The following two patches I committed fix the remaining issues reported in PR42390:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42390 1. https://lists.gnu.org/archive/html/commit-classpath/2012-02/msg00002.html Add missing security calls in DatagramSocket.connect. 2. https://lists.gnu.org/archive/html/commit-classpath/2012-02/msg00003.html Access properties in a privileged block to avoid inappropriate SecurityExceptions being thrown. ChangeLog: 2012-02-08 Andrew John Hughes <[email protected]> PR classpath/42390 * java/nio/channels/spi/SelectorProvider.java: (provider()): Retrieve property value using PrivilegedAction. * java/security/KeyStore.java: (getDefaultType()): Likewise. 2012-02-06 Andrew John Hughes <[email protected]> PR classpath/42390 * java/net/DatagramSocket.java: (connect(InetAddress,int)): Add missing security checks which OpenJDK performs and we don't. It's possible to initialise a DatagramSocket with null so we should also ensure we are bound. Patches attached. -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
Index: java/net/DatagramSocket.java
===================================================================
RCS file: /sources/classpath/classpath/java/net/DatagramSocket.java,v
retrieving revision 1.52
diff -u -u -r1.52 DatagramSocket.java
--- java/net/DatagramSocket.java 3 Jun 2010 19:13:02 -0000 1.52
+++ java/net/DatagramSocket.java 8 Feb 2012 14:34:20 -0000
@@ -525,7 +525,27 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null)
- sm.checkConnect(address.getHostAddress(), port);
+ {
+ if (address.isMulticastAddress())
+ sm.checkMulticast(address);
+ else
+ {
+ sm.checkConnect(address.getHostAddress(), port);
+ sm.checkAccept(address.getHostAddress(), port);
+ }
+ }
+
+ if (!isBound())
+ {
+ try
+ {
+ bind(new InetSocketAddress(0));
+ }
+ catch (SocketException e)
+ {
+ throw new Error("Binding socket failed.", e);
+ }
+ }
try
{
Index: java/nio/channels/spi/SelectorProvider.java
===================================================================
RCS file:
/sources/classpath/classpath/java/nio/channels/spi/SelectorProvider.java,v
retrieving revision 1.14
diff -u -u -r1.14 SelectorProvider.java
--- java/nio/channels/spi/SelectorProvider.java 3 Jun 2010 19:13:03 -0000
1.14
+++ java/nio/channels/spi/SelectorProvider.java 8 Feb 2012 18:29:26 -0000
@@ -46,6 +46,8 @@
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
/**
* @author Michael Koch
@@ -145,14 +147,18 @@
* Returns the system-wide default selector provider for this invocation
* of the Java virtual machine.
*
- * @return the default seletor provider
+ * @return the default selector provider
*/
public static synchronized SelectorProvider provider()
{
if (systemDefaultProvider == null)
{
- String propertyValue =
- System.getProperty("java.nio.channels.spi.SelectorProvider");
+ String propertyValue = AccessController.doPrivileged(new
PrivilegedAction<String> () {
+ public String run()
+ {
+ return
System.getProperty("java.nio.channels.spi.SelectorProvider");
+ }
+ });
if (propertyValue == null || propertyValue.equals(""))
systemDefaultProvider = new SelectorProviderImpl();
Index: java/security/KeyStore.java
===================================================================
RCS file: /sources/classpath/classpath/java/security/KeyStore.java,v
retrieving revision 1.16
diff -u -u -r1.16 KeyStore.java
--- java/security/KeyStore.java 3 Jun 2010 19:13:07 -0000 1.16
+++ java/security/KeyStore.java 8 Feb 2012 18:29:27 -0000
@@ -214,7 +214,12 @@
{
// Security reads every property in java.security so it
// will return this property if it exists.
- String tmp = Security.getProperty("keystore.type");
+ String tmp = AccessController.doPrivileged(new PrivilegedAction<String> ()
{
+ public String run()
+ {
+ return Security.getProperty("keystore.type");
+ }
+ });
if (tmp == null)
tmp = "gkr";
signature.asc
Description: Digital signature
