ obuffer = null;
+ throw e;
+ }
ostart = 0;
if (obuffer == null)
ofinish = 0;
@@ -308,6 +315,11 @@
}
}
catch (BadPaddingException | IllegalBlockSizeException ex) {
+ /* If no data has been read from the stream to be en/decrypted,
+ we supress any exceptions, and close quietly. */
+ if (read) {
+ throw new IOException(ex);
+ }
}
ostart = 0;
ofinish = 0;
diff --git a/jdk/src/share/classes/javax/swing/filechooser/FileSystemView.java b/jdk/src/share/classes/javax/swing/filechooser/FileSystemView.java
index f62d69c..b1d9d1f 100644
--- a/jdk/src/share/classes/javax/swing/filechooser/FileSystemView.java
+++ b/jdk/src/share/classes/javax/swing/filechooser/FileSystemView.java
@@ -718,7 +718,8 @@
* @return the Desktop folder.
*/
public File getHomeDirectory() {
- return getRoots()[0];
+ File[] roots = getRoots();
+ return (roots.length == 0) ? null : roots[0];
}
/**
diff --git a/jdk/src/share/classes/sun/awt/AppContext.java b/jdk/src/share/classes/sun/awt/AppContext.java
index 5959e54..fbee507 100644
--- a/jdk/src/share/classes/sun/awt/AppContext.java
+++ b/jdk/src/share/classes/sun/awt/AppContext.java
@@ -331,6 +331,20 @@
while (context == null) {
threadGroup = threadGroup.getParent();
if (threadGroup == null) {
+ // We've got up to the root thread group and did not find an AppContext
+ // Try to get it from the security manager
+ SecurityManager securityManager = System.getSecurityManager();
+ if (securityManager != null) {
+ ThreadGroup smThreadGroup = securityManager.getThreadGroup();
+ if (smThreadGroup != null) {
+ /*
+ * If we get this far then it's likely that
+ * the ThreadGroup does not actually belong
+ * to the applet, so do not cache it.
+ */
+ return threadGroup2appContext.get(smThreadGroup);
+ }
+ }
return null;
}
context = threadGroup2appContext.get(threadGroup);
diff --git a/jdk/src/share/classes/sun/awt/image/BytePackedRaster.java b/jdk/src/share/classes/sun/awt/image/BytePackedRaster.java
index bd3835d..3e60f19 100644
--- a/jdk/src/share/classes/sun/awt/image/BytePackedRaster.java
+++ b/jdk/src/share/classes/sun/awt/image/BytePackedRaster.java
@@ -1408,10 +1408,10 @@
}
}
- int lastbit = (dataBitOffset
- + (height-1) * scanlineStride * 8
- + (width-1) * pixelBitStride
- + pixelBitStride - 1);
+ long lastbit = (long) dataBitOffset
+ + (long) (height - 1) * (long) scanlineStride * 8
+ + (long) (width - 1) * (long) pixelBitStride
+ + (long) pixelBitStride - 1;
if (lastbit < 0 || lastbit / 8 >= data.length) {
throw new RasterFormatException("raster dimensions overflow " +
"array bounds");
diff --git a/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java b/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java
index a95aefb..fc870fc 100644
--- a/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java
+++ b/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java
@@ -102,19 +102,24 @@
case PUBLIC:
return true; // already checked above
case PROTECTED:
+ assert !defc.isInterface(); // protected members aren't allowed in interfaces
if ((allowedModes & PROTECTED_OR_PACKAGE_ALLOWED) != 0 &&
isSamePackage(defc, lookupClass))
return true;
if ((allowedModes & PROTECTED) == 0)
return false;
+ // Protected members are accessible by subclasses, which does not include interfaces.
+ // Interfaces are types, not classes. They should not have access to
+ // protected members in j.l.Object, even though it is their superclass.
if ((mods & STATIC) != 0 &&
!isRelatedClass(refc, lookupClass))
return false;
if ((allowedModes & PROTECTED) != 0 &&
- isSuperClass(defc, lookupClass))
+ isSubClass(lookupClass, defc))
return true;
return false;
case PACKAGE_ONLY: // That is, zero. Unmarked member is package-only access.
+ assert !defc.isInterface(); // package-private members aren't allowed in interfaces
return ((allowedModes & PACKAGE_ALLOWED) != 0 &&
isSamePackage(defc, lookupClass));
case PRIVATE:
@@ -129,12 +134,13 @@
static boolean isRelatedClass(Class<?> refc, Class<?> lookupClass) {
return (refc == lookupClass ||
- refc.isAssignableFrom(lookupClass) ||
- lookupClass.isAssignableFrom(refc));
+ isSubClass(refc, lookupClass) ||
+ isSubClass(lookupClass, refc));
}
- static boolean isSuperClass(Class<?> defc, Class<?> lookupClass) {
- return defc.isAssignableFrom(lookupClass);
+ static boolean isSubClass(Class<?> lookupClass, Class<?> defc) {
+ return defc.isAssignableFrom(lookupClass) &&
+ !lookupClass.isInterface(); // interfaces are types, not classes.
}
static int getClassModifiers(Class<?> c) {
diff --git a/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java b/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java
index fe32f63..4a73c99 100644
--- a/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java
+++ b/jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java
@@ -755,6 +755,26 @@
// set or refresh local address
localAddress = Net.localAddress(fd);
+
+ // flush any packets already received.
+ boolean blocking = false;
+ synchronized (blockingLock()) {
+ try {
+ blocking = isBlocking();
+ // remainder of each packet thrown away
+ ByteBuffer tmpBuf = ByteBuffer.allocate(1);
+ if (blocking) {
+ configureBlocking(false);
+ }
+ do {
+ tmpBuf.clear();
+ } while (read(tmpBuf) > 0);
+ } finally {
+ if (blocking) {
+ configureBlocking(true);
+ }
+ }
+ }
}
}
}
diff --git a/jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java b/jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java
index 6e73de7..120fe7a 100644
--- a/jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java
+++ b/jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,6 @@
import java.lang.reflect.*;
import java.io.Serializable;
import java.util.*;
-import java.lang.annotation.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
@@ -45,6 +44,11 @@
private final Map<String, Object> memberValues;
AnnotationInvocationHandler(Class<? extends Annotation> type, Map<String, Object> memberValues) {
+ Class<?>[] superInterfaces = type.getInterfaces();
+ if (!type.isAnnotation() ||
+ superInterfaces.length != 1 ||
+ superInterfaces[0] != java.lang.annotation.Annotation.class)
+ throw new AnnotationFormatError("Attempt to create proxy for a non-annotation type.");
this.type = type;
this.memberValues = memberValues;
}
@@ -57,13 +61,17 @@
if (member.equals("equals") && paramTypes.length == 1 &&
paramTypes[0] == Object.class)
return equalsImpl(args[0]);
- assert paramTypes.length == 0;
- if (member.equals("toString"))
+ if (paramTypes.length != 0)
+ throw new AssertionError("Too many parameters for an annotation method");
+
+ switch(member) {
+ case "toString":
return toStringImpl();
- if (member.equals("hashCode"))
+ case "hashCode":
return hashCodeImpl();
- if (member.equals("annotationType"))
+ case "annotationType":
return type;
+ }
// Handle annotation member accessors
Object result = memberValues.get(member);
@@ -129,7 +137,7 @@
* Implementation of dynamicProxy.toString()
*/
private String toStringImpl() {
- StringBuffer result = new StringBuffer(128);
+ StringBuilder result = new StringBuilder(128);
result.append('@');
result.append(type.getName());
result.append('(');
@@ -277,6 +285,7 @@
new PrivilegedAction<Method[]>() {
public Method[] run() {
final Method[] mm = type.getDeclaredMethods();
+ validateAnnotationMethods(mm);
AccessibleObject.setAccessible(mm, true);
return mm;
}
@@ -287,6 +296,94 @@
private transient volatile Method[] memberMethods = null;
/**
+ * Validates that a method is structurally appropriate for an
+ * annotation type. As of Java SE 8, annotation types cannot
+ * contain static methods and the declared methods of an
+ * annotation type must take zero arguments and there are
+ * restrictions on the return type.
+ */
+ private void validateAnnotationMethods(Method[] memberMethods) {
+ /*
+ * Specification citations below are from JLS
+ * 9.6.1. Annotation Type Elements
+ */
+ boolean valid = true;
+ for(Method method : memberMethods) {
+ /*
+ * "By virtue of the AnnotationTypeElementDeclaration
+ * production, a method declaration in an annotation type
+ * declaration cannot have formal parameters, type
+ * parameters, or a throws clause.
+ *
+ * "By virtue of the AnnotationTypeElementModifier
+ * production, a method declaration in an annotation type
+ * declaration cannot be default or static."
+ */
+ if (method.getModifiers() != (Modifier.PUBLIC | Modifier.ABSTRACT) ||
+ method.isDefault() ||
+ method.getParameterCount() != 0 ||
+ method.getExceptionTypes().length != 0) {
+ valid = false;
+ break;
+ }
+
+ /*
+ * "It is a compile-time error if the return type of a
+ * method declared in an annotation type is not one of the
+ * following: a primitive type, String, Class, any
+ * parameterized invocation of Class, an enum type
+ * (section 8.9), an annotation type, or an array type
+ * (chapter 10) whose element type is one of the preceding
+ * types."
+ */
+ Class<?> returnType = method.getReturnType();
+ if (returnType.isArray()) {
+ returnType = returnType.getComponentType();
+ if (returnType.isArray()) { // Only single dimensional arrays
+ valid = false;
+ break;
+ }
+ }
+
+ if (!((returnType.isPrimitive() && returnType != void.class) ||
+ returnType == java.lang.String.class ||
+ returnType == java.lang.Class.class ||
+ returnType.isEnum() ||
+ returnType.isAnnotation())) {
+ valid = false;
+ break;
+ }
+
+ /*
+ * "It is a compile-time error if any method declared in an
+ * annotation type has a signature that is
+ * override-equivalent to that of any public or protected
+ * method declared in class Object or in the interface
+ * java.lang.annotation.Annotation."
+ *
+ * The methods in Object or Annotation meeting the other
+ * criteria (no arguments, contrained return type, etc.)
+ * above are:
+ *
+ * String toString()
+ * int hashCode()
+ * Class<? extends Annotation> annotationType()
+ */
+ String methodName = method.getName();
+ if ((methodName.equals("toString") && returnType == java.lang.String.class) ||
+ (methodName.equals("hashCode") && returnType == int.class) ||
+ (methodName.equals("annotationType") && returnType == java.lang.Class.class)) {
+ valid = false;
+ break;
+ }
+ }
+ if (valid)
+ return;
+ else
+ throw new AnnotationFormatError("Malformed method on an annotation type");
+ }
+
+ /**
* Implementation of dynamicProxy.hashCode()
*/
private int hashCodeImpl() {
@@ -330,7 +427,6 @@
throws java.io.IOException, ClassNotFoundException {
s.defaultReadObject();
-
// Check to make sure that types have not evolved incompatibly
AnnotationType annotationType = null;
@@ -343,7 +439,6 @@
Map<String, Class<?>> memberTypes = annotationType.memberTypes();
-
// If there are annotation members without values, that
// situation is handled by the invoke method.
for (Map.Entry<String, Object> memberValue : memberValues.entrySet()) {
diff --git a/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java b/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
index 5bfb6a7..bd97248 100644
--- a/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
+++ b/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -125,19 +125,18 @@
try {
- long[] handles = generateECKeyPair(keySize, encodedParams, seed);
+ Object[] keyBytes = generateECKeyPair(keySize, encodedParams, seed);
// The 'params' object supplied above is equivalent to the native
// one so there is no need to fetch it.
-
- // handles[0] points to the native private key
- BigInteger s = new BigInteger(1, getEncodedBytes(handles[0]));
+ // keyBytes[0] is the encoding of the native private key
+ BigInteger s = new BigInteger(1, (byte[])keyBytes[0]);
PrivateKey privateKey =
new ECPrivateKeyImpl(s, (ECParameterSpec)params);
- // handles[1] points to the native public key
- ECPoint w = ECUtil.decodePoint(getEncodedBytes(handles[1]),
+ // keyBytes[1] is the encoding of the native public key
+ ECPoint w = ECUtil.decodePoint((byte[])keyBytes[1],
((ECParameterSpec)params).getCurve());
PublicKey publicKey =
new ECPublicKeyImpl(w, (ECParameterSpec)params);
@@ -162,14 +161,9 @@
}
/*
- * Generates the keypair and returns a 2-element array of handles.
- * The first handle points to the private key, the second to the public key.
+ * Generates the keypair and returns a 2-element array of encoding bytes.
+ * The first one is for the private key, the second for the public key.
*/
- private static native long[] generateECKeyPair(int keySize,
+ private static native Object[] generateECKeyPair(int keySize,
byte[] encodedParams, byte[] seed) throws GeneralSecurityException;
-
- /*
- * Extracts the encoded key data using the supplied handle.
- */
- private static native byte[] getEncodedBytes(long handle);
}
diff --git a/jdk/src/share/classes/sun/security/rsa/RSACore.java b/jdk/src/share/classes/sun/security/rsa/RSACore.java
index c34f6a4..81b4e3f 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSACore.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSACore.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -50,6 +50,15 @@
*/
public final class RSACore {
+ // globally enable/disable use of blinding
+ private final static boolean ENABLE_BLINDING = true;
+
+ // cache for blinding parameters. Map<BigInteger, BlindingParameters>
+ // use a weak hashmap so that cached values are automatically cleared
+ // when the modulus is GC'ed
+ private final static Map<BigInteger, BlindingParameters>
+ blindingCache = new WeakHashMap<>();
+
private RSACore() {
// empty
}
@@ -100,12 +109,12 @@
if (key instanceof RSAPrivateCrtKey) {
return crtCrypt(msg, (RSAPrivateCrtKey)key);
} else {
- return crypt(msg, key.getModulus(), key.getPrivateExponent());
+ return priCrypt(msg, key.getModulus(), key.getPrivateExponent());
}
}
/**
- * RSA public key ops and non-CRT private key ops. Simple modPow().
+ * RSA public key ops. Simple modPow().
*/
private static byte[] crypt(byte[] msg, BigInteger n, BigInteger exp)
throws BadPaddingException {
@@ -115,22 +124,29 @@
}
/**
+ * RSA non-CRT private key operations.
+ */
+ private static byte[] priCrypt(byte[] msg, BigInteger n, BigInteger exp)
+ throws BadPaddingException {
+
+ BigInteger c = parseMsg(msg, n);
+ BlindingRandomPair brp = null;
+ BigInteger m;
+ if (ENABLE_BLINDING) {
+ brp = getBlindingRandomPair(null, exp, n);
+ c = c.multiply(brp.u).mod(n);
+ m = c.modPow(exp, n);
+ m = m.multiply(brp.v).mod(n);
+ } else {
+ m = c.modPow(exp, n);
+ }
+
+ return toByteArray(m, getByteLength(n));
+ }
+
+ /**
* RSA private key operations with CRT. Algorithm and variable naming
* are taken from PKCS#1 v2.1, section 5.1.2.
- *
- * The only difference is the addition of blinding to twart timing attacks.
- * This is described in the RSA Bulletin#2 (Jan 96) among other places.
- * This means instead of implementing RSA as
- * m = c ^ d mod n (or RSA in CRT variant)
- * we do
- * r = random(0, n-1)
- * c' = c * r^e mod n
- * m' = c' ^ d mod n (or RSA in CRT variant)
- * m = m' * r^-1 mod n (where r^-1 is the modular inverse of r mod n)
- * This works because r^(e*d) * r^-1 = r * r^-1 = 1 (all mod n)
- *
- * We do not generate new blinding parameters for each operation but reuse
- * them BLINDING_MAX_REUSE times (see definition below).
*/
private static byte[] crtCrypt(byte[] msg, RSAPrivateCrtKey key)
throws BadPaddingException {
@@ -141,13 +157,13 @@
BigInteger dP = key.getPrimeExponentP();
BigInteger dQ = key.getPrimeExponentQ();
BigInteger qInv = key.getCrtCoefficient();
+ BigInteger e = key.getPublicExponent();
+ BigInteger d = key.getPrivateExponent();
- BlindingParameters params;
+ BlindingRandomPair brp;
if (ENABLE_BLINDING) {
- params = getBlindingParameters(key);
- c = c.multiply(params.re).mod(n);
- } else {
- params = null;
+ brp = getBlindingRandomPair(e, d, n);
+ c = c.multiply(brp.u).mod(n);
}
// m1 = c ^ dP mod p
@@ -165,8 +181,8 @@
// m = m2 + q * h
BigInteger m = h.multiply(q).add(m2);
- if (params != null) {
- m = m.multiply(params.rInv).mod(n);
+ if (ENABLE_BLINDING) {
+ m = m.multiply(brp.v).mod(n);
}
return toByteArray(m, getByteLength(n));
@@ -208,82 +224,217 @@
return t;
}
- // globally enable/disable use of blinding
- private final static boolean ENABLE_BLINDING = true;
+ /**
+ * Parameters (u,v) for RSA Blinding. This is described in the RSA
+ * Bulletin#2 (Jan 96) and other places:
+ *
+ * ftp://ftp.rsa.com/pub/pdfs/bull-2.pdf
+ *
+ * The standard RSA Blinding decryption requires the public key exponent
+ * (e) and modulus (n), and converts ciphertext (c) to plaintext (p).
+ *
+ * Before the modular exponentiation operation, the input message should
+ * be multiplied by (u (mod n)), and afterward the result is corrected
+ * by multiplying with (v (mod n)). The system should reject messages
+ * equal to (0 (mod n)). That is:
+ *
+ * 1. Generate r between 0 and n-1, relatively prime to n.
+ * 2. Compute x = (c*u) mod n
+ * 3. Compute y = (x^d) mod n
+ * 4. Compute p = (y*v) mod n
+ *
+ * The Java APIs allows for either standard RSAPrivateKey or
+ * RSAPrivateCrtKey RSA keys.
+ *
+ * If the public exponent is available to us (e.g. RSAPrivateCrtKey),
+ * choose a random r, then let (u, v):
+ *
+ * u = r ^ e mod n
+ * v = r ^ (-1) mod n
+ *
+ * The proof follows:
+ *
+ * p = (((c * u) ^ d mod n) * v) mod n
+ * = ((c ^ d) * (u ^ d) * v) mod n
+ * = ((c ^ d) * (r ^ e) ^ d) * (r ^ (-1))) mod n
+ * = ((c ^ d) * (r ^ (e * d)) * (r ^ (-1))) mod n
+ * = ((c ^ d) * (r ^ 1) * (r ^ (-1))) mod n (see below)
+ * = (c ^ d) mod n
+ *
+ * because in RSA cryptosystem, d is the multiplicative inverse of e:
+ *
+ * (r^(e * d)) mod n
+ * = (r ^ 1) mod n
+ * = r mod n
+ *
+ * However, if the public exponent is not available (e.g. RSAPrivateKey),
+ * we mitigate the timing issue by using a similar random number blinding
+ * approach using the private key:
+ *
+ * u = r
+ * v = ((r ^ (-1)) ^ d) mod n
+ *
+ * This returns the same plaintext because:
+ *
+ * p = (((c * u) ^ d mod n) * v) mod n
+ * = ((c ^ d) * (u ^ d) * v) mod n
+ * = ((c ^ d) * (u ^ d) * ((u ^ (-1)) ^d)) mod n
+ * = (c ^ d) mod n
+ *
+ * Computing inverses mod n and random number generation is slow, so
+ * it is often not practical to generate a new random (u, v) pair for
+ * each new exponentiation. The calculation of parameters might even be
+ * subject to timing attacks. However, (u, v) pairs should not be
+ * reused since they themselves might be compromised by timing attacks,
+ * leaving the private exponent vulnerable. An efficient solution to
+ * this problem is update u and v before each modular exponentiation
+ * step by computing:
+ *
+ * u = u ^ 2
+ * v = v ^ 2
+ *
+ * The total performance cost is small.
+ */
+ private final static class BlindingRandomPair {
+ final BigInteger u;
+ final BigInteger v;
- // maximum number of times that we will use a set of blinding parameters
- // value suggested by Paul Kocher (quoted by NSS)
- private final static int BLINDING_MAX_REUSE = 50;
-
- // cache for blinding parameters. Map<BigInteger, BlindingParameters>
- // use a weak hashmap so that cached values are automatically cleared
- // when the modulus is GC'ed
- private final static Map<BigInteger, BlindingParameters> blindingCache =
- new WeakHashMap<>();
+ BlindingRandomPair(BigInteger u, BigInteger v) {
+ this.u = u;
+ this.v = v;
+ }
+ }
/**
* Set of blinding parameters for a given RSA key.
*
* The RSA modulus is usually unique, so we index by modulus in
- * blindingCache. However, to protect against the unlikely case of two
- * keys sharing the same modulus, we also store the public exponent.
- * This means we cannot cache blinding parameters for multiple keys that
- * share the same modulus, but since sharing moduli is fundamentally broken
- * an insecure, this does not matter.
+ * {@code blindingCache}. However, to protect against the unlikely
+ * case of two keys sharing the same modulus, we also store the public
+ * or the private exponent. This means we cannot cache blinding
+ * parameters for multiple keys that share the same modulus, but
+ * since sharing moduli is fundamentally broken and insecure, this
+ * does not matter.
*/
- private static final class BlindingParameters {
- // e (RSA public exponent)
- final BigInteger e;
- // r ^ e mod n
- final BigInteger re;
- // inverse of r mod n
- final BigInteger rInv;
- // how many more times this parameter object can be used
- private volatile int remainingUses;
- BlindingParameters(BigInteger e, BigInteger re, BigInteger rInv) {
+ private final static class BlindingParameters {
+ private final static BigInteger BIG_TWO = BigInteger.valueOf(2L);
+
+ // RSA public exponent
+ private final BigInteger e;
+
+ // hash code of RSA private exponent
+ private final BigInteger d;
+
+ // r ^ e mod n (CRT), or r mod n (Non-CRT)
+ private BigInteger u;
+
+ // r ^ (-1) mod n (CRT) , or ((r ^ (-1)) ^ d) mod n (Non-CRT)
+ private BigInteger v;
+
+ // e: the public exponent
+ // d: the private exponent
+ // n: the modulus
+ BlindingParameters(BigInteger e, BigInteger d, BigInteger n) {
+ this.u = null;
+ this.v = null;
this.e = e;
- this.re = re;
- this.rInv = rInv;
- // initialize remaining uses, subtract current use now
- remainingUses = BLINDING_MAX_REUSE - 1;
+ this.d = d;
+
+ int len = n.bitLength();
+ SecureRandom random = JCAUtil.getSecureRandom();
+ u = new BigInteger(len, random).mod(n);
+ // Although the possibility is very much limited that u is zero
+ // or is not relatively prime to n, we still want to be careful
+ // about the special value.
+ //
+ // Secure random generation is expensive, try to use BigInteger.ONE
+ // this time if this new generated random number is zero or is not
+ // relatively prime to n. Next time, new generated secure random
+ // number will be used instead.
+ if (u.equals(BigInteger.ZERO)) {
+ u = BigInteger.ONE; // use 1 this time
+ }
+
+ try {
+ // The call to BigInteger.modInverse() checks that u is
+ // relatively prime to n. Otherwise, ArithmeticException is
+ // thrown.
+ v = u.modInverse(n);
+ } catch (ArithmeticException ae) {
+ // if u is not relatively prime to n, use 1 this time
+ u = BigInteger.ONE;
+ v = BigInteger.ONE;
+ }
+
+ if (e != null) {
+ u = u.modPow(e, n); // e: the public exponent
+ // u: random ^ e
+ // v: random ^ (-1)
+ } else {
+ v = v.modPow(d, n); // d: the private exponent
+ // u: random
+ // v: random ^ (-d)
+ }
}
- boolean valid(BigInteger e) {
- int k = remainingUses--;
- return (k > 0) && this.e.equals(e);
+
+ // return null if need to reset the parameters
+ BlindingRandomPair getBlindingRandomPair(
+ BigInteger e, BigInteger d, BigInteger n) {
+
+ if ((this.e != null && this.e.equals(e)) ||
+ (this.d != null && this.d.equals(d))) {
+
+ BlindingRandomPair brp = null;
+ synchronized (this) {
+ if (!u.equals(BigInteger.ZERO) &&
+ !v.equals(BigInteger.ZERO)) {
+
+ brp = new BlindingRandomPair(u, v);
+ if (u.compareTo(BigInteger.ONE) <= 0 ||
+ v.compareTo(BigInteger.ONE) <= 0) {
+
+ // need to reset the random pair next time
+ u = BigInteger.ZERO;
+ v = BigInteger.ZERO;
+ } else {
+ u = u.modPow(BIG_TWO, n);
+ v = v.modPow(BIG_TWO, n);
+ }
+ } // Otherwise, need to reset the random pair.
+ }
+ return brp;
+ }
+
+ return null;
}
}
- /**
- * Return valid RSA blinding parameters for the given private key.
- * Use cached parameters if available. If not, generate new parameters
- * and cache.
- */
- private static BlindingParameters getBlindingParameters
- (RSAPrivateCrtKey key) {
- BigInteger modulus = key.getModulus();
- BigInteger e = key.getPublicExponent();
- BlindingParameters params;
- // we release the lock between get() and put()
- // that means threads might concurrently generate new blinding
- // parameters for the same modulus. this is only a slight waste
- // of cycles and seems preferable in terms of scalability
- // to locking out all threads while generating new parameters
+ private static BlindingRandomPair getBlindingRandomPair(
+ BigInteger e, BigInteger d, BigInteger n) {
+
+ BlindingParameters bps = null;
synchronized (blindingCache) {
- params = blindingCache.get(modulus);
+ bps = blindingCache.get(n);
}
- if ((params != null) && params.valid(e)) {
- return params;
+
+ if (bps == null) {
+ bps = new BlindingParameters(e, d, n);
+ synchronized (blindingCache) {
+ blindingCache.putIfAbsent(n, bps);
+ }
}
- int len = modulus.bitLength();
- SecureRandom random = JCAUtil.getSecureRandom();
- BigInteger r = new BigInteger(len, random).mod(modulus);
- BigInteger re = r.modPow(e, modulus);
- BigInteger rInv = r.modInverse(modulus);
- params = new BlindingParameters(e, re, rInv);
- synchronized (blindingCache) {
- blindingCache.put(modulus, params);
+
+ BlindingRandomPair brp = bps.getBlindingRandomPair(e, d, n);
+ if (brp == null) {
+ // need to reset the blinding parameters
+ bps = new BlindingParameters(e, d, n);
+ synchronized (blindingCache) {
+ blindingCache.replace(n, bps);
+ }
+ brp = bps.getBlindingRandomPair(e, d, n);
}
- return params;
+
+ return brp;
}
}
diff --git a/jdk/src/share/classes/sun/security/ssl/CipherSuite.java b/jdk/src/share/classes/sun/security/ssl/CipherSuite.java
index 528b369..7035171 100644
--- a/jdk/src/share/classes/sun/security/ssl/CipherSuite.java
+++ b/jdk/src/share/classes/sun/security/ssl/CipherSuite.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -968,7 +968,7 @@
* 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
* changed later, see below).
* 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
- * AES_128(GCM), AES_256, AES_128, RC-4, 3DES-EDE.
+ * AES_128(GCM), AES_256, AES_128, 3DES-EDE, RC-4.
* 3. Prefer the stronger MAC algorithm, in the order of SHA384,
* SHA256, SHA, MD5.
* 4. Prefer the better performance of key exchange and digital
@@ -1055,18 +1055,6 @@
add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
0x0032, --p, K_DHE_DSS, B_AES_128, T);
- // RC-4
- add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
- 0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
- add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
- 0xC011, --p, K_ECDHE_RSA, B_RC4_128, N);
- add("SSL_RSA_WITH_RC4_128_SHA",
- 0x0005, --p, K_RSA, B_RC4_128, N);
- add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
- 0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N);
- add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
- 0xC00C, --p, K_ECDH_RSA, B_RC4_128, N);
-
// Cipher suites in GCM mode, see RFC 5288/5289.
//
// We may increase the priority of cipher suites in GCM mode when
@@ -1127,6 +1115,17 @@
add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
0x0013, --p, K_DHE_DSS, B_3DES, N);
+ // RC-4
+ add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ 0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
+ add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ 0xC011, --p, K_ECDHE_RSA, B_RC4_128, N);
+ add("SSL_RSA_WITH_RC4_128_SHA",
+ 0x0005, --p, K_RSA, B_RC4_128, N);
+ add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ 0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N);
+ add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
+ 0xC00C, --p, K_ECDH_RSA, B_RC4_128, N);
add("SSL_RSA_WITH_RC4_128_MD5",
0x0004, --p, K_RSA, B_RC4_128, N);
@@ -1146,7 +1145,7 @@
* 2. If a cipher suite has been obsoleted, we put it at the end of
* the list.
* 3. Prefer the stronger bulk cipher, in the order of AES_256,
- * AES_128, RC-4, 3DES-EDE, DES, RC4_40, DES40, NULL.
+ * AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
* 4. Prefer the stronger MAC algorithm, in the order of SHA384,
* SHA256, SHA, MD5.
* 5. Prefer the better performance of key exchange and digital
@@ -1174,15 +1173,40 @@
add("TLS_DH_anon_WITH_AES_128_CBC_SHA",
0x0034, --p, K_DH_ANON, B_AES_128, N);
+ add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ 0xC017, --p, K_ECDH_ANON, B_3DES, N);
+ add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ 0x001b, --p, K_DH_ANON, B_3DES, N);
+
add("TLS_ECDH_anon_WITH_RC4_128_SHA",
0xC016, --p, K_ECDH_ANON, B_RC4_128, N);
add("SSL_DH_anon_WITH_RC4_128_MD5",
0x0018, --p, K_DH_ANON, B_RC4_128, N);
- add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
- 0xC017, --p, K_ECDH_ANON, B_3DES, N);
- add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
- 0x001b, --p, K_DH_ANON, B_3DES, N);
+ // weak cipher suites obsoleted in TLS 1.2
+ add("SSL_RSA_WITH_DES_CBC_SHA",
+ 0x0009, --p, K_RSA, B_DES, N, tls12);
+ add("SSL_DHE_RSA_WITH_DES_CBC_SHA",
+ 0x0015, --p, K_DHE_RSA, B_DES, N, tls12);
+ add("SSL_DHE_DSS_WITH_DES_CBC_SHA",
+ 0x0012, --p, K_DHE_DSS, B_DES, N, tls12);
+ add("SSL_DH_anon_WITH_DES_CBC_SHA",
+ 0x001a, --p, K_DH_ANON, B_DES, N, tls12);
+
+ // weak cipher suites obsoleted in TLS 1.1
+ add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ 0x0008, --p, K_RSA_EXPORT, B_DES_40, N, tls11);
+ add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ 0x0014, --p, K_DHE_RSA, B_DES_40, N, tls11);
+ add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ 0x0011, --p, K_DHE_DSS, B_DES_40, N, tls11);
+ add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+ 0x0019, --p, K_DH_ANON, B_DES_40, N, tls11);
+
+ add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+ 0x0003, --p, K_RSA_EXPORT, B_RC4_40, N, tls11);
+ add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+ 0x0017, --p, K_DH_ANON, B_RC4_40, N, tls11);
add("TLS_RSA_WITH_NULL_SHA256",
0x003b, --p, K_RSA, B_NULL, N, max, tls12, P_SHA256);
@@ -1201,52 +1225,27 @@
add("SSL_RSA_WITH_NULL_MD5",
0x0001, --p, K_RSA, B_NULL, N);
- // weak cipher suites obsoleted in TLS 1.2
- add("SSL_RSA_WITH_DES_CBC_SHA",
- 0x0009, --p, K_RSA, B_DES, N, tls12);
- add("SSL_DHE_RSA_WITH_DES_CBC_SHA",
- 0x0015, --p, K_DHE_RSA, B_DES, N, tls12);
- add("SSL_DHE_DSS_WITH_DES_CBC_SHA",
- 0x0012, --p, K_DHE_DSS, B_DES, N, tls12);
- add("SSL_DH_anon_WITH_DES_CBC_SHA",
- 0x001a, --p, K_DH_ANON, B_DES, N, tls12);
-
- // weak cipher suites obsoleted in TLS 1.1
- add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",
- 0x0003, --p, K_RSA_EXPORT, B_RC4_40, N, tls11);
- add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
- 0x0017, --p, K_DH_ANON, B_RC4_40, N, tls11);
-
- add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
- 0x0008, --p, K_RSA_EXPORT, B_DES_40, N, tls11);
- add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
- 0x0014, --p, K_DHE_RSA, B_DES_40, N, tls11);
- add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
- 0x0011, --p, K_DHE_DSS, B_DES_40, N, tls11);
- add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
- 0x0019, --p, K_DH_ANON, B_DES_40, N, tls11);
-
// Supported Kerberos ciphersuites from RFC2712
- add("TLS_KRB5_WITH_RC4_128_SHA",
- 0x0020, --p, K_KRB5, B_RC4_128, N);
- add("TLS_KRB5_WITH_RC4_128_MD5",
- 0x0024, --p, K_KRB5, B_RC4_128, N);
add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
0x001f, --p, K_KRB5, B_3DES, N);
add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
0x0023, --p, K_KRB5, B_3DES, N);
+ add("TLS_KRB5_WITH_RC4_128_SHA",
+ 0x0020, --p, K_KRB5, B_RC4_128, N);
+ add("TLS_KRB5_WITH_RC4_128_MD5",
+ 0x0024, --p, K_KRB5, B_RC4_128, N);
add("TLS_KRB5_WITH_DES_CBC_SHA",
0x001e, --p, K_KRB5, B_DES, N, tls12);
add("TLS_KRB5_WITH_DES_CBC_MD5",
0x0022, --p, K_KRB5, B_DES, N, tls12);
- add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
- 0x0028, --p, K_KRB5_EXPORT, B_RC4_40, N, tls11);
- add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
- 0x002b, --p, K_KRB5_EXPORT, B_RC4_40, N, tls11);
add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
0x0026, --p, K_KRB5_EXPORT, B_DES_40, N, tls11);
add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
0x0029, --p, K_KRB5_EXPORT, B_DES_40, N, tls11);
+ add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+ 0x0028, --p, K_KRB5_EXPORT, B_RC4_40, N, tls11);
+ add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
+ 0x002b, --p, K_KRB5_EXPORT, B_RC4_40, N, tls11);
/*
* Other values from the TLS Cipher Suite Registry, as of August 2010.
diff --git a/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java b/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java
index 5c3abbc..5108528 100644
--- a/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java
+++ b/jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,8 @@
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
+import java.security.cert.CertificateParsingException;
+import javax.security.auth.x500.X500Principal;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -89,12 +91,66 @@
private final static boolean enableSNIExtension =
Debug.getBooleanProperty("jsse.enableSNIExtension", true);
+ /*
+ * Allow unsafe server certificate change?
+ *
+ * Server certificate change during SSL/TLS renegotiation may be considered
+ * unsafe, as described in the Triple Handshake attacks:
+ *
+ * https://secure-resumption.com/tlsauth.pdf
+ *
+ * Endpoint identification (See
+ * SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice
+ * guarantee that the server certificate change in renegotiation is legal.
+ * However, endpoing identification is only enabled for HTTPS and LDAP
+ * over SSL/TLS by default. It is not enough to protect SSL/TLS
+ * connections other than HTTPS and LDAP.
+ *
+ * The renegotiation indication extension (See RFC 5764) is a pretty
+ * strong guarantee that the endpoints on both client and server sides
+ * are identical on the same connection. However, the Triple Handshake
+ * attacks can bypass this guarantee if there is a session-resumption
+ * handshake between the initial full handshake and the renegotiation
+ * full handshake.
+ *
+ * Server certificate change may be unsafe and should be restricted if
+ * endpoint identification is not enabled and the previous handshake is
+ * a session-resumption abbreviated initial handshake, unless the
+ * identities represented by both certificates can be regraded as the
+ * same (See isIdentityEquivalent()).
+ *
+ * Considering the compatibility impact and the actual requirements to
+ * support server certificate change in practice, the system property,
+ * jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe
+ * server certificate change in renegotiation is allowed or not. The
+ * default value of the system property is "false". To mitigate the
+ * compactibility impact, applications may want to set the system
+ * property to "true" at their own risk.
+ *
+ * If the value of the system property is "false", server certificate
+ * change in renegotiation after a session-resumption abbreviated initial
+ * handshake is restricted (See isIdentityEquivalent()).
+ *
+ * If the system property is set to "true" explicitly, the restriction on
+ * server certificate change in renegotiation is disabled.
+ */
+ private final static boolean allowUnsafeServerCertChange =
+ Debug.getBooleanProperty("jdk.tls.allowUnsafeServerCertChange", false);
+
private List<SNIServerName> requestedServerNames =
Collections.<SNIServerName>emptyList();
private boolean serverNamesAccepted = false;
/*
+ * the reserved server certificate chain in previous handshaking
+ *
+ * The server certificate chain is only reserved if the previous
+ * handshake is a session-resumption abbreviated initial handshake.
+ */
+ private X509Certificate[] reservedServerCerts = null;
+
+ /*
* Constructors
*/
ClientHandshaker(SSLSocketImpl socket, SSLContextImpl context,
@@ -555,14 +611,19 @@
// we wanted to resume, but the server refused
session = null;
if (!enableNewSession) {
- throw new SSLException
- ("New session creation is disabled");
+ throw new SSLException("New session creation is disabled");
}
}
}
if (resumingSession && session != null) {
setHandshakeSessionSE(session);
+ // Reserve the handshake state if this is a session-resumption
+ // abbreviated initial handshake.
+ if (isInitialHandshake) {
+ session.setAsSessionResumption(true);
+ }
+
return;
}
@@ -1064,6 +1125,13 @@
}
/*
+ * Reset the handshake state if this is not an initial handshake.
+ */
+ if (!isInitialHandshake) {
+ session.setAsSessionResumption(false);
+ }
+
+ /*
* OK, it verified. If we're doing the fast handshake, add that
* "Finished" message to the hash of handshake messages, then send
* our own change_cipher_spec and Finished message for the server
@@ -1161,8 +1229,23 @@
System.out.println("%% No cached client session");
}
}
- if ((session != null) && (session.isRejoinable() == false)) {
- session = null;
+ if (session != null) {
+ // If unsafe server certificate change is not allowed, reserve
+ // current server certificates if the previous handshake is a
+ // session-resumption abbreviated initial handshake.
+ if (!allowUnsafeServerCertChange && session.isSessionResumption()) {
+ try {
+ // If existing, peer certificate chain cannot be null.
+ reservedServerCerts =
+ (X509Certificate[])session.getPeerCertificates();
+ } catch (SSLPeerUnverifiedException puve) {
+ // Maybe not certificate-based, ignore the exception.
+ }
+ }
+
+ if (!session.isRejoinable()) {
+ session = null;
+ }
}
if (session != null) {
@@ -1331,9 +1414,28 @@
}
X509Certificate[] peerCerts = mesg.getCertificateChain();
if (peerCerts.length == 0) {
- fatalSE(Alerts.alert_bad_certificate,
- "empty certificate chain");
+ fatalSE(Alerts.alert_bad_certificate, "empty certificate chain");
}
+
+ // Allow server certificate change in client side during renegotiation
+ // after a session-resumption abbreviated initial handshake?
+ //
+ // DO NOT need to check allowUnsafeServerCertChange here. We only
+ // reserve server certificates when allowUnsafeServerCertChange is
+ // flase.
+ if (reservedServerCerts != null) {
+ // It is not necessary to check the certificate update if endpoint
+ // identification is enabled.
+ String identityAlg = getEndpointIdentificationAlgorithmSE();
+ if ((identityAlg == null || identityAlg.length() == 0) &&
+ !isIdentityEquivalent(peerCerts[0], reservedServerCerts[0])) {
+
+ fatalSE(Alerts.alert_bad_certificate,
+ "server certificate change is restricted " +
+ "during renegotiation");
+ }
+ }
+
// ask the trust manager to verify the chain
X509TrustManager tm = sslContext.getX509TrustManager();
try {
@@ -1370,4 +1472,81 @@
}
session.setPeerCertificates(peerCerts);
}
+
+ /*
+ * Whether the certificates can represent the same identity?
+ *
+ * The certificates can be used to represent the same identity:
+ * 1. If the subject alternative names of IP address are present in
+ * both certificates, they should be identical; otherwise,
+ * 2. if the subject alternative names of DNS name are present in
+ * both certificates, they should be identical; otherwise,
+ * 3. if the subject fields are present in both certificates, the
+ * certificate subjects and issuers should be identical.
+ */
+ private static boolean isIdentityEquivalent(X509Certificate thisCert,
+ X509Certificate prevCert) {
+ if (thisCert.equals(prevCert)) {
+ return true;
+ }
+
+ // check the iPAddress field in subjectAltName extension
+ Object thisIPAddress = getSubjectAltName(thisCert, 7); // 7: iPAddress
+ Object prevIPAddress = getSubjectAltName(prevCert, 7);
+ if (thisIPAddress != null && prevIPAddress!= null) {
+ // only allow the exactly match
+ return Objects.equals(thisIPAddress, prevIPAddress);
+ }
+
+ // check the dNSName field in subjectAltName extension
+ Object thisDNSName = getSubjectAltName(thisCert, 2); // 2: dNSName
+ Object prevDNSName = getSubjectAltName(prevCert, 2);
+ if (thisDNSName != null && prevDNSName!= null) {
+ // only allow the exactly match
+ return Objects.equals(thisDNSName, prevDNSName);
+ }
+
+ // check the certificate subject and issuer
+ X500Principal thisSubject = thisCert.getSubjectX500Principal();
+ X500Principal prevSubject = prevCert.getSubjectX500Principal();
+ X500Principal thisIssuer = thisCert.getIssuerX500Principal();
+ X500Principal prevIssuer = prevCert.getIssuerX500Principal();
+ if (!thisSubject.getName().isEmpty() &&
+ !prevSubject.getName().isEmpty() &&
+ thisSubject.equals(prevSubject) &&
+ thisIssuer.equals(prevIssuer)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Returns the subject alternative name of the specified type in the
+ * subjectAltNames extension of a certificate.
+ */
+ private static Object getSubjectAltName(X509Certificate cert, int type) {
+ Collection<List<?>> subjectAltNames;
+
+ try {
+ subjectAltNames = cert.getSubjectAlternativeNames();
+ } catch (CertificateParsingException cpe) {
+ if (debug != null && Debug.isOn("handshake")) {
+ System.out.println(
+ "Attempt to obtain subjectAltNames extension failed!");
+ }
+ return null;
+ }
+
+ if (subjectAltNames != null) {
+ for (List<?> subjectAltName : subjectAltNames) {
+ int subjectAltNameType = (Integer)subjectAltName.get(0);
+ if (subjectAltNameType == type) {
+ return subjectAltName.get(1);
+ }
+ }
+ }
+
+ return null;
+ }
}
diff --git a/jdk/src/share/classes/sun/security/ssl/Handshaker.java b/jdk/src/share/classes/sun/security/ssl/Handshaker.java
index 9fea3fa..ba65d96 100644
--- a/jdk/src/share/classes/sun/security/ssl/Handshaker.java
+++ b/jdk/src/share/classes/sun/security/ssl/Handshaker.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -359,6 +359,17 @@
}
}
+ String getEndpointIdentificationAlgorithmSE() {
+ SSLParameters paras;
+ if (conn != null) {
+ paras = conn.getSSLParameters();
+ } else {
+ paras = engine.getSSLParameters();
+ }
+
+ return paras.getEndpointIdentificationAlgorithm();
+ }
+
private void setVersionSE(ProtocolVersion protocolVersion) {
if (conn != null) {
conn.setVersion(protocolVersion);
diff --git a/jdk/src/share/classes/sun/security/ssl/SSLSessionImpl.java b/jdk/src/share/classes/sun/security/ssl/SSLSessionImpl.java
index 6cb4170..b5f304b 100644
--- a/jdk/src/share/classes/sun/security/ssl/SSLSessionImpl.java
+++ b/jdk/src/share/classes/sun/security/ssl/SSLSessionImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -115,6 +115,14 @@
private Principal localPrincipal;
/*
+ * Is the session currently re-established with a session-resumption
+ * abbreviated initial handshake?
+ *
+ * Note that currently we only set this variable in client side.
+ */
+ private boolean isSessionResumption = false;
+
+ /*
* We count session creations, eventually for statistical data but
* also since counters make shorter debugging IDs than the big ones
* we use in the protocol for uniqueness-over-time.
@@ -325,6 +333,22 @@
}
/**
+ * Return true if the session is currently re-established with a
+ * session-resumption abbreviated initial handshake.
+ */
+ boolean isSessionResumption() {
+ return isSessionResumption;
+ }
+
+ /**
+ * Resets whether the session is re-established with a session-resumption
+ * abbreviated initial handshake.
+ */
+ void setAsSessionResumption(boolean flag) {
+ isSessionResumption = flag;
+ }
+
+ /**
* Returns the name of the cipher suite in use on this session
*/
@Override
diff --git a/jdk/src/share/classes/sun/security/util/KeyUtil.java b/jdk/src/share/classes/sun/security/util/KeyUtil.java
index 9c881b8..661e3b9 100644
--- a/jdk/src/share/classes/sun/security/util/KeyUtil.java
+++ b/jdk/src/share/classes/sun/security/util/KeyUtil.java
@@ -272,7 +272,16 @@
"Diffie-Hellman public key is too large");
}
- // Don't bother to check against the y^q mod p if safe primes are used.
+ // y^q mod p == 1?
+ // Unable to perform this check as q is unknown in this circumstance.
+
+ // p is expected to be prime. However, it is too expensive to check
+ // that p is prime. Instead, in order to mitigate the impact of
+ // non-prime values, we check that y is not a factor of p.
+ BigInteger r = p.remainder(y);
+ if (r.equals(BigInteger.ZERO)) {
+ throw new InvalidKeyException("Invalid Diffie-Hellman parameters");
+ }
}
/**
diff --git a/jdk/src/share/classes/sun/util/locale/BaseLocale.java b/jdk/src/share/classes/sun/util/locale/BaseLocale.java
index 6eee582..e0e9ed0 100644
--- a/jdk/src/share/classes/sun/util/locale/BaseLocale.java
+++ b/jdk/src/share/classes/sun/util/locale/BaseLocale.java
@@ -31,6 +31,7 @@
*/
package sun.util.locale;
+import java.lang.ref.SoftReference;
public final class BaseLocale {
@@ -163,11 +164,11 @@
return h;
}
- private static final class Key implements Comparable<Key> {
- private final String lang;
- private final String scrt;
- private final String regn;
- private final String vart;
+ private static final class Key {
+ private final SoftReference<String> lang;
+ private final SoftReference<String> scrt;
+ private final SoftReference<String> regn;
+ private final SoftReference<String> vart;
private final boolean normalized;
private final int hash;
@@ -179,10 +180,10 @@
assert language.intern() == language
&& region.intern() == region;
- lang = language;
- scrt = "";
- regn = region;
- vart = "";
+ lang = new SoftReference(language);
+ scrt = new SoftReference("");
+ regn = new SoftReference(region);
+ vart = new SoftReference("");
this.normalized = true;
int h = language.hashCode();
@@ -203,40 +204,40 @@
String variant, boolean normalized) {
int h = 0;
if (language != null) {
- lang = language;
+ lang = new SoftReference(language);
int len = language.length();
for (int i = 0; i < len; i++) {
h = 31*h + LocaleUtils.toLower(language.charAt(i));
}
} else {
- lang = "";
+ lang = new SoftReference("");
}
if (script != null) {
- scrt = script;
+ scrt = new SoftReference(script);
int len = script.length();
for (int i = 0; i < len; i++) {
h = 31*h + LocaleUtils.toLower(script.charAt(i));
}
} else {
- scrt = "";
+ scrt = new SoftReference("");
}
if (region != null) {
- regn = region;
+ regn = new SoftReference(region);
int len = region.length();
for (int i = 0; i < len; i++) {
h = 31*h + LocaleUtils.toLower(region.charAt(i));
}
} else {
- regn = "";
+ regn = new SoftReference("");
}
if (variant != null) {
- vart = variant;
+ vart = new SoftReference(variant);
int len = variant.length();
for (int i = 0; i < len; i++) {
h = 31*h + variant.charAt(i);
}
} else {
- vart = "";
+ vart = new SoftReference("");
}
hash = h;
this.normalized = normalized;
@@ -244,28 +245,31 @@
@Override
public boolean equals(Object obj) {
- return (this == obj) ||
- (obj instanceof Key)
- && this.hash == ((Key)obj).hash
- && LocaleUtils.caseIgnoreMatch(((Key)obj).lang, this.lang)
- && LocaleUtils.caseIgnoreMatch(((Key)obj).scrt, this.scrt)
- && LocaleUtils.caseIgnoreMatch(((Key)obj).regn, this.regn)
- && ((Key)obj).vart.equals(vart); // variant is case sensitive in JDK!
+ if (this == obj) {
+ return true;
}
- @Override
- public int compareTo(Key other) {
- int res = LocaleUtils.caseIgnoreCompare(this.lang, other.lang);
- if (res == 0) {
- res = LocaleUtils.caseIgnoreCompare(this.scrt, other.scrt);
- if (res == 0) {
- res = LocaleUtils.caseIgnoreCompare(this.regn, other.regn);
- if (res == 0) {
- res = this.vart.compareTo(other.vart);
+ if (obj instanceof Key && this.hash == ((Key)obj).hash) {
+ String tl = this.lang.get();
+ String ol = ((Key)obj).lang.get();
+ if (tl != null && ol != null &&
+ LocaleUtils.caseIgnoreMatch(ol, tl)) {
+ String ts = this.scrt.get();
+ String os = ((Key)obj).scrt.get();
+ if (ts != null && os != null &&
+ LocaleUtils.caseIgnoreMatch(os, ts)) {
+ String tr = this.regn.get();
+ String or = ((Key)obj).regn.get();
+ if (tr != null && or != null &&
+ LocaleUtils.caseIgnoreMatch(or, tr)) {
+ String tv = this.vart.get();
+ String ov = ((Key)obj).vart.get();
+ return (ov != null && ov.equals(tv));
}
}
}
- return res;
+ }
+ return false;
}
@Override
@@ -278,10 +282,10 @@
return key;
}
- String lang = LocaleUtils.toLowerString(key.lang).intern();
- String scrt = LocaleUtils.toTitleString(key.scrt).intern();
- String regn = LocaleUtils.toUpperString(key.regn).intern();
- String vart = key.vart.intern(); // preserve upper/lower cases
+ String lang = LocaleUtils.toLowerString(key.lang.get()).intern();
+ String scrt = LocaleUtils.toTitleString(key.scrt.get()).intern();
+ String regn = LocaleUtils.toUpperString(key.regn.get()).intern();
+ String vart = key.vart.get().intern(); // preserve upper/lower cases
return new Key(lang, scrt, regn, vart, true);
}
@@ -294,12 +298,18 @@
@Override
protected Key normalizeKey(Key key) {
+ assert key.lang.get() != null &&
+ key.scrt.get() != null &&
+ key.regn.get() != null &&
+ key.vart.get() != null;
+
return Key.normalize(key);
}
@Override
protected BaseLocale createObject(Key key) {
- return new BaseLocale(key.lang, key.scrt, key.regn, key.vart);
+ return new BaseLocale(key.lang.get(), key.scrt.get(),
+ key.regn.get(), key.vart.get());
}
}
}
diff --git a/jdk/src/share/classes/sun/util/locale/LocaleObjectCache.java b/jdk/src/share/classes/sun/util/locale/LocaleObjectCache.java
index 88920aa..eae1480 100644
--- a/jdk/src/share/classes/sun/util/locale/LocaleObjectCache.java
+++ b/jdk/src/share/classes/sun/util/locale/LocaleObjectCache.java
@@ -57,8 +57,10 @@
value = entry.get();
}
if (value == null) {
- key = normalizeKey(key);
V newVal = createObject(key);
+ // make sure key is normalized *after* the object creation
+ // so that newVal is assured to be created from a valid key.
+ key = normalizeKey(key);
if (key == null || newVal == null) {
// subclass must return non-null key/value object
return null;
diff --git a/jdk/src/share/javavm/export/jvm.h b/jdk/src/share/javavm/export/jvm.h
index 2bef081..2d67c13 100644
--- a/jdk/src/share/javavm/export/jvm.h
+++ b/jdk/src/share/javavm/export/jvm.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -386,6 +386,19 @@
JVM_FindClassFromBootLoader(JNIEnv *env, const char *name);
/*
+ * Find a class from a given class loader. Throws ClassNotFoundException.
+ * name: name of class
+ * init: whether initialization is done
+ * loader: class loader to look up the class. This may not be the same as the caller's
+ * class loader.
+ * caller: initiating class. The initiating class may be null when a security
+ * manager is not installed.
+ */
+JNIEXPORT jclass JNICALL
+JVM_FindClassFromCaller(JNIEnv *env, const char *name, jboolean init,
+ jobject loader, jclass caller);
+
+/*
* Find a class from a given class loader. Throw ClassNotFoundException
* or NoClassDefFoundError depending on the value of the last
* argument.
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
index d31a1e3..bb71a15 100644
--- a/jdk/src/share/lib/security/java.security-linux
+++ b/jdk/src/share/lib/security/java.security-linux
@@ -210,8 +210,8 @@
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
- jdk.nashorn.tools.
-
+ jdk.nashorn.tools.,\
+ com.sun.activation.registries.
#
# List of comma-separated packages that start with or equal this string
@@ -257,8 +257,8 @@
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
- jdk.nashorn.tools.
-
+ jdk.nashorn.tools.,\
+ com.sun.activation.registries.
#
# Determines whether this properties file can be appended to
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
index 78ef913..78eeb8e 100644
--- a/jdk/src/share/lib/security/java.security-macosx
+++ b/jdk/src/share/lib/security/java.security-macosx
@@ -212,6 +212,7 @@
jdk.internal.,\
jdk.nashorn.internal.,\
jdk.nashorn.tools.,\
+ com.sun.activation.registries.,\
apple.
#
@@ -259,6 +260,7 @@
jdk.internal.,\
jdk.nashorn.internal.,\
jdk.nashorn.tools.,\
+ com.sun.activation.registries.,\
apple.
#
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
index 7de2ad4..e153e15 100644
--- a/jdk/src/share/lib/security/java.security-solaris
+++ b/jdk/src/share/lib/security/java.security-solaris
@@ -212,7 +212,8 @@
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
- jdk.nashorn.tools.
+ jdk.nashorn.tools.,\
+ com.sun.activation.registries.
#
# List of comma-separated packages that start with or equal this string
@@ -258,7 +259,8 @@
org.jcp.xml.dsig.internal.,\
jdk.internal.,\
jdk.nashorn.internal.,\
- jdk.nashorn.tools.
+ jdk.nashorn.tools.,\
+ com.sun.activation.registries.
#
# Determines whether this properties file can be appended to
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
index f19a0cf..e10b953 100644
--- a/jdk/src/share/lib/security/java.security-windows
+++ b/jdk/src/share/lib/security/java.security-windows
@@ -212,6 +212,7 @@
jdk.internal.,\
jdk.nashorn.internal.,\
jdk.nashorn.tools.,\
+ com.sun.activation.registries.,\
com.sun.java.accessibility.
#
@@ -259,6 +260,7 @@
jdk.internal.,\
jdk.nashorn.internal.,\
jdk.nashorn.tools.,\
+ com.sun.activation.registries.,\
com.sun.java.accessibility.
#
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/defines.h b/jdk/src/share/native/com/sun/java/util/jar/pack/defines.h
index 644b9ca..3d98dd1 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/defines.h
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/defines.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -79,6 +79,7 @@
#define ERROR_RESOURCE "Cannot extract resource file"
#define ERROR_OVERFLOW "Internal buffer overflow"
#define ERROR_INTERNAL "Internal error"
+#define ERROR_INIT "cannot init class members"
#define LOGFILE_STDOUT "-"
#define LOGFILE_STDERR ""
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
index 26c683f..e9109cb 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,6 +56,45 @@
#define THROW_IOE(x) JNU_ThrowIOException(env,x)
+#define CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(CERVTI_exception, CERVTI_message) \
+ do { \
+ if ((env)->ExceptionOccurred()) { \
+ THROW_IOE(CERVTI_message); \
+ return; \
+ } \
+ if ((CERVTI_exception) == NULL) { \
+ THROW_IOE(CERVTI_message); \
+ return; \
+ } \
+ } while (JNI_FALSE)
+
+
+#define CHECK_EXCEPTION_RETURN_VALUE(CERL_exception, CERL_return_value) \
+ do { \
+ if ((env)->ExceptionOccurred()) { \
+ return CERL_return_value; \
+ } \
+ if ((CERL_exception) == NULL) { \
+ return CERL_return_value; \
+ } \
+ } while (JNI_FALSE)
+
+
+// If these useful macros aren't defined in jni_util.h then define them here
+#ifndef CHECK_NULL_RETURN
+#define CHECK_NULL_RETURN(x, y) \
+ do { \
+ if ((x) == NULL) return (y); \
+ } while (JNI_FALSE)
+#endif
+
+#ifndef CHECK_EXCEPTION_RETURN
+#define CHECK_EXCEPTION_RETURN(env, y) \
+ do { \
+ if ((*env)->ExceptionCheck(env)) return (y); \
+ } while (JNI_FALSE)
+#endif
+
static jlong read_input_via_jni(unpacker* self,
void* buf, jlong minlen, jlong maxlen);
@@ -92,9 +131,11 @@
vm->GetEnv(&envRaw, JNI_VERSION_1_1);
JNIEnv* env = (JNIEnv*) envRaw;
//fprintf(stderr, "get_unpacker() env=%p\n", env);
- if (env == null)
- return null;
+ CHECK_NULL_RETURN(env, NULL);
jobject pObj = env->CallStaticObjectMethod(NIclazz, currentInstMID);
+ // We should check upon the known non-null variable because here we want to check
+ // only for pending exceptions. If pObj is null we'll deal with it later.
+ CHECK_EXCEPTION_RETURN_VALUE(env, NULL);
//fprintf(stderr, "get_unpacker0() pObj=%p\n", pObj);
if (pObj != null) {
// Got pObj and env; now do it the easy way.
@@ -137,20 +178,20 @@
while( dbg != null) { sleep(10); }
#endif
NIclazz = (jclass) env->NewGlobalRef(clazz);
+
unpackerPtrFID = env->GetFieldID(clazz, "unpackerPtr", "J");
+ CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(unpackerPtrFID, ERROR_INIT);
+
currentInstMID = env->GetStaticMethodID(clazz, "currentInstance",
"()Ljava/lang/Object;");
+ CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(currentInstMID, ERROR_INIT);
+
readInputMID = env->GetMethodID(clazz, "readInputFn",
"(Ljava/nio/ByteBuffer;J)J");
- getUnpackerPtrMID = env->GetMethodID(clazz, "getUnpackerPtr", "()J");
+ CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(readInputMID, ERROR_INIT);
- if (unpackerPtrFID == null ||
- currentInstMID == null ||
- readInputMID == null ||
- NIclazz == null ||
- getUnpackerPtrMID == null) {
- THROW_IOE("cannot init class members");
- }
+ getUnpackerPtrMID = env->GetMethodID(clazz, "getUnpackerPtr", "()J");
+ CHECK_EXCEPTION_RETURN_VOID_THROW_IOE(getUnpackerPtrMID, ERROR_INIT);
}
JNIEXPORT jlong JNICALL
@@ -160,9 +201,7 @@
// valid object pointers and env is intact, if not now is good time to bail.
unpacker* uPtr = get_unpacker();
//fprintf(stderr, "start(%p) uPtr=%p initializing\n", pObj, uPtr);
- if (uPtr == null) {
- return -1;
- }
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, -1);
// redirect our io to the default log file or whatever.
uPtr->redirect_stdio();
@@ -200,6 +239,7 @@
jobjectArray pParts) {
unpacker* uPtr = get_unpacker(env, pObj);
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, false);
unpacker::file* filep = uPtr->get_next_file();
if (uPtr->aborting()) {
@@ -207,32 +247,38 @@
return false;
}
- if (filep == null) {
- return false; // end of the sequence
- }
+ CHECK_NULL_RETURN(filep, false);
assert(filep == &uPtr->cur_file);
int pidx = 0, iidx = 0;
jintArray pIntParts = (jintArray) env->GetObjectArrayElement(pParts, pidx++);
+ CHECK_EXCEPTION_RETURN_VALUE(pIntParts, false);
jint* intParts = env->GetIntArrayElements(pIntParts, null);
intParts[iidx++] = (jint)( (julong)filep->size >> 32 );
intParts[iidx++] = (jint)( (julong)filep->size >> 0 );
intParts[iidx++] = filep->modtime;
intParts[iidx++] = filep->deflate_hint() ? 1 : 0;
env->ReleaseIntArrayElements(pIntParts, intParts, JNI_COMMIT);
-
- env->SetObjectArrayElement(pParts, pidx++, env->NewStringUTF(filep->name));
-
+ jstring filename = env->NewStringUTF(filep->name);
+ CHECK_EXCEPTION_RETURN_VALUE(filename, false);
+ env->SetObjectArrayElement(pParts, pidx++, filename);
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, false);
jobject pDataBuf = null;
- if (filep->data[0].len > 0)
+ if (filep->data[0].len > 0) {
pDataBuf = env->NewDirectByteBuffer(filep->data[0].ptr,
filep->data[0].len);
+ CHECK_EXCEPTION_RETURN_VALUE(pDataBuf, false);
+ }
env->SetObjectArrayElement(pParts, pidx++, pDataBuf);
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, false);
pDataBuf = null;
- if (filep->data[1].len > 0)
+ if (filep->data[1].len > 0) {
pDataBuf = env->NewDirectByteBuffer(filep->data[1].ptr,
filep->data[1].len);
+ CHECK_EXCEPTION_RETURN_VALUE(pDataBuf, false);
+ }
env->SetObjectArrayElement(pParts, pidx++, pDataBuf);
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, false);
return true;
}
@@ -241,6 +287,7 @@
JNIEXPORT jobject JNICALL
Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject pObj) {
unpacker* uPtr = get_unpacker(env, pObj);
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
unpacker::file* filep = &uPtr->cur_file;
if (uPtr->aborting()) {
@@ -263,7 +310,7 @@
JNIEXPORT jlong JNICALL
Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
unpacker* uPtr = get_unpacker(env, pObj, false);
- if (uPtr == null) return 0;
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
size_t consumed = uPtr->input_consumed();
free_unpacker(env, pObj, uPtr);
return consumed;
@@ -274,7 +321,9 @@
jstring pProp, jstring pValue) {
unpacker* uPtr = get_unpacker(env, pObj);
const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE);
+ CHECK_EXCEPTION_RETURN_VALUE(prop, false);
const char* value = env->GetStringUTFChars(pValue, JNI_FALSE);
+ CHECK_EXCEPTION_RETURN_VALUE(value, false);
jboolean retval = uPtr->set_option(prop, value);
env->ReleaseStringUTFChars(pProp, prop);
env->ReleaseStringUTFChars(pValue, value);
@@ -286,9 +335,11 @@
jstring pProp) {
unpacker* uPtr = get_unpacker(env, pObj);
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE);
+ CHECK_EXCEPTION_RETURN_VALUE(prop, NULL);
const char* value = uPtr->get_option(prop);
+ CHECK_EXCEPTION_RETURN_VALUE(value, NULL);
env->ReleaseStringUTFChars(pProp, prop);
- if (value == null) return null;
return env->NewStringUTF(value);
}
diff --git a/jdk/src/share/native/java/lang/Class.c b/jdk/src/share/native/java/lang/Class.c
index b0ba343..2f5e6b5 100644
--- a/jdk/src/share/native/java/lang/Class.c
+++ b/jdk/src/share/native/java/lang/Class.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -97,7 +97,7 @@
JNIEXPORT jclass JNICALL
Java_java_lang_Class_forName0(JNIEnv *env, jclass this, jstring classname,
- jboolean initialize, jobject loader)
+ jboolean initialize, jobject loader, jclass caller)
{
char *clname;
jclass cls = 0;
@@ -135,8 +135,7 @@
goto done;
}
- cls = JVM_FindClassFromClassLoader(env, clname, initialize,
- loader, JNI_FALSE);
+ cls = JVM_FindClassFromCaller(env, clname, initialize, loader, caller);
done:
if (clname != buf) {
diff --git a/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c b/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c
index 1ed87f7..472b5ee 100644
--- a/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c
+++ b/jdk/src/share/native/sun/awt/medialib/awt_ImagingLib.c
@@ -373,14 +373,14 @@
/* Parse the source image */
- if ((status = awt_parseImage(env, jsrc, &srcImageP, FALSE)) <= 0) {
+ if (awt_parseImage(env, jsrc, &srcImageP, FALSE) <= 0) {
/* Can't handle any custom images */
free(dkern);
return 0;
}
/* Parse the destination image */
- if ((status = awt_parseImage(env, jdst, &dstImageP, FALSE)) <= 0) {
+ if (awt_parseImage(env, jdst, &dstImageP, FALSE) <= 0) {
/* Can't handle any custom images */
awt_freeParsedImage(srcImageP, TRUE);
free(dkern);
@@ -627,7 +627,7 @@
}
/* Parse the source raster */
- if ((status = awt_parseRaster(env, jsrc, srcRasterP)) <= 0) {
+ if (awt_parseRaster(env, jsrc, srcRasterP) <= 0) {
/* Can't handle any custom rasters */
free(srcRasterP);
free(dstRasterP);
@@ -636,7 +636,7 @@
}
/* Parse the destination raster */
- if ((status = awt_parseRaster(env, jdst, dstRasterP)) <= 0) {
+ if (awt_parseRaster(env, jdst, dstRasterP) <= 0) {
/* Can't handle any custom images */
awt_freeParsedRaster(srcRasterP, TRUE);
free(dstRasterP);
@@ -839,13 +839,13 @@
(*env)->ReleasePrimitiveArrayCritical(env, jmatrix, matrix, JNI_ABORT);
/* Parse the source image */
- if ((status = awt_parseImage(env, jsrc, &srcImageP, FALSE)) <= 0) {
+ if (awt_parseImage(env, jsrc, &srcImageP, FALSE) <= 0) {
/* Can't handle any custom images */
return 0;
}
/* Parse the destination image */
- if ((status = awt_parseImage(env, jdst, &dstImageP, FALSE)) <= 0) {
+ if (awt_parseImage(env, jdst, &dstImageP, FALSE) <= 0) {
/* Can't handle any custom images */
awt_freeParsedImage(srcImageP, TRUE);
return 0;
@@ -1059,7 +1059,7 @@
(*env)->ReleasePrimitiveArrayCritical(env, jmatrix, matrix, JNI_ABORT);
/* Parse the source raster */
- if ((status = awt_parseRaster(env, jsrc, srcRasterP)) <= 0) {
+ if (awt_parseRaster(env, jsrc, srcRasterP) <= 0) {
/* Can't handle any custom rasters */
free(srcRasterP);
free(dstRasterP);
@@ -1067,7 +1067,7 @@
}
/* Parse the destination raster */
- if ((status = awt_parseRaster(env, jdst, dstRasterP)) <= 0) {
+ if (awt_parseRaster(env, jdst, dstRasterP) <= 0) {
/* Can't handle any custom images */
awt_freeParsedRaster(srcRasterP, TRUE);
free(dstRasterP);
@@ -1306,13 +1306,13 @@
if (s_timeIt) (*start_timer)(3600);
/* Parse the source image */
- if ((status = awt_parseImage(env, jsrc, &srcImageP, FALSE)) <= 0) {
+ if (awt_parseImage(env, jsrc, &srcImageP, FALSE) <= 0) {
/* Can't handle any custom images */
return 0;
}
/* Parse the destination image */
- if ((status = awt_parseImage(env, jdst, &dstImageP, FALSE)) <= 0) {
+ if (awt_parseImage(env, jdst, &dstImageP, FALSE) <= 0) {
/* Can't handle any custom images */
awt_freeParsedImage(srcImageP, TRUE);
return 0;
@@ -1554,14 +1554,14 @@
}
/* Parse the source raster - reject custom images */
- if ((status = awt_parseRaster(env, jsrc, srcRasterP)) <= 0) {
+ if (awt_parseRaster(env, jsrc, srcRasterP) <= 0) {
free(srcRasterP);
free(dstRasterP);
return 0;
}
/* Parse the destination image - reject custom images */
- if ((status = awt_parseRaster(env, jdst, dstRasterP)) <= 0) {
+ if (awt_parseRaster(env, jdst, dstRasterP) <= 0) {
awt_freeParsedRaster(srcRasterP, TRUE);
free(dstRasterP);
return 0;
diff --git a/jdk/src/share/native/sun/font/freetypeScaler.c b/jdk/src/share/native/sun/font/freetypeScaler.c
index e4b37fd..55ca4eb 100644
--- a/jdk/src/share/native/sun/font/freetypeScaler.c
+++ b/jdk/src/share/native/sun/font/freetypeScaler.c
@@ -177,18 +177,10 @@
if (numBytes > FILEDATACACHESIZE) {
bBuffer = (*env)->NewDirectByteBuffer(env, destBuffer, numBytes);
if (bBuffer != NULL) {
- /* Loop until the read succeeds (or EOF).
- * This should improve robustness in the event of a problem in
- * the I/O system. If we find that we ever end up spinning here
- * we are going to have to do some serious work to recover.
- * Just returning without reading the data will cause a crash.
- */
- while (bread == 0) {
- bread = (*env)->CallIntMethod(env,
- scalerInfo->font2D,
- sunFontIDs.ttReadBlockMID,
- bBuffer, offset, numBytes);
- }
+ bread = (*env)->CallIntMethod(env,
+ scalerInfo->font2D,
+ sunFontIDs.ttReadBlockMID,
+ bBuffer, offset, numBytes);
return bread;
} else {
/* We probably hit bug bug 4845371. For reasons that
@@ -224,19 +216,10 @@
(offset + FILEDATACACHESIZE > scalerInfo->fileSize) ?
scalerInfo->fileSize - offset : FILEDATACACHESIZE;
bBuffer = scalerInfo->directBuffer;
- /* Loop until all the read succeeds (or EOF).
- * This should improve robustness in the event of a problem in
- * the I/O system. If we find that we ever end up spinning here
- * we are going to have to do some serious work to recover.
- * Just returning without reading the data will cause a crash.
- */
- while (bread == 0) {
- bread = (*env)->CallIntMethod(env, scalerInfo->font2D,
- sunFontIDs.ttReadBlockMID,
- bBuffer, offset,
- scalerInfo->fontDataLength);
- }
-
+ bread = (*env)->CallIntMethod(env, scalerInfo->font2D,
+ sunFontIDs.ttReadBlockMID,
+ bBuffer, offset,
+ scalerInfo->fontDataLength);
memcpy(destBuffer, scalerInfo->fontData, numBytes);
return numBytes;
}
diff --git a/jdk/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp b/jdk/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp
index 3707efd..e985b81 100644
--- a/jdk/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp
+++ b/jdk/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp
@@ -243,12 +243,22 @@
le_uint16 srSetCount = SWAPW(subRuleSetCount);
if (coverageIndex < srSetCount) {
+ LEReferenceToArrayOf<Offset> subRuleSetTableOffsetArrayRef(base, success,
+ &subRuleSetTableOffsetArray[coverageIndex], 1);
+ if (LE_FAILURE(success)) {
+ return 0;
+ }
Offset subRuleSetTableOffset = SWAPW(subRuleSetTableOffsetArray[coverageIndex]);
LEReferenceTo<SubRuleSetTable>
subRuleSetTable(base, success, (const SubRuleSetTable *) ((char *) this + subRuleSetTableOffset));
le_uint16 subRuleCount = SWAPW(subRuleSetTable->subRuleCount);
le_int32 position = glyphIterator->getCurrStreamPosition();
+ LEReferenceToArrayOf<Offset> subRuleTableOffsetArrayRef(base, success,
+ subRuleSetTable->subRuleTableOffsetArray, subRuleCount);
+ if (LE_FAILURE(success)) {
+ return 0;
+ }
for (le_uint16 subRule = 0; subRule < subRuleCount; subRule += 1) {
Offset subRuleTableOffset =
SWAPW(subRuleSetTable->subRuleTableOffsetArray[subRule]);
@@ -301,13 +311,22 @@
glyphIterator->getCurrGlyphID(),
success);
- if (setClass < scSetCount && subClassSetTableOffsetArray[setClass] != 0) {
+ if (setClass < scSetCount) {
+ LEReferenceToArrayOf<Offset>
+ subClassSetTableOffsetArrayRef(base, success, subClassSetTableOffsetArray, setClass);
+ if (LE_FAILURE(success)) { return 0; }
+ if (subClassSetTableOffsetArray[setClass] != 0) {
+
Offset subClassSetTableOffset = SWAPW(subClassSetTableOffsetArray[setClass]);
LEReferenceTo<SubClassSetTable>
subClassSetTable(base, success, (const SubClassSetTable *) ((char *) this + subClassSetTableOffset));
le_uint16 subClassRuleCount = SWAPW(subClassSetTable->subClassRuleCount);
le_int32 position = glyphIterator->getCurrStreamPosition();
-
+ LEReferenceToArrayOf<Offset>
+ subClassRuleTableOffsetArrayRef(base, success, subClassSetTable->subClassRuleTableOffsetArray, subClassRuleCount);
+ if (LE_FAILURE(success)) {
+ return 0;
+ }
for (le_uint16 scRule = 0; scRule < subClassRuleCount; scRule += 1) {
Offset subClassRuleTableOffset =
SWAPW(subClassSetTable->subClassRuleTableOffsetArray[scRule]);
@@ -331,6 +350,7 @@
glyphIterator->setCurrStreamPosition(position);
}
}
+ }
// XXX If we get here, the table is mal-formed...
}
@@ -442,13 +462,22 @@
le_uint16 srSetCount = SWAPW(chainSubRuleSetCount);
if (coverageIndex < srSetCount) {
+ LEReferenceToArrayOf<Offset>
+ chainSubRuleSetTableOffsetArrayRef(base, success, chainSubRuleSetTableOffsetArray, coverageIndex);
+ if (LE_FAILURE(success)) {
+ return 0;
+ }
Offset chainSubRuleSetTableOffset = SWAPW(chainSubRuleSetTableOffsetArray[coverageIndex]);
LEReferenceTo<ChainSubRuleSetTable>
chainSubRuleSetTable(base, success, (const ChainSubRuleSetTable *) ((char *) this + chainSubRuleSetTableOffset));
le_uint16 chainSubRuleCount = SWAPW(chainSubRuleSetTable->chainSubRuleCount);
le_int32 position = glyphIterator->getCurrStreamPosition();
GlyphIterator tempIterator(*glyphIterator, emptyFeatureList);
-
+ LEReferenceToArrayOf<Offset>
+ chainSubRuleTableOffsetArrayRef(base, success, chainSubRuleSetTable->chainSubRuleTableOffsetArray, chainSubRuleCount);
+ if (LE_FAILURE(success)) {
+ return 0;
+ }
for (le_uint16 subRule = 0; subRule < chainSubRuleCount; subRule += 1) {
Offset chainSubRuleTableOffset =
SWAPW(chainSubRuleSetTable->chainSubRuleTableOffsetArray[subRule]);
@@ -530,6 +559,11 @@
le_int32 setClass = inputClassDefinitionTable->getGlyphClass(inputClassDefinitionTable,
glyphIterator->getCurrGlyphID(),
success);
+ LEReferenceToArrayOf<Offset>
+ chainSubClassSetTableOffsetArrayRef(base, success, chainSubClassSetTableOffsetArray, setClass);
+ if (LE_FAILURE(success)) {
+ return 0;
+ }
if (setClass < scSetCount && chainSubClassSetTableOffsetArray[setClass] != 0) {
Offset chainSubClassSetTableOffset = SWAPW(chainSubClassSetTableOffsetArray[setClass]);
@@ -538,7 +572,11 @@
le_uint16 chainSubClassRuleCount = SWAPW(chainSubClassSetTable->chainSubClassRuleCount);
le_int32 position = glyphIterator->getCurrStreamPosition();
GlyphIterator tempIterator(*glyphIterator, emptyFeatureList);
-
+ LEReferenceToArrayOf<Offset>
+ chainSubClassRuleTableOffsetArrayRef(base, success, chainSubClassSetTable->chainSubClassRuleTableOffsetArray, chainSubClassRuleCount);
+ if (LE_FAILURE(success)) {
+ return 0;
+ }
for (le_uint16 scRule = 0; scRule < chainSubClassRuleCount; scRule += 1) {
Offset chainSubClassRuleTableOffset =
SWAPW(chainSubClassSetTable->chainSubClassRuleTableOffsetArray[scRule]);
@@ -603,12 +641,14 @@
}
le_uint16 backtrkGlyphCount = SWAPW(backtrackGlyphCount);
+ LEReferenceToArrayOf<Offset> backtrackGlyphArrayRef(base, success, backtrackCoverageTableOffsetArray, backtrkGlyphCount);
+ if (LE_FAILURE(success)) {
+ return 0;
+ }
le_uint16 inputGlyphCount = (le_uint16) SWAPW(backtrackCoverageTableOffsetArray[backtrkGlyphCount]);
LEReferenceToArrayOf<Offset> inputCoverageTableOffsetArray(base, success, &backtrackCoverageTableOffsetArray[backtrkGlyphCount + 1], inputGlyphCount+2); // offset
if (LE_FAILURE(success)) { return 0; }
const le_uint16 lookaheadGlyphCount = (le_uint16) SWAPW(inputCoverageTableOffsetArray[inputGlyphCount]);
-
- if( LE_FAILURE(success)) { return 0; }
LEReferenceToArrayOf<Offset> lookaheadCoverageTableOffsetArray(base, success, inputCoverageTableOffsetArray.getAlias(inputGlyphCount + 1, success), lookaheadGlyphCount+2);
if( LE_FAILURE(success) ) { return 0; }
diff --git a/jdk/src/share/native/sun/management/GcInfoBuilder.c b/jdk/src/share/native/sun/management/GcInfoBuilder.c
index 1d0bebd..672cc6a 100644
--- a/jdk/src/share/native/sun/management/GcInfoBuilder.c
+++ b/jdk/src/share/native/sun/management/GcInfoBuilder.c
@@ -190,7 +190,7 @@
if (ext_att_count <= 0) {
JNU_ThrowIllegalArgumentException(env, "Invalid ext_att_count");
- return;
+ return 0;
}
gc_stat.usage_before_gc = usageBeforeGC;
diff --git a/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp b/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
index dff675f..f2612ad 100644
--- a/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
+++ b/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -64,22 +64,40 @@
free(ecparams);
}
+jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem)
+{
+ SECItem *s = (SECItem *)hSECItem;
+
+ jbyteArray jEncodedBytes = env->NewByteArray(s->len);
+ if (jEncodedBytes == NULL) {
+ return NULL;
+ }
+ // Copy bytes from a native SECItem buffer to Java byte array
+ env->SetByteArrayRegion(jEncodedBytes, 0, s->len, (jbyte *)s->data);
+ if (env->ExceptionCheck()) { // should never happen
+ return NULL;
+ }
+ return jEncodedBytes;
+}
+
+
/*
* Class: sun_security_ec_ECKeyPairGenerator
* Method: generateECKeyPair
- * Signature: (I[B[B)[J
+ * Signature: (I[B[B)[[B
*/
-JNIEXPORT jlongArray
+JNIEXPORT jobjectArray
JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair
(JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed)
{
- ECPrivateKey *privKey; /* contains both public and private values */
+ ECPrivateKey *privKey = NULL; // contains both public and private values
ECParams *ecparams = NULL;
SECKEYECParams params_item;
jint jSeedLength;
jbyte* pSeedBuffer = NULL;
- jlongArray result = NULL;
- jlong* resultElements = NULL;
+ jobjectArray result = NULL;
+ jclass baCls = NULL;
+ jbyteArray jba;
// Initialize the ECParams struct
params_item.len = env->GetArrayLength(encodedParams);
@@ -106,61 +124,61 @@
}
jboolean isCopy;
- result = env->NewLongArray(2);
- resultElements = env->GetLongArrayElements(result, &isCopy);
+ baCls = env->FindClass("[B");
+ if (baCls == NULL) {
+ goto cleanup;
+ }
+ result = env->NewObjectArray(2, baCls, NULL);
+ if (result == NULL) {
+ goto cleanup;
+ }
+ jba = getEncodedBytes(env, &(privKey->privateValue));
+ if (jba == NULL) {
+ result = NULL;
+ goto cleanup;
+ }
+ env->SetObjectArrayElement(result, 0, jba); // big integer
+ if (env->ExceptionCheck()) { // should never happen
+ result = NULL;
+ goto cleanup;
+ }
- resultElements[0] = (jlong) &(privKey->privateValue); // private big integer
- resultElements[1] = (jlong) &(privKey->publicValue); // encoded ec point
-
- // If the array is a copy then we must write back our changes
- if (isCopy == JNI_TRUE) {
- env->ReleaseLongArrayElements(result, resultElements, 0);
+ jba = getEncodedBytes(env, &(privKey->publicValue));
+ if (jba == NULL) {
+ result = NULL;
+ goto cleanup;
+ }
+ env->SetObjectArrayElement(result, 1, jba); // encoded ec point
+ if (env->ExceptionCheck()) { // should never happen
+ result = NULL;
+ goto cleanup;
}
cleanup:
{
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-
- if (ecparams)
+ }
+ if (ecparams) {
FreeECParams(ecparams, true);
-
+ }
if (privKey) {
FreeECParams(&privKey->ecParams, false);
SECITEM_FreeItem(&privKey->version, B_FALSE);
- // Don't free privKey->privateValue and privKey->publicValue
+ SECITEM_FreeItem(&privKey->privateValue, B_FALSE);
+ SECITEM_FreeItem(&privKey->publicValue, B_FALSE);
+ free(privKey);
}
-
- if (pSeedBuffer)
+ if (pSeedBuffer) {
delete [] pSeedBuffer;
+ }
}
return result;
}
/*
- * Class: sun_security_ec_ECKeyPairGenerator
- * Method: getEncodedBytes
- * Signature: (J)[B
- */
-JNIEXPORT jbyteArray
-JNICALL Java_sun_security_ec_ECKeyPairGenerator_getEncodedBytes
- (JNIEnv *env, jclass clazz, jlong hSECItem)
-{
- SECItem *s = (SECItem *)hSECItem;
- jbyteArray jEncodedBytes = env->NewByteArray(s->len);
-
- // Copy bytes from a native SECItem buffer to Java byte array
- env->SetByteArrayRegion(jEncodedBytes, 0, s->len, (jbyte *)s->data);
-
- // Use B_FALSE to free only the SECItem->data
- SECITEM_FreeItem(s, B_FALSE);
-
- return jEncodedBytes;
-}
-
-/*
* Class: sun_security_ec_ECDSASignature
* Method: signDigest
* Signature: ([B[B[B[B)[B
@@ -234,21 +252,26 @@
cleanup:
{
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-
- if (pDigestBuffer)
+ }
+ if (privKey.privateValue.data) {
+ env->ReleaseByteArrayElements(privateKey,
+ (jbyte *) privKey.privateValue.data, JNI_ABORT);
+ }
+ if (pDigestBuffer) {
delete [] pDigestBuffer;
-
- if (pSignedDigestBuffer)
+ }
+ if (pSignedDigestBuffer) {
delete [] pSignedDigestBuffer;
-
- if (pSeedBuffer)
+ }
+ if (pSeedBuffer) {
delete [] pSeedBuffer;
-
- if (ecparams)
+ }
+ if (ecparams) {
FreeECParams(ecparams, true);
+ }
}
return jSignedDigest;
diff --git a/jdk/src/solaris/classes/sun/print/CUPSPrinter.java b/jdk/src/solaris/classes/sun/print/CUPSPrinter.java
index a54316e..2899af8 100644
--- a/jdk/src/solaris/classes/sun/print/CUPSPrinter.java
+++ b/jdk/src/solaris/classes/sun/print/CUPSPrinter.java
@@ -126,7 +126,7 @@
/**
* Returns array of MediaSizeNames derived from PPD.
*/
- public MediaSizeName[] getMediaSizeNames() {
+ MediaSizeName[] getMediaSizeNames() {
initMedia();
return cupsMediaSNames;
}
@@ -135,7 +135,7 @@
/**
* Returns array of Custom MediaSizeNames derived from PPD.
*/
- public CustomMediaSizeName[] getCustomMediaSizeNames() {
+ CustomMediaSizeName[] getCustomMediaSizeNames() {
initMedia();
return cupsCustomMediaSNames;
}
@@ -144,7 +144,7 @@
/**
* Returns array of MediaPrintableArea derived from PPD.
*/
- public MediaPrintableArea[] getMediaPrintableArea() {
+ MediaPrintableArea[] getMediaPrintableArea() {
initMedia();
return cupsMediaPrintables;
}
@@ -152,7 +152,7 @@
/**
* Returns array of MediaTrays derived from PPD.
*/
- public MediaTray[] getMediaTrays() {
+ MediaTray[] getMediaTrays() {
initMedia();
return cupsMediaTrays;
}
diff --git a/jdk/src/solaris/classes/sun/print/IPPPrintService.java b/jdk/src/solaris/classes/sun/print/IPPPrintService.java
index 28d6e1c..b7acf6b 100644
--- a/jdk/src/solaris/classes/sun/print/IPPPrintService.java
+++ b/jdk/src/solaris/classes/sun/print/IPPPrintService.java
@@ -993,7 +993,9 @@
public synchronized Class[] getSupportedAttributeCategories() {
if (supportedCats != null) {
- return supportedCats;
+ Class<?> [] copyCats = new Class<?>[supportedCats.length];
+ System.arraycopy(supportedCats, 0, copyCats, 0, copyCats.length);
+ return copyCats;
}
initAttributes();
@@ -1050,7 +1052,9 @@
}
supportedCats = new Class[catList.size()];
catList.toArray(supportedCats);
- return supportedCats;
+ Class<?>[] copyCats = new Class<?>[supportedCats.length];
+ System.arraycopy(supportedCats, 0, copyCats, 0, copyCats.length);
+ return copyCats;
}
diff --git a/jdk/src/solaris/native/java/net/AbstractPlainDatagramSocketImpl.c b/jdk/src/solaris/native/java/net/AbstractPlainDatagramSocketImpl.c
new file mode 100644
index 0000000..075fffc
--- /dev/null
+++ b/jdk/src/solaris/native/java/net/AbstractPlainDatagramSocketImpl.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#ifdef __solaris__
+#include <unistd.h>
+#include <stropts.h>
+
+#ifndef BSD_COMP
+#define BSD_COMP
+#endif
+
+#endif
+
+#include <sys/ioctl.h>
+
+#include "jvm.h"
+#include "jni_util.h"
+#include "net_util.h"
+
+#include "java_net_AbstractPlainDatagramSocketImpl.h"
+
+static jfieldID IO_fd_fdID;
+
+static jfieldID apdsi_fdID;
+
+
+/*
+ * Class: java_net_AbstractPlainDatagramSocketImpl
+ * Method: init
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL
+Java_java_net_AbstractPlainDatagramSocketImpl_init(JNIEnv *env, jclass cls) {
+
+ apdsi_fdID = (*env)->GetFieldID(env, cls, "fd",
+ "Ljava/io/FileDescriptor;");
+ CHECK_NULL(apdsi_fdID);
+
+ IO_fd_fdID = NET_GetFileDescriptorID(env);
+}
+
+/*
+ * Class: java_net_AbstractPlainDatagramSocketImpl
+ * Method: dataAvailable
+ * Signature: ()I
+ */
+JNIEXPORT jint JNICALL Java_java_net_AbstractPlainDatagramSocketImpl_dataAvailable
+(JNIEnv *env, jobject this) {
+ int fd, retval;
+
+ jobject fdObj = (*env)->GetObjectField(env, this, apdsi_fdID);
+
+ if (IS_NULL(fdObj)) {
+ JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException",
+ "Socket closed");
+ return -1;
+ }
+ fd = (*env)->GetIntField(env, fdObj, IO_fd_fdID);
+
+ if (ioctl(fd, FIONREAD, &retval) < 0) {
+ return -1;
+ }
+ return retval;
+}
diff --git a/jdk/src/windows/bin/java_md.c b/jdk/src/windows/bin/java_md.c
index d08f2bf..43ccfc8 100644
--- a/jdk/src/windows/bin/java_md.c
+++ b/jdk/src/windows/bin/java_md.c
@@ -1306,6 +1306,14 @@
/* save path length */
jrePathLen = JLI_StrLen(libraryPath);
+ if (jrePathLen + JLI_StrLen("\\bin\\verify.dll") >= MAXPATHLEN) {
+ /* jre path is too long, the library path will not fit there;
+ * report and abort preloading
+ */
+ JLI_ReportErrorMessage(JRE_ERROR11);
+ break;
+ }
+
/* load msvcrt 1st */
LoadMSVCRT();
diff --git a/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java b/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java
index 765a9b4..0070bd4 100644
--- a/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java
+++ b/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java
@@ -583,11 +583,18 @@
// Needs to be accessible to Win32ShellFolderManager2
static String getFileSystemPath(final int csidl) throws IOException, InterruptedException {
- return invoke(new Callable<String>() {
+ String path = invoke(new Callable<String>() {
public String call() throws IOException {
return getFileSystemPath0(csidl);
}
}, IOException.class);
+ if (path != null) {
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ security.checkRead(path);
+ }
+ }
+ return path;
}
// NOTE: this method uses COM and must be called on the 'COM thread'. See ComInvoker for the details
diff --git a/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java b/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java
index a9522ee..41ba690 100644
--- a/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java
+++ b/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java
@@ -136,6 +136,8 @@
if (desktop == null) {
try {
desktop = new Win32ShellFolder2(DESKTOP);
+ } catch (SecurityException e) {
+ // Ignore error
} catch (IOException e) {
// Ignore error
} catch (InterruptedException e) {
@@ -149,6 +151,8 @@
if (drives == null) {
try {
drives = new Win32ShellFolder2(DRIVES);
+ } catch (SecurityException e) {
+ // Ignore error
} catch (IOException e) {
// Ignore error
} catch (InterruptedException e) {
@@ -165,6 +169,8 @@
if (path != null) {
recent = createShellFolder(getDesktop(), new File(path));
}
+ } catch (SecurityException e) {
+ // Ignore error
} catch (InterruptedException e) {
// Ignore error
} catch (IOException e) {
@@ -178,6 +184,8 @@
if (network == null) {
try {
network = new Win32ShellFolder2(NETWORK);
+ } catch (SecurityException e) {
+ // Ignore error
} catch (IOException e) {
// Ignore error
} catch (InterruptedException e) {
@@ -201,6 +209,8 @@
personal.setIsPersonal();
}
}
+ } catch (SecurityException e) {
+ // Ignore error
} catch (InterruptedException e) {
// Ignore error
} catch (IOException e) {
diff --git a/jdk/src/windows/classes/sun/awt/windows/ThemeReader.java b/jdk/src/windows/classes/sun/awt/windows/ThemeReader.java
index 6324899..3bd048a 100644
--- a/jdk/src/windows/classes/sun/awt/windows/ThemeReader.java
+++ b/jdk/src/windows/classes/sun/awt/windows/ThemeReader.java
@@ -60,18 +60,12 @@
new ReentrantReadWriteLock();
private static final Lock readLock = readWriteLock.readLock();
private static final Lock writeLock = readWriteLock.writeLock();
+ private static volatile boolean valid = false;
static void flush() {
- writeLock.lock();
- try {
- // Close old themes.
- for (Long value : widgetToTheme.values()) {
- closeTheme(value.longValue());
- }
- widgetToTheme.clear();
- } finally {
- writeLock.unlock();
- }
+ // Could be called on Toolkit thread, so do not try to aquire locks
+ // to avoid deadlock with theme initialization
+ valid = false;
}
public static native boolean isThemed();
@@ -98,6 +92,24 @@
// returns theme value
// this method should be invoked with readLock locked
private static Long getTheme(String widget) {
+ if (!valid) {
+ readLock.unlock();
+ writeLock.lock();
+ try {
+ if (!valid) {
+ // Close old themes.
+ for (Long value : widgetToTheme.values()) {
+ closeTheme(value);
+ }
+ widgetToTheme.clear();
+ valid = true;
+ }
+ } finally {
+ readLock.lock();
+ writeLock.unlock();
+ }
+ }
+
// mostly copied from the javadoc for ReentrantReadWriteLock
Long theme = widgetToTheme.get(widget);
if (theme == null) {
diff --git a/jdk/src/windows/classes/sun/awt/windows/WToolkit.java b/jdk/src/windows/classes/sun/awt/windows/WToolkit.java
index a261122..5a72c9d 100644
--- a/jdk/src/windows/classes/sun/awt/windows/WToolkit.java
+++ b/jdk/src/windows/classes/sun/awt/windows/WToolkit.java
@@ -38,6 +38,7 @@
import java.security.PrivilegedAction;
import sun.awt.AWTAutoShutdown;
import sun.awt.LightweightFrame;
+import sun.awt.AppContext;
import sun.awt.SunToolkit;
import sun.misc.ThreadGroupUtils;
import sun.awt.Win32GraphicsDevice;
@@ -579,7 +580,6 @@
/**
* Returns <code>true</code> if this frame state is supported.
*/
- @Override
public boolean isFrameStateSupported(int state) {
switch (state) {
case Frame.NORMAL:
@@ -929,12 +929,16 @@
* Windows doesn't always send WM_SETTINGCHANGE when it should.
*/
private void windowsSettingChange() {
- EventQueue.invokeLater(new Runnable() {
- @Override
- public void run() {
- updateProperties();
- }
- });
+ if (AppContext.getAppContext() == null) {
+ // We cannot post the update to any EventQueue. Listeners will
+ // be called on EDTs by DesktopPropertyChangeSupport
+ updateProperties();
+ } else {
+ // Cannot update on Toolkit thread.
+ // DesktopPropertyChangeSupport will call listeners on Toolkit
+ // thread if it has AppContext (standalone mode)
+ EventQueue.invokeLater(this::updateProperties);
+ }
}
private synchronized void updateProperties() {
@@ -974,7 +978,6 @@
* initialize only static props here and do not try to initialize props which depends on wprops,
* this should be done in lazilyLoadDesktopProperty() only.
*/
- @Override
protected synchronized void initializeDesktopProperties() {
desktopProperties.put("DnD.Autoscroll.initialDelay",
Integer.valueOf(50));
diff --git a/jdk/src/windows/native/java/net/AbstractPlainDatagramSocketImpl.c b/jdk/src/windows/native/java/net/AbstractPlainDatagramSocketImpl.c
new file mode 100644
index 0000000..7244e66
--- /dev/null
+++ b/jdk/src/windows/native/java/net/AbstractPlainDatagramSocketImpl.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <windows.h>
+#include <winsock2.h>
+
+#include "jvm.h"
+#include "jni_util.h"
+#include "net_util.h"
+
+#include "java_net_AbstractPlainDatagramSocketImpl.h"
+
+static jfieldID IO_fd_fdID;
+
+static jfieldID apdsi_fdID;
+
+
+/*
+ * Class: java_net_AbstractPlainDatagramSocketImpl
+ * Method: init
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL
+Java_java_net_AbstractPlainDatagramSocketImpl_init(JNIEnv *env, jclass cls) {
+
+ apdsi_fdID = (*env)->GetFieldID(env, cls, "fd",
+ "Ljava/io/FileDescriptor;");
+ CHECK_NULL(apdsi_fdID);
+
+ IO_fd_fdID = NET_GetFileDescriptorID(env);
+ CHECK_NULL(IO_fd_fdID);
+
+ JNU_CHECK_EXCEPTION(env);
+}
+
+/*
+ * Class: java_net_AbstractPlainDatagramSocketImpl
+ * Method: dataAvailable
+ * Signature: ()I
+ */
+JNIEXPORT jint JNICALL Java_java_net_AbstractPlainDatagramSocketImpl_dataAvailable
+(JNIEnv *env, jobject this) {
+ SOCKET fd;
+ int retval;
+
+ jobject fdObj = (*env)->GetObjectField(env, this, apdsi_fdID);
+
+ if (IS_NULL(fdObj)) {
+ JNU_ThrowByName(env, JNU_JAVANETPKG "SocketException",
+ "Socket closed");
+ return -1;
+ }
+ fd = (SOCKET)(*env)->GetIntField(env, fdObj, IO_fd_fdID);
+
+ if (ioctlsocket(fd, FIONREAD, &retval) < 0) {
+ return -1;
+ }
+ return retval;
+}
+
diff --git a/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c b/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c
index ddbc006..8e02c18 100644
--- a/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c
+++ b/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -213,6 +213,14 @@
void
SplashRedrawWindow(Splash * splash)
{
+ if (!SplashIsStillLooping(splash)) {
+ KillTimer(splash->hWnd, 0);
+ }
+
+ if (splash->currentFrame < 0) {
+ return;
+ }
+
SplashUpdateScreenData(splash);
if (splash->isLayered) {
BLENDFUNCTION bf;
@@ -303,9 +311,6 @@
time = 0;
SetTimer(splash->hWnd, 0, time, NULL);
}
- else {
- KillTimer(splash->hWnd, 0);
- }
}
void SplashReconfigureNow(Splash * splash) {
diff --git a/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java b/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java
index a8e7589..8935b66 100644
--- a/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java
+++ b/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 6741606 7146431 8000450 8019830 8022945
+ * @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633
* @summary Make sure all restricted packages listed in the package.access
* property in the java.security file are blocked
* @run main/othervm CheckPackageAccess
@@ -84,7 +84,8 @@
"org.jcp.xml.dsig.internal.",
"jdk.internal.",
"jdk.nashorn.internal.",
- "jdk.nashorn.tools."
+ "jdk.nashorn.tools.",
+ "com.sun.activation.registries."
};
public static void main(String[] args) throws Exception {
diff --git a/jdk/test/javax/management/remote/mandatory/util/CacheMapTest.java b/jdk/test/javax/management/remote/mandatory/util/CacheMapTest.java
deleted file mode 100644
index bdd55db..0000000
--- a/jdk/test/javax/management/remote/mandatory/util/CacheMapTest.java
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 7654321
- * @summary Tests the CacheMap class.
- * @author Eamonn McManus
- * @run clean CacheMapTest
- * @run build CacheMapTest
- * @run main CacheMapTest
- */
-
-import java.util.Iterator;
-import java.util.Map;
-
-import com.sun.jmx.remote.util.CacheMap;
-
-public class CacheMapTest {
- public static void main(String[] args) {
- try {
- boolean ok = test(5) && test(100);
- if (ok) {
- System.out.println("Test completed");
- return;
- } else {
- System.out.println("Test failed!");
- System.exit(1);
- }
- } catch (Exception e) {
- System.err.println("Unexpected exception: " + e);
- e.printStackTrace();
- System.exit(1);
- }
- }
-
- private static boolean test(int cacheSize) throws Exception {
- System.out.println("CacheMap test with cache size " + cacheSize);
- CacheMap map = new CacheMap(cacheSize);
- int size = 0;
- int maxIterations = cacheSize * 10;
- while (map.size() == size && size < maxIterations) {
- Integer key = new Integer(size);
- Object x = map.put(key, "x");
- if (x != null) {
- System.out.println("Map already had entry " + key + "!");
- return false;
- }
- x = map.get(key);
- if (!"x".equals(x)) {
- System.out.println("Got back surprising value: " + x);
- return false;
- }
- size++;
- }
- System.out.println("Map size is " + map.size() + " after inserting " +
- size + " elements");
- do {
- System.gc();
- Thread.sleep(1);
- System.out.println("Map size is " + map.size() + " after GC");
- } while (map.size() > cacheSize);
- if (map.size() < cacheSize) {
- System.out.println("Map shrank to less than cache size: " +
- map.size() + " (surprising but not wrong)");
- } else
- System.out.println("Map shrank to cache size as expected");
- int lowest = size - cacheSize;
- // lowest value that can still be in cache if LRU is respected
- for (Iterator it = map.entrySet().iterator(); it.hasNext(); ) {
- Map.Entry entry = (Map.Entry) it.next();
- Integer x = (Integer) entry.getKey();
- int xx = x.intValue();
- if (xx < lowest || xx >= size) {
- System.out.println("Old value remained (" + x + "), " +
- "expected none earlier than " + lowest);
- return false;
- }
- Object xxx = entry.getValue();
- if (!"x".equals(xxx)) {
- System.out.println("Got back surprising value: " + xxx);
- return false;
- }
- }
- if (map.size() > 0)
- System.out.println("Remaining elements are the most recent ones");
- System.out.println("Test passed");
- return true;
- }
-}
diff --git a/jdk/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java b/jdk/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java
index 361ac86..69745aa 100644
--- a/jdk/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java
+++ b/jdk/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java
@@ -69,11 +69,6 @@
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
- "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
- "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
- "SSL_RSA_WITH_RC4_128_SHA",
- "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
- "TLS_ECDH_RSA_WITH_RC4_128_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
@@ -97,6 +92,12 @@
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+
+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ "SSL_RSA_WITH_RC4_128_SHA",
+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDH_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_MD5",
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
@@ -110,10 +111,20 @@
"TLS_DH_anon_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
"TLS_DH_anon_WITH_AES_128_CBC_SHA",
- "TLS_ECDH_anon_WITH_RC4_128_SHA",
- "SSL_DH_anon_WITH_RC4_128_MD5",
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_anon_WITH_RC4_128_SHA",
+ "SSL_DH_anon_WITH_RC4_128_MD5",
+ "SSL_RSA_WITH_DES_CBC_SHA",
+ "SSL_DHE_RSA_WITH_DES_CBC_SHA",
+ "SSL_DHE_DSS_WITH_DES_CBC_SHA",
+ "SSL_DH_anon_WITH_DES_CBC_SHA",
+ "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+ "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+ "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
"TLS_RSA_WITH_NULL_SHA256",
"TLS_ECDHE_ECDSA_WITH_NULL_SHA",
"TLS_ECDHE_RSA_WITH_NULL_SHA",
@@ -122,26 +133,16 @@
"TLS_ECDH_RSA_WITH_NULL_SHA",
"TLS_ECDH_anon_WITH_NULL_SHA",
"SSL_RSA_WITH_NULL_MD5",
- "SSL_RSA_WITH_DES_CBC_SHA",
- "SSL_DHE_RSA_WITH_DES_CBC_SHA",
- "SSL_DHE_DSS_WITH_DES_CBC_SHA",
- "SSL_DH_anon_WITH_DES_CBC_SHA",
- "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
- "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
- "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
- "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
- "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
- "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
- "TLS_KRB5_WITH_RC4_128_SHA",
- "TLS_KRB5_WITH_RC4_128_MD5",
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
"TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+ "TLS_KRB5_WITH_RC4_128_SHA",
+ "TLS_KRB5_WITH_RC4_128_MD5",
"TLS_KRB5_WITH_DES_CBC_SHA",
"TLS_KRB5_WITH_DES_CBC_MD5",
- "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
- "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
- "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
+ "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+ "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+ "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
);
private final static String[] protocols = {
diff --git a/langtools/.hgtags b/langtools/.hgtags
index 4b2d1bc..f72f296 100644
--- a/langtools/.hgtags
+++ b/langtools/.hgtags
@@ -260,6 +260,7 @@
9003a59a512e6b764d8a3f805aadc3996a58e5bd jdk8u5-b02
30e3dad0ebbdf3129bacd04a7f4cdecd3df92bb2 jdk8u5-b03
019dcdfffced0ca2026a0ad8c0e5fcb49d46116f jdk8u5-b04
+c9db8c800797258540e0411e58b8f7d59273de5f jdk8u11-b00
c9db8c800797258540e0411e58b8f7d59273de5f jdk8u5-b05
b1920c0b701d5ff219c9f622db5cafc9bf00d5c8 jdk8u5-b06
180df7f2c078f1efaa6fcd8ca9f55dc5f81b182c jdk8u5-b07
@@ -269,6 +270,20 @@
a12055904afd9f951131804868215e724c71b684 jdk8u5-b11
2a7002626e7997e946b96530629e2787bc1864bb jdk8u5-b12
9beafb58fb99e8b5f7577b2f26b12743ef4d07e7 jdk8u5-b13
+6614bfcdcd4d915b1b8e3ba3480d53ff83988290 jdk8u5-b31
+d37e407fba44f68c660f89be4e48f9e7b256a2d5 jdk8u11-b01
+e75f843c4bf81c79ca4c5d51dfe5fe39525c5301 jdk8u11-b02
+d9904b00b027b9176d6479dee7c7f4e054a68710 jdk8u11-b03
+5b5c46fe954cb744e2633e1ab097e934cc547a57 jdk8u11-b04
+f491f1581f196950c2cb858508dd06601968c417 jdk8u11-b05
+a4ecc38ec7910d5beb07be4623bd80dabe1fbfe8 jdk8u11-b06
+7803caf52e4b12f11e552565f55ef65aeb2be6a5 jdk8u11-b07
+a47aa3203c0210def786ab5ee685e97d07e8bf77 jdk8u11-b08
+e973a591a2182c0bdbdd9545ab13f83325acf1e6 jdk8u11-b09
+51cade4632608a6c0b8da33f420bd546aecf6faf jdk8u11-b10
+dc0d952b4199dc1cbc534c9afd535c78d21ed519 jdk8u11-b11
+0a79fea6f9cf713012211e933655175d52c6bc36 jdk8u11-b12
+16995a2b970df6be039cdaaedb5ade6099ffad8c jdk8u11-b31
26b33a6ea08810853af37e81c9b435465b289c98 jdk8u20-b02
a07271bca831cf1bab35a2ffbcebd8e060b2734b jdk8u20-b03
613c1d9930c9f650e3fc6926215931a85b679c66 jdk8u20-b04
@@ -291,3 +306,10 @@
a550336d045faa63ac4439d4901d9f36e0b634bf jdk8u20-b18
c04d99e00268ed87cfbdf76beb1a0ea08abd9a9c jdk8u20-b19
e92effa22ecee1cb9965c278e45e2b1a6fbe0766 jdk8u20-b20
+7de1481c6cd88b42d815ae65e2d5b1cd918e11d1 jdk8u20-b21
+f491f1581f196950c2cb858508dd06601968c417 jdk8u25-b00
+5bc865e0a2e3c59c1c8bc41e731509e1737ddea1 jdk8u25-b01
+4dec0c684a9ead80ea2bca6b042682367c1abf90 jdk8u25-b02
+1d039298d33f8062a0aa75442bd39434e16ee2df jdk8u25-b03
+5c806c4b2830056caaca3329e634ff040bfe1c7b jdk8u25-b04
+f1625806cabab809993fbc650b77c5a28d70035d jdk8u25-b05
diff --git a/nashorn/.hgtags b/nashorn/.hgtags
index 96f8aaa..ee898d1 100644
--- a/nashorn/.hgtags
+++ b/nashorn/.hgtags
@@ -258,6 +258,20 @@
bc23b19e08eb1575663044902b6442ceaafa924f jdk8u5-b11
18b007062905dac9304605955a4b84eaf2a08553 jdk8u5-b12
e4fb85d69d6b33c9561b932ec5515f44c53c1017 jdk8u5-b13
+53cc5fda790e0f90dca53fb459c70517d76680bc jdk8u5-b31
+53cc5fda790e0f90dca53fb459c70517d76680bc jdk8u11-b01
+4dda2b1e51aa7977f53c261f983230fe505bbc3e jdk8u11-b02
+161f144c4e84037f655a2f6ebb0ba3057e8b18fa jdk8u11-b03
+2842beaa5db81731abe9d895181fbfceef720cf3 jdk8u11-b04
+7001e9f95b443a75e432205a29974c05b88e0fdc jdk8u11-b05
+daa414a4d8b712584d0818fab3fd31996e4cb645 jdk8u11-b06
+d9d482948b7c89161887b47e68e3367663d51b76 jdk8u11-b07
+a392513941025e2750acdcc45f9df2ec9080bde9 jdk8u11-b08
+dec6999877f39d3c17f7a092d8e2e17b676bb34b jdk8u11-b09
+d522ff5f53730cabd02c1863bb9d437c13bcc5e0 jdk8u11-b10
+3175dcbdd76ee9272276fa756247203dffb20596 jdk8u11-b11
+eea7f92c5fcc95310a6d946300ea47ac3e302cfe jdk8u11-b12
+b2c8eadc494bd32ed47d15d02cf942a8bd92c57f jdk8u11-b31
43a1183d2ab0ee3dbffd8bc47606e88dbe0c6116 jdk8u20-b02
9d69311869d513deecfebe767cc5f01502c9c01e jdk8u20-b03
e70dd55986e085185d976f2a78843a7d7eb87afd jdk8u20-b04
@@ -280,3 +294,10 @@
847387339a561e50353c0805a54ec14eca256d2a jdk8u20-b18
b047df215de40cb8a87ff1e2bac0b57bb9e2e121 jdk8u20-b19
ed3439dca4a73a2dd4a284f3457f0af216a3eb55 jdk8u20-b20
+f2925491b61b22ac42f8c30ee9c6723ffa401a4c jdk8u20-b21
+7001e9f95b443a75e432205a29974c05b88e0fdc jdk8u25-b00
+a9f77bd14874d5f8fdf935704dd54a0451f2bc69 jdk8u25-b01
+895e47783e2ee6823496a5ae84039a4f50311c7d jdk8u25-b02
+b84d92194c367411fcd8b5f510d4589709a8e71e jdk8u25-b03
+894ab2f06c93987f8596f5906985ff0a452f2fb2 jdk8u25-b04
+25b89ca363c41e1a1d90d7e95d5227d23e4292f3 jdk8u25-b05