[cp-patches] FYI: PR42390: Add security check to LogManager.{add, remove}PropertyChangeListener

Sat, 25 Dec 2010 10:49:37 -0800 

Another missing security check reported in PR42390:

2010-12-25  Andrew John Hughes  <[email protected]>

        PR classpath/42390
        * java/util/logging/LogManager.java:
        (addPropertyChangeListener(PropertyChangeListener)):
        Document fully.  Throw NPE in a clearer way.  Add
        SecurityException.
        (removePropertyChangeListener(PropertyChangeListener)):
        Document fully. Add SecurityException.
-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint = F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8

Index: java/util/logging/LogManager.java
===================================================================
RCS file: /sources/classpath/classpath/java/util/logging/LogManager.java,v
retrieving revision 1.29
diff -u -u -r1.29 LogManager.java
--- java/util/logging/LogManager.java   3 Jun 2010 19:13:14 -0000       1.29
+++ java/util/logging/LogManager.java   25 Dec 2010 17:29:19 -0000
@@ -211,11 +211,21 @@
   /**
    * Registers a listener which will be notified when the
    * logging properties are re-read.
+   *
+   * @param listener the event listener to register.
+   * @throws NullPointerException if the listener is {...@code null}.
+   * @throws SecurityException if a security manager exists and the
+   *                           calling code does not have the permission
+   *                           {...@code LoggingPermission("control")}.
    */
   public synchronized void addPropertyChangeListener(PropertyChangeListener 
listener)
   {
-    /* do not register null. */
-    listener.getClass();
+    if (listener == null)
+      throw new NullPointerException("Attempt to add null property change 
listener");
+
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      sm.checkPermission(new LoggingPermission("control", null));
 
     pcs.addPropertyChangeListener(listener);
   }
@@ -226,11 +236,22 @@
    * If <code>listener</code> has not been registered previously,
    * nothing happens.  Also, no exception is thrown if
    * <code>listener</code> is <code>null</code>.
+   *
+   * @param listener the listener to remove.
+   * @throws SecurityException if a security manager exists and the
+   *                           calling code does not have the permission
+   *                           {...@code LoggingPermission("control")}.
    */
   public synchronized void removePropertyChangeListener(PropertyChangeListener 
listener)
   {
     if (listener != null)
-      pcs.removePropertyChangeListener(listener);
+      {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null)
+          sm.checkPermission(new LoggingPermission("control", null));
+
+        pcs.removePropertyChangeListener(listener);
+      }
   }
 
   /**

Reply via email to