[cp-patches] [calendar] remove explicitDSTOffset from Calendar
Hi all, This patch removes the explicitDSTOffset stuff from Calendar. I'm not sure what the final solution to this is but the present method of locking the DST offset once set is not it. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9239.2.1 diff -u -r1.9239.2.1 ChangeLog --- ChangeLog 12 Apr 2007 15:29:51 - 1.9239.2.1 +++ ChangeLog 13 Apr 2007 07:40:38 - @@ -1,3 +1,10 @@ +2007-04-13 Gary Benson [EMAIL PROTECTED] + + * java/util/Calendar.java + (explicitDSTOffset): Remove. + (set(int, int)): Remove explicitDSTOffset stuff. + (set(int, int, int)): Likewise. + 2007-04-12 Gary Benson [EMAIL PROTECTED] * java/util/GregorianCalendar.java Index: java/util/Calendar.java === RCS file: /cvsroot/classpath/classpath/java/util/Calendar.java,v retrieving revision 1.52 diff -u -r1.52 Calendar.java --- java/util/Calendar.java 29 Dec 2006 02:17:58 - 1.52 +++ java/util/Calendar.java 13 Apr 2007 07:40:38 - @@ -1,5 +1,5 @@ /* Calendar.java -- - Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, 2005, 2006, + Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, 2005, 2006, 2007 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -443,13 +443,6 @@ private int minimalDaysInFirstWeek; /** - * Is set to true if DST_OFFSET is explicitly set. In that case - * it's value overrides the value computed from the current - * time and the timezone. - */ - private boolean explicitDSTOffset = false; - - /** * The version of the serialized data on the stream. * dldt0 or not present/dt * dd JDK 1.1.5 or later./dd @@ -846,12 +839,10 @@ isSet[AM_PM] = true; isSet[HOUR_OF_DAY] = false; break; - case DST_OFFSET: - explicitDSTOffset = true; } // May have crossed over a DST boundary. -if (! explicitDSTOffset (field != DST_OFFSET field != ZONE_OFFSET)) +if (field != DST_OFFSET field != ZONE_OFFSET) isSet[DST_OFFSET] = false; } @@ -875,8 +866,7 @@ isSet[DAY_OF_WEEK_IN_MONTH] = false; isSet[ERA] = false; -if (! explicitDSTOffset) - isSet[DST_OFFSET] = false; // May have crossed a DST boundary. +isSet[DST_OFFSET] = false; // May have crossed a DST boundary. } /**
[cp-patches] [calendar] GregorianCalendar.setDefaultFields() tweak
Hi again, This commit changes the default for DAY_OF_WEEK_IN_MONTH to match Sun's implementation, and adds a couple of comments explaining what might otherwise look like odd decisions. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9239.2.3 diff -u -r1.9239.2.3 ChangeLog --- ChangeLog 13 Apr 2007 08:12:36 - 1.9239.2.3 +++ ChangeLog 13 Apr 2007 09:17:23 - @@ -1,3 +1,9 @@ +2007-04-13 Gary Benson [EMAIL PROTECTED] + + * java/util/GregorianCalendar.java + (setDefaultFields): Change DAY_OF_WEEK_IN_MONTH default, + and add some comments. + 2007-04-13 Gary Benson [EMAIL PROTECTED] * java/util/Calendar.java Index: java/util/GregorianCalendar.java === RCS file: /cvsroot/classpath/classpath/java/util/GregorianCalendar.java,v retrieving revision 1.49.4.2 diff -u -r1.49.4.2 GregorianCalendar.java --- java/util/GregorianCalendar.java13 Apr 2007 08:12:37 - 1.49.4.2 +++ java/util/GregorianCalendar.java13 Apr 2007 09:17:23 - @@ -500,11 +500,15 @@ */ private void setDefaultFields() { +// According to the spec DAY_OF_WEEK_IN_MONTH defaults to 1, +// but Sun set it to 0 so we do too. int[] defaults = { - AD, 1970, JANUARY, 0, 0, 1, 0, -1, 1, AM, 0, 0, 0, 0, 0, 0, 0 + AD, 1970, JANUARY, 0, 0, 1, 0, -1, 0, AM, 0, 0, 0, 0, 0, 0, 0 }; System.arraycopy(defaults, 0, fields, 0, FIELD_COUNT); fields[DAY_OF_WEEK] = getFirstDayOfWeek(); +// It seems odd that a call to computeTime() should cause +// areFieldsSet to become true, but that's what Sun do... areFieldsSet = true; }
[cp-patches] [calendar] fix Calendar.setTimeZone()
Hi again, This commit makes Calendar.setTimeZone() simply invalidate the fields rather than recalculating the entire thing. There seems to be a general thing of setters invalidate, getters calculate going on in Sun's implementation. At the moment in Classpath we have a bit of a mixture, which makes things... interesting :) Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9239.2.4 diff -u -r1.9239.2.4 ChangeLog --- ChangeLog 13 Apr 2007 09:18:00 - 1.9239.2.4 +++ ChangeLog 13 Apr 2007 10:48:15 - @@ -1,3 +1,9 @@ +2007-04-13 Gary Benson [EMAIL PROTECTED] + + * java/util/Calendar.java + (setTimeZone): Don't recalculate anything, just invalidate + the fields. + 2007-04-13 Gary Benson [EMAIL PROTECTED] * java/util/GregorianCalendar.java Index: java/util/Calendar.java === RCS file: /cvsroot/classpath/classpath/java/util/Calendar.java,v retrieving revision 1.52.4.2 diff -u -r1.52.4.2 Calendar.java --- java/util/Calendar.java 13 Apr 2007 08:12:37 - 1.52.4.2 +++ java/util/Calendar.java 13 Apr 2007 10:48:15 - @@ -1088,8 +1088,7 @@ public void setTimeZone(TimeZone zone) { this.zone = zone; -computeTime(); -computeFields(); +areFieldsSet = false; } /**
[cp-patches] [calendar] Reorder Calendar.complete()
Hi again, This commit reorders Calendar.complete() and moves the setting of isTimeSet in order to match Sun's implementation. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9239.2.5 diff -u -r1.9239.2.5 ChangeLog --- ChangeLog 13 Apr 2007 10:48:41 - 1.9239.2.5 +++ ChangeLog 13 Apr 2007 11:46:29 - @@ -1,3 +1,10 @@ +2007-04-13 Gary Benson [EMAIL PROTECTED] + + * java/util/Calendar.java + (complete): Reorder, and set isTimeSet. + * java/util/GregorianCalendar.java + (computeTime): Do not set isTimeSet. + 2007-04-13 Gary Benson [EMAIL PROTECTED] * java/util/Calendar.java Index: java/util/Calendar.java === RCS file: /cvsroot/classpath/classpath/java/util/Calendar.java,v retrieving revision 1.52.4.3 diff -u -r1.52.4.3 Calendar.java --- java/util/Calendar.java 13 Apr 2007 10:48:42 - 1.52.4.3 +++ java/util/Calendar.java 13 Apr 2007 11:46:29 - @@ -951,10 +951,19 @@ */ protected void complete() { -if (! isTimeSet) - computeTime(); -if (! areFieldsSet) - computeFields(); +// computeFields() sets areFieldsSet, but computeTime() +// does not set isTimeSet. This seems odd, but it's what +// Sun's implementation does. +if (!isTimeSet) + { + computeTime(); + isTimeSet = true; + computeFields(); + } +else if (!areFieldsSet) + { + computeFields(); + } } /** Index: java/util/GregorianCalendar.java === RCS file: /cvsroot/classpath/classpath/java/util/GregorianCalendar.java,v retrieving revision 1.49.4.3 diff -u -r1.49.4.3 GregorianCalendar.java --- java/util/GregorianCalendar.java13 Apr 2007 09:18:00 - 1.49.4.3 +++ java/util/GregorianCalendar.java13 Apr 2007 11:46:29 - @@ -723,8 +723,6 @@ - zone.getRawOffset()); time -= rawOffset + dstOffset; - -isTimeSet = true; } /**
[cp-patches] [calendar] fix Calendar.clear()
Hi again, This commit removes the call to complete() from Calendar.clear(). Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9239.2.6 diff -u -r1.9239.2.6 ChangeLog --- ChangeLog 13 Apr 2007 11:47:12 - 1.9239.2.6 +++ ChangeLog 13 Apr 2007 13:01:16 - @@ -1,3 +1,8 @@ +2007-04-13 Gary Benson [EMAIL PROTECTED] + + * java/util/Calendar.java + (clear): Do not call complete. + 2007-04-13 Gary Benson [EMAIL PROTECTED] * java/util/Calendar.java Index: java/util/Calendar.java === RCS file: /cvsroot/classpath/classpath/java/util/Calendar.java,v retrieving revision 1.52.4.4 diff -u -r1.52.4.4 Calendar.java --- java/util/Calendar.java 13 Apr 2007 11:47:12 - 1.52.4.4 +++ java/util/Calendar.java 13 Apr 2007 13:01:16 - @@ -927,7 +927,6 @@ */ public final void clear(int field) { -complete(); isTimeSet = false; areFieldsSet = false; isSet[field] = false;
[cp-patches] [calendar] Another GregorianCalendar.setDefaultFields() tweak
Hi again, This commit makes GregorianCalendar.setDefaultFields() set only fields that are undefined. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9239.2.7 diff -u -r1.9239.2.7 ChangeLog --- ChangeLog 13 Apr 2007 13:01:50 - 1.9239.2.7 +++ ChangeLog 13 Apr 2007 13:05:06 - @@ -1,3 +1,9 @@ +2007-04-13 Gary Benson [EMAIL PROTECTED] + + * java/util/GregorianCalendar.java + (defaults): Moved from within setDefaultFields. + (setDefaultFields): Only set fields that are undefined. + 2007-04-13 Gary Benson [EMAIL PROTECTED] * java/util/Calendar.java Index: java/util/GregorianCalendar.java === RCS file: /cvsroot/classpath/classpath/java/util/GregorianCalendar.java,v retrieving revision 1.49.4.4 diff -u -r1.49.4.4 GregorianCalendar.java --- java/util/GregorianCalendar.java13 Apr 2007 11:47:12 - 1.49.4.4 +++ java/util/GregorianCalendar.java13 Apr 2007 13:05:06 - @@ -495,18 +495,30 @@ throw new IllegalArgumentException(Illegal DST_OFFSET.); } + // Default values for all fields, except DAY_OF_WEEK which + // defaults to getFirstDayOfWeek(). Note that according to + // the spec DAY_OF_WEEK_IN_MONTH defaults to 1, but Sun set + // it to 0 so we do too. + private int[] defaults = { +AD, 1970, JANUARY, 0, 0, 1, 0, -1, 0, AM, 0, 0, 0, 0, 0, 0, 0 + }; + /** * Set all fields to their default values. */ private void setDefaultFields() { -// According to the spec DAY_OF_WEEK_IN_MONTH defaults to 1, -// but Sun set it to 0 so we do too. -int[] defaults = { - AD, 1970, JANUARY, 0, 0, 1, 0, -1, 0, AM, 0, 0, 0, 0, 0, 0, 0 -}; -System.arraycopy(defaults, 0, fields, 0, FIELD_COUNT); -fields[DAY_OF_WEEK] = getFirstDayOfWeek(); +for (int i = 0; i FIELD_COUNT; i++) + { + if (isSet[i]) + continue; + + if (i == DAY_OF_WEEK) + fields[i] = getFirstDayOfWeek(); + else + fields[i] = defaults[i]; + } + // It seems odd that a call to computeTime() should cause // areFieldsSet to become true, but that's what Sun do... areFieldsSet = true;
[cp-patches] [calendar] Make computeTime() sometimes update fields
Hi again, This commit makes GregorianCalendar.computeTime() sometimes update the fields. The more weird logic I put in to make us match Sun the less happy I am, but I'm hoping that something's suddenly going to click and it's all going to become clear. Til then... well, that's why I'm working on a branch, no? Cheers, Gary
[cp-patches] [calendar] reorder GregorianCalendar.computeTime()
Hi all, This commit reorders the parts of GregorianCalendar.computeTime() that decide which fields to use into the priority order outlined in http://java.sun.com/javase/6/docs/api/java/util/Calendar.html#date_resolution. The previous incarnation was in an odd order and had some fun fallback cases. It's not correct yet -- it's not so much a question of which fields are set as it is a question of which fields were most recently set -- and this commit breaks a couple of things that relied on the previous, ordering. So it's on a branch :) Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9239 diff -u -r1.9239 ChangeLog --- ChangeLog 12 Apr 2007 15:09:31 - 1.9239 +++ ChangeLog 12 Apr 2007 15:27:00 - @@ -1,3 +1,8 @@ +2007-04-12 Gary Benson [EMAIL PROTECTED] + + * java/util/GregorianCalendar.java + (computeTime): Reorder the cases into priority order. + 2007-04-12 Christian Thalinger [EMAIL PROTECTED] * native/jni/gtk-peer/gnu_java_awt_peer_gtk_GtkClipboard.c Index: java/util/GregorianCalendar.java === RCS file: /cvsroot/classpath/classpath/java/util/GregorianCalendar.java,v retrieving revision 1.49 diff -u -r1.49 GregorianCalendar.java --- java/util/GregorianCalendar.java5 Apr 2007 12:52:44 - 1.49 +++ java/util/GregorianCalendar.java12 Apr 2007 15:27:00 - @@ -510,71 +510,78 @@ int month = fields[MONTH]; int day = fields[DAY_OF_MONTH]; +int hour = fields[HOUR_OF_DAY]; int minute = fields[MINUTE]; int second = fields[SECOND]; int millis = fields[MILLISECOND]; int[] month_days = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; int[] dayCount = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 }; -int hour = 0; if (! isLenient()) nonLeniencyCheck(); -if (! isSet[MONTH] (! isSet[DAY_OF_WEEK] || isSet[WEEK_OF_YEAR])) +if (isSet[YEAR]) { - // 5: YEAR + DAY_OF_WEEK + WEEK_OF_YEAR - if (isSet[WEEK_OF_YEAR]) + if (isSet[MONTH]) { - int first = getFirstDayOfMonth(year, 0); - int offs = 1; - int daysInFirstWeek = getFirstDayOfWeek() - first; - if (daysInFirstWeek = 0) - daysInFirstWeek += 7; - - if (daysInFirstWeek getMinimalDaysInFirstWeek()) - offs += daysInFirstWeek; - else - offs -= 7 - daysInFirstWeek; - month = 0; - day = offs + 7 * (fields[WEEK_OF_YEAR] - 1); - offs = fields[DAY_OF_WEEK] - getFirstDayOfWeek(); - - if (offs 0) - offs += 7; - day += offs; + if (isSet[DAY_OF_MONTH]) + { + // 1: YEAR + MONTH + DAY_OF_MONTH + } + else if (isSet[DAY_OF_WEEK]) + { + int first = getFirstDayOfMonth(year, month); + + if (isSet[WEEK_OF_MONTH]) + { + // 2: YEAR + MONTH + WEEK_OF_MONTH + DAY_OF_WEEK + int offs = 1; + int daysInFirstWeek = getFirstDayOfWeek() - first; + if (daysInFirstWeek = 0) + daysInFirstWeek += 7; + + if (daysInFirstWeek getMinimalDaysInFirstWeek()) + offs += daysInFirstWeek; + else + offs -= 7 - daysInFirstWeek; + + day = offs + 7 * (fields[WEEK_OF_MONTH] - 1); + offs = fields[DAY_OF_WEEK] - getFirstDayOfWeek(); + if (offs 0) + offs += 7; + day += offs; + } + else if (isSet[DAY_OF_WEEK_IN_MONTH]) + { + // 3: YEAR + MONTH + DAY_OF_WEEK_IN_MONTH + DAY_OF_WEEK + if (fields[DAY_OF_WEEK_IN_MONTH] 0) + { + month++; + first = getFirstDayOfMonth(year, month); + day = 1 + 7 * (fields[DAY_OF_WEEK_IN_MONTH]); + } + else + day = 1 + 7 * (fields[DAY_OF_WEEK_IN_MONTH] - 1); + + int offs = fields[DAY_OF_WEEK] - first; + if (offs 0) + offs += 7; + day += offs; + } + } } else { - // 4: YEAR + DAY_OF_YEAR - month = 0; - day = fields[DAY_OF_YEAR]; - } - } -else - { - if (isSet[DAY_OF_WEEK]) - { - int first = getFirstDayOfMonth(year, month); - - // 3: YEAR + MONTH + DAY_OF_WEEK_IN_MONTH + DAY_OF_WEEK - if (isSet[DAY_OF_WEEK_IN_MONTH]) + if (isSet[DAY_OF_YEAR
[cp-patches] FYI: GregorianCalendar week of month fix
Hi all, This patch fixes the week of month calculation in GregorianCalendar. Considering this was broken it's possible the stuff that allows you to set the date with the day of the week and the week of the month is also broken. Not to mention the week of the year stuff. Damn. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9215 diff -u -r1.9215 ChangeLog --- ChangeLog 5 Apr 2007 12:41:33 - 1.9215 +++ ChangeLog 5 Apr 2007 12:52:32 - @@ -1,3 +1,8 @@ +2007-04-05 Gary Benson [EMAIL PROTECTED] + + * java/util/GregorianCalendar.java + (computeFields): Fix WEEK_OF_MONTH calculation. + 2007-04-05 Christian Thalinger [EMAIL PROTECTED] PR classpath/22800: Index: java/util/GregorianCalendar.java === RCS file: /cvsroot/classpath/classpath/java/util/GregorianCalendar.java,v retrieving revision 1.48 diff -u -r1.48 GregorianCalendar.java --- java/util/GregorianCalendar.java4 Apr 2007 15:31:55 - 1.48 +++ java/util/GregorianCalendar.java5 Apr 2007 12:52:32 - @@ -1,5 +1,5 @@ /* java.util.GregorianCalendar - Copyright (C) 1998, 1999, 2001, 2002, 2003, 2004 + Copyright (C) 1998, 1999, 2001, 2002, 2003, 2004, 2007 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -841,13 +841,24 @@ // which day of the week are we (0..6), relative to getFirstDayOfWeek int relativeWeekday = (7 + fields[DAY_OF_WEEK] - getFirstDayOfWeek()) % 7; -fields[WEEK_OF_MONTH] = (fields[DAY_OF_MONTH] - relativeWeekday + 12) / 7; +// which day of the week is the first of this month? +// nb 35 is the smallest multiple of 7 that ensures that +// the left hand side of the modulo operator is positive. +int relativeWeekdayOfFirst = (relativeWeekday - fields[DAY_OF_MONTH] + + 1 + 35) % 7; + +// which week of the month is the first of this month in? +int minDays = getMinimalDaysInFirstWeek(); +int weekOfFirst = ((7 - relativeWeekdayOfFirst) = minDays) ? 1 : 0; + +// which week of the month is this day in? +fields[WEEK_OF_MONTH] = (fields[DAY_OF_MONTH] ++ relativeWeekdayOfFirst - 1) / 7 + weekOfFirst; int weekOfYear = (fields[DAY_OF_YEAR] - relativeWeekday + 6) / 7; // Do the Correction: getMinimalDaysInFirstWeek() is always in the // first week. -int minDays = getMinimalDaysInFirstWeek(); int firstWeekday = (7 + getWeekDay(fields[YEAR], minDays) - getFirstDayOfWeek()) % 7; if (minDays - firstWeekday 1)
[cp-patches] FYI: GregorianCalendar tweak
Hi all, This patch removes a redundant call to complete() in one of java.util.GregorianCalendar's constructors. setTimeInMillis() fills in both the time and the fields. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9208 diff -u -r1.9208 ChangeLog --- ChangeLog 4 Apr 2007 11:38:46 - 1.9208 +++ ChangeLog 4 Apr 2007 15:31:36 - @@ -1,3 +1,8 @@ +2007-04-04 Gary Benson [EMAIL PROTECTED] + + * java/util/GregorianCalendar.java + (GregorianCalendar(TimeZone, Locale)): Remove redundant complete(). + 2007-04-04 Roman Kennke [EMAIL PROTECTED] * java/nio/channels/spi/SelectorProvider.java Index: java/util/GregorianCalendar.java === RCS file: /cvsroot/classpath/classpath/java/util/GregorianCalendar.java,v retrieving revision 1.47 diff -u -r1.47 GregorianCalendar.java --- java/util/GregorianCalendar.java23 Dec 2006 22:32:59 - 1.47 +++ java/util/GregorianCalendar.java4 Apr 2007 15:31:36 - @@ -223,7 +223,6 @@ { this(zone, locale, false); setTimeInMillis(System.currentTimeMillis()); -complete(); } /**
[cp-patches] FYI: Another javax.xml bugfix (PR 30983)
Hi all, This commit fixes a bug where the entity resolver (if set) would be used to open the top-level document when parsing an XML file. The spec states that the parser will use the entity resolver before opening any external entity _except_ the top-level document entity. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9147 diff -u -r1.9147 ChangeLog --- ChangeLog 8 Mar 2007 11:11:49 - 1.9147 +++ ChangeLog 8 Mar 2007 11:14:53 - @@ -1,3 +1,9 @@ +2007-03-08 Gary Benson [EMAIL PROTECTED] + + PR classpath/30983: + * gnu/xml/dom/ls/DomLSParser.java (getInputSource): + Do not use the entity resolver to resolve the top-level document. + 2007-03-07 Tom Tromey [EMAIL PROTECTED] PR classpath/31057: Index: gnu/xml/dom/ls/DomLSParser.java === RCS file: /cvsroot/classpath/classpath/gnu/xml/dom/ls/DomLSParser.java,v retrieving revision 1.5 diff -u -r1.5 DomLSParser.java --- gnu/xml/dom/ls/DomLSParser.java 26 Jan 2007 19:57:43 - 1.5 +++ gnu/xml/dom/ls/DomLSParser.java 8 Mar 2007 11:14:53 - @@ -372,22 +372,6 @@ source = new InputSource(in); source.setSystemId(systemId); } -if (source == null entityResolver != null) - { -String publicId = input.getPublicId(); -try - { -source = entityResolver.resolveEntity(publicId, systemId); - } -catch (SAXException e) - { -throw new DomLSException(LSException.PARSE_ERR, e); - } -catch (IOException e) - { -throw new DomLSException(LSException.PARSE_ERR, e); - } - } if (source == null) { URL url = null;
Re: [cp-patches] FYI: Another javax.xml bugfix (PR 30983)
Chris Burdess wrote: Gary Benson wrote: This commit fixes a bug where the entity resolver (if set) would be used to open the top-level document when parsing an XML file. The spec states that the parser will use the entity resolver before opening any external entity _except_ the top-level document entity. I'm not sure which spec says that. The EntityResolver class documentation says: The application can also use this interface to redirect system identifiers to local URIs or to look up replacements in a catalog (possibly by using the public identifier). Check the second paragraph of resolveEntity()'s description: The parser will call this method before opening any external entity except the top-level document entity. I put a printf into the testcase's resolveEntity() and I can confirm that it is not called on IBM. Cheers, Gary
[cp-patches] FYI: javax.xml bugfix
Hi all, This commit fixes a bug which caused javax.xml.parsers.DocumentBuilderFactory.newDocumentBuilder() to fail if another JAXP implementation was in the classpath. The specification allows for the various abstract classes in javax.xml to be overridden by the endorsed classes override stuff, but without this parts of other JAXP implementations would be loaded even without being endorsed. Note that this is not a fix for PR 30983. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9144 diff -u -r1.9144 ChangeLog --- ChangeLog 6 Mar 2007 23:24:19 - 1.9144 +++ ChangeLog 7 Mar 2007 13:29:30 - @@ -1,3 +1,8 @@ +2007-03-07 Gary Benson [EMAIL PROTECTED] + + * resource/META-INF/services/org.w3c.dom.DOMImplementationSourceList: + New file. + 2007-03-06 Andrew John Hughes [EMAIL PROTECTED] * gnu/java/lang/management/BeanImpl.java: Index: resource/META-INF/services/org.w3c.dom.DOMImplementationSourceList === RCS file: resource/META-INF/services/org.w3c.dom.DOMImplementationSourceList diff -N resource/META-INF/services/org.w3c.dom.DOMImplementationSourceList --- /dev/null 1 Jan 1970 00:00:00 - +++ resource/META-INF/services/org.w3c.dom.DOMImplementationSourceList 7 Mar 2007 13:29:30 - @@ -0,0 +1 @@ +gnu.xml.dom.ImplementationSource
[cp-patches] FYI: Ensure ObjectName.properties is initialized
Hi all, This commit ensures that javax.management.ObjectName.properties is always initialized. Without it there are at least two possible ways to create an ObjectName with a null properties field. Cheers, Gary
[cp-patches] Re: FYI: Ensure ObjectName.properties is initialized
Gary Benson wrote: This commit ensures that javax.management.ObjectName.properties is always initialized. Without it there are at least two possible ways to create an ObjectName with a null properties field. This commit. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9119 diff -u -r1.9119 ChangeLog --- ChangeLog 19 Feb 2007 09:27:43 - 1.9119 +++ ChangeLog 19 Feb 2007 13:58:07 - @@ -1,3 +1,10 @@ +2007-02-19 Gary Benson [EMAIL PROTECTED] + + * javax/management/ObjectName.java + (properties): Initialize when declared. + (ObjectName(String)): Don't initialize properties here. + (ObjectName(String, String, String): Likewise. + 2007-02-19 Chris Burdess [EMAIL PROTECTED] Fixes #30831 Index: javax/management/ObjectName.java === RCS file: /cvsroot/classpath/classpath/javax/management/ObjectName.java,v retrieving revision 1.6 diff -u -r1.6 ObjectName.java --- javax/management/ObjectName.java19 Feb 2007 01:34:58 - 1.6 +++ javax/management/ObjectName.java19 Feb 2007 13:58:07 - @@ -105,7 +105,7 @@ /** * The properties, as key-value pairs. */ - private TreeMapString,String properties; + private TreeMapString,String properties = new TreeMapString,String(); /** * The properties as a string (stored for ordering). @@ -164,7 +164,6 @@ throw new MalformedObjectNameException(A name that is not a + pattern must contain at + least one key-value pair.); - properties = new TreeMapString,String(); for (int a = 0; a pairs.length; ++a) { int sep = pairs[a].indexOf('='); @@ -197,7 +196,6 @@ throws MalformedObjectNameException { this.domain = domain; -properties = new TreeMapString,String(); properties.put(key, value); checkComponents(); }
[cp-patches] FYI: Another javax.management fix
Hi all, MBeanServer.registerMBean() calls the MBean's preRegister method only if the name given for the bean is null. This commit makes it call the preRegister method regardless of whether a name was supplied or not. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9110 diff -u -r1.9110 ChangeLog --- ChangeLog 15 Feb 2007 10:38:30 - 1.9110 +++ ChangeLog 15 Feb 2007 14:06:41 - @@ -1,3 +1,10 @@ +2007-02-15 Gary Benson [EMAIL PROTECTED] + + * gnu/javax/management/Server.java + (registerMBean): Always register objects that implement the + MBeanRegistration interface, and check the name returned by + preRegister before using it. + 2007-02-15 Roman Kennke [EMAIL PROTECTED] * java/nio/ByteOrder.java Index: gnu/javax/management/Server.java === RCS file: /cvsroot/classpath/classpath/gnu/javax/management/Server.java,v retrieving revision 1.2 diff -u -r1.2 Server.java --- gnu/javax/management/Server.java4 Dec 2006 00:10:18 - 1.2 +++ gnu/javax/management/Server.java15 Feb 2007 14:06:41 - @@ -1657,19 +1657,27 @@ MBeanRegistration register = null; if (obj instanceof MBeanRegistration) register = (MBeanRegistration) obj; -if (name == null) +if (name == null register == null) + { + RuntimeException e = + new IllegalArgumentException(The name was null and + + the bean does not implement + + MBeanRegistration.); + throw new RuntimeOperationsException(e); + } +if (register != null) { - if (register == null) - { - RuntimeException e = - new IllegalArgumentException(The name was null and + - the bean does not implement + - MBeanRegistration.); - throw new RuntimeOperationsException(e); - } try { - name = register.preRegister(this, null); + name = register.preRegister(this, name); + if (name == null) + { + RuntimeException e = + new NullPointerException(The name returned by + + MBeanRegistration.preRegister() + + was null); + throw e; + } if (sm != null) sm.checkPermission(new MBeanPermission(className, null, name, registerMBean));
[cp-patches] FYI: javax.management fix
Gary Benson wrote: Tomcat is failing with Classpath's javax.management because it assumes the result of javax.management.ObjectName.toString() is a valid string representation of the item. Ours isn't, but I guess Sun's and MX4J's must or they'd be failing too. The javadoc does not specify the format of the returned string except to say that users can expect it to be the same for equivalent ObjectNames. This patch makes our toString() return the canonical representation. Committed. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9108 diff -u -r1.9108 ChangeLog --- ChangeLog 12 Feb 2007 21:39:20 - 1.9108 +++ ChangeLog 13 Feb 2007 14:41:44 - @@ -1,3 +1,8 @@ +2007-02-13 Gary Benson [EMAIL PROTECTED] + + * javax/management/ObjectName.java + (toString): Return this item's canonical name. + 2007-02-12 Francis Kung [EMAIL PROTECTED] * gnu/java/awt/ClasspathToolkit.java: Index: javax/management/ObjectName.java === RCS file: /cvsroot/classpath/classpath/javax/management/ObjectName.java,v retrieving revision 1.4 diff -u -r1.4 ObjectName.java --- javax/management/ObjectName.java9 Feb 2007 17:23:30 - 1.4 +++ javax/management/ObjectName.java13 Feb 2007 14:41:44 - @@ -715,19 +715,18 @@ /** * Returns a textual representation of the object name. - * The format is unspecified, but it should be expected that - * two equivalent object names will return the same string - * from this method. + * + * pThe format is unspecified beyond that equivalent object + * names will return the same string from this method, but note + * that Tomcat depends on the string returned by this method + * being a valid textual representation of the object name and + * will fail to start if it is not. * * @return a textual representation of the object name. */ public String toString() { -return getClass().toString() + - [domain = + domain + - ,properties = + properties + - ,propertyPattern = + propertyPattern + - ]; +return getCanonicalName(); } /**
[cp-patches] RFC: Proposed javax.management fix
Hi all, Tomcat is failing with Classpath's javax.management because it assumes the result of javax.management.ObjectName.toString() is a valid string representation of the item. Ours isn't, but I guess Sun's and MX4J's must or they'd be failing too. The javadoc does not specify the format of the returned string except to say that users can expect it to be the same for equivalent ObjectNames. This patch makes our toString() return the canonical representation. Can anyone (ie Andrew) see any problems with this? Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9104 diff -u -r1.9104 ChangeLog --- ChangeLog 12 Feb 2007 00:56:29 - 1.9104 +++ ChangeLog 12 Feb 2007 14:14:37 - @@ -1,3 +1,8 @@ +2007-02-12 Gary Benson [EMAIL PROTECTED] + + * javax/management/ObjectName.java + (toString): Return this items canonical name. + 2007-02-12 Andrew John Hughes [EMAIL PROTECTED] * javax/management/Query.java: Index: javax/management/ObjectName.java === RCS file: /cvsroot/classpath/classpath/javax/management/ObjectName.java,v retrieving revision 1.4 diff -u -r1.4 ObjectName.java --- javax/management/ObjectName.java9 Feb 2007 17:23:30 - 1.4 +++ javax/management/ObjectName.java12 Feb 2007 14:14:37 - @@ -723,11 +723,7 @@ */ public String toString() { -return getClass().toString() + - [domain = + domain + - ,properties = + properties + - ,propertyPattern = + propertyPattern + - ]; +return getCanonicalName(); } /**
Re: [cp-patches] RFC: Proposed javax.management fix
Tom Tromey wrote: Gary == Gary Benson [EMAIL PROTECTED] writes: Gary This patch makes our toString() return the canonical Gary representation. Can anyone (ie Andrew) see any problems Gary with this? I think this method should have a comment explaining why it should not be changed. Good idea :) Cheers, Gary
[cp-patches] FYI: javax.management.ObjectName.quote() fix
Hi all, This commit fixes a bug whereby javax.management.ObjectName.quote() would miss off the leading quote because StringBuilder('') resolves to StringBuilder(int capacity) with the expected amusing consequences. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.9095 diff -u -r1.9095 ChangeLog --- ChangeLog 9 Feb 2007 16:24:06 - 1.9095 +++ ChangeLog 9 Feb 2007 17:23:15 - @@ -1,3 +1,8 @@ +2007-02-09 Gary Benson [EMAIL PROTECTED] + + * javax/management/ObjectName.java + (quote): Initialize StringBuilder correctly. + 2007-02-09 Francis Kung [EMAIL PROTECTED] * java/awt/image/BufferedImage: Reformatted. Index: javax/management/ObjectName.java === RCS file: /cvsroot/classpath/classpath/javax/management/ObjectName.java,v retrieving revision 1.3 diff -u -r1.3 ObjectName.java --- javax/management/ObjectName.java22 Dec 2006 17:55:55 - 1.3 +++ javax/management/ObjectName.java9 Feb 2007 17:23:15 - @@ -1,5 +1,5 @@ /* ObjectName.java -- Represent the name of a bean, or a pattern for a name. - Copyright (C) 2006 Free Software Foundation, Inc. + Copyright (C) 2006, 2007 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -673,7 +673,8 @@ */ public static String quote(String string) { -StringBuilder builder = new StringBuilder(''); +StringBuilder builder = new StringBuilder(); +builder.append(''); for (int a = 0; a string.length(); ++a) { char s = string.charAt(a);
[cp-patches] FYI: Thread javadoc tweaks
Hi all, This commit adds a couple of notes to java.lang.Thread's javadoc that were in libgcj but not in Classpath. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8884 diff -u -r1.8884 ChangeLog --- ChangeLog 29 Nov 2006 20:48:29 - 1.8884 +++ ChangeLog 30 Nov 2006 09:29:54 - @@ -1,3 +1,7 @@ +2006-11-30 Gary Benson [EMAIL PROTECTED] + + * java/lang/Thread.java: Javadoc fixes. + 2006-11-29 Tania Bento [EMAIL PROTECTED] * tools/gnu/classpath/tools/appletviewer/TagParser.java: Index: java/lang/Thread.java === RCS file: /cvsroot/classpath/classpath/java/lang/Thread.java,v retrieving revision 1.31 diff -u -r1.31 Thread.java --- java/lang/Thread.java 1 Jul 2006 12:56:10 - 1.31 +++ java/lang/Thread.java 30 Nov 2006 09:29:54 - @@ -850,11 +850,13 @@ * are no guarantees which thread will be next to run, but most VMs will * choose the highest priority thread that has been waiting longest. * - * @param ms the number of milliseconds to sleep. + * @param ms the number of milliseconds to sleep, or 0 for forever * @throws InterruptedException if the Thread is (or was) interrupted; * it's iinterrupted status/i will be cleared * @throws IllegalArgumentException if ms is negative * @see #interrupt() + * @see #notify() + * @see #wait(long) */ public static void sleep(long ms) throws InterruptedException { @@ -874,13 +876,15 @@ * immediately when time expires, because some other thread may be * active. So don't expect real-time performance. * - * @param ms the number of milliseconds to sleep + * @param ms the number of milliseconds to sleep, or 0 for forever * @param ns the number of extra nanoseconds to sleep (0-99) * @throws InterruptedException if the Thread is (or was) interrupted; * it's iinterrupted status/i will be cleared * @throws IllegalArgumentException if ms or ns is negative * or ns is larger than 99. * @see #interrupt() + * @see #notify() + * @see #wait(long, int) */ public static void sleep(long ms, int ns) throws InterruptedException {
Re: [cp-patches] FYI: SocketPermission tweak
Anthony Green wrote: On Thu, 2006-08-31 at 12:58 -0600, Tom Tromey wrote: Gary == Gary Benson [EMAIL PROTECTED] writes: Gary This commit makes java.net.SocketPermission()'s constructor Gary use localhost when called with an empty hostport argument Gary as mandated by the spec. Do we want this in GCC 4.2? Or FC6? We want this in FC-6. It's causing an exception in Azureus. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212739 Jakub - do you have any gcc updates planned for FC-6? To really fix this issue you need to grab SocketPermission and Inet*Address from trunk. Cheers, Gary
[cp-patches] FYI: ServerSocket security fixes
Hi all, This commit adds some missing security checks to java.net.ServerSocket. It also adds a check that ensures ServerSocket.setSocketFactory() is only called once as per the spec. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8656 diff -u -r1.8656 ChangeLog --- ChangeLog 9 Oct 2006 13:51:43 - 1.8656 +++ ChangeLog 9 Oct 2006 14:03:51 - @@ -1,3 +1,10 @@ +2006-10-09 Gary Benson [EMAIL PROTECTED] + + * java/net/ServerSocket.java + (implAccept): Add security check. + (accept): Close socket if security check fails. + (setSocketFactory): Add security check and already-set check. + 2006-10-09 Roman Kennke [EMAIL PROTECTED] PR 29325 Index: java/net/ServerSocket.java === RCS file: /cvsroot/classpath/classpath/java/net/ServerSocket.java,v retrieving revision 1.48 diff -u -r1.48 ServerSocket.java --- java/net/ServerSocket.java 24 Sep 2006 15:49:48 - 1.48 +++ java/net/ServerSocket.java 9 Oct 2006 14:03:51 - @@ -345,6 +345,19 @@ throw e; } +catch (SecurityException e) + { + try + { + socket.close(); + } + catch (IOException e2) + { + // Ignore. + } + + throw e; + } return socket; } @@ -367,9 +380,6 @@ if (isClosed()) throw new SocketException(ServerSocket is closed); -// FIXME: Add a security check to make sure we're allowed to -// connect to the remote host. - // The Sun spec says that if we have an associated channel and // it is in non-blocking mode, we throw an IllegalBlockingModeException. // However, in our implementation if the channel itself initiated this @@ -380,6 +390,11 @@ impl.accept(socket.impl); socket.bound = true; + +SecurityManager sm = System.getSecurityManager(); +if (sm != null) + sm.checkAccept(socket.getInetAddress().getHostAddress(), +socket.getPort()); } /** @@ -603,6 +618,13 @@ public static synchronized void setSocketFactory(SocketImplFactory fac) throws IOException { +if (factory != null) + throw new SocketException(SocketFactory already defined); + +SecurityManager sm = System.getSecurityManager(); +if (sm != null) + sm.checkSetFactory(); + factory = fac; } }
[cp-patches] FYI: Socket security fix
Hi all, This commit fixes Socket's constructors' security checks. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8645 diff -u -r1.8645 ChangeLog --- ChangeLog 4 Oct 2006 15:35:35 - 1.8645 +++ ChangeLog 5 Oct 2006 14:49:22 - @@ -1,3 +1,8 @@ +2006-10-05 Gary Benson [EMAIL PROTECTED] + + * java/net/Socket.java + (Socket): Perform security check on address not hostname. + 2006-10-04 Roman Kennke [EMAIL PROTECTED] * javax/swing/tree/VariableHeightLayoutCache.java Index: java/net/Socket.java === RCS file: /cvsroot/classpath/classpath/java/net/Socket.java,v retrieving revision 1.58 diff -u -r1.58 Socket.java --- java/net/Socket.java19 Sep 2006 05:47:39 - 1.58 +++ java/net/Socket.java5 Oct 2006 14:49:22 - @@ -291,7 +291,7 @@ SecurityManager sm = System.getSecurityManager(); if (sm != null) - sm.checkConnect(raddr.getHostName(), rport); + sm.checkConnect(raddr.getHostAddress(), rport); // bind socket SocketAddress bindaddr =
[cp-patches] FYI: InetAddress tweaks
Hi all, This commit makes InetAddress throw InternalErrors instead of RuntimeExceptions when stuff that shouldn't happen happens. There's also a little javadoc fix in there. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8642 diff -u -r1.8642 ChangeLog --- ChangeLog 3 Oct 2006 19:47:58 - 1.8642 +++ ChangeLog 4 Oct 2006 10:20:40 - @@ -1,3 +1,8 @@ +2006-10-04 Gary Benson [EMAIL PROTECTED] + + * java/net/InetAddress.java: Updated javadoc. + (clinit, getByLiteral): Throw InternalError on failures. + 2006-10-03 Francis Kung [EMAIL PROTECTED] * gnu/java/awt/peer/gtk/CairoGraphics2D.java Index: java/net/InetAddress.java === RCS file: /cvsroot/classpath/classpath/java/net/InetAddress.java,v retrieving revision 1.52 diff -u -r1.52 InetAddress.java --- java/net/InetAddress.java 19 Sep 2006 08:55:29 - 1.52 +++ java/net/InetAddress.java 4 Oct 2006 10:20:40 - @@ -59,7 +59,7 @@ * @author Per Bothner * @author Gary Benson ([EMAIL PROTECTED]) * - * @specnote This class is not final since JK 1.4 + * @specnote This class is not final since JDK 1.4 */ public class InetAddress implements Serializable { @@ -87,7 +87,7 @@ } catch (UnknownHostException e) { - throw new RuntimeException(should never happen, e); + throw (InternalError) new InternalError().initCause(e); } ANY_IF.hostName = ANY_IF.getHostName(); } @@ -104,7 +104,7 @@ } catch (UnknownHostException e) { - throw new RuntimeException(should never happen, e); + throw (InternalError) new InternalError().initCause(e); } } @@ -522,7 +522,7 @@ } catch (UnknownHostException e) { - throw new RuntimeException(should never happen, e); + throw (InternalError) new InternalError().initCause(e); } }
[cp-patches] FYI: SocketPermission tweak
Hi all, This commit fixes a bug whereby IPv6 addresses with a one-digit first component would caught as errors by SocketPermission's constructor. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8594 diff -u -r1.8594 ChangeLog --- ChangeLog 22 Sep 2006 12:27:10 - 1.8594 +++ ChangeLog 22 Sep 2006 13:23:56 - @@ -1,3 +1,9 @@ +2006-09-22 Gary Benson [EMAIL PROTECTED] + + * java/net/SocketPermission.java + (processHostport): Cope with IPv6 addresses with a + one-digit first component. + 2006-09-22 Roman Kennke [EMAIL PROTECTED] * java/awt/Component.java Index: java/net/SocketPermission.java === RCS file: /cvsroot/classpath/classpath/java/net/SocketPermission.java,v retrieving revision 1.23 diff -u -r1.23 SocketPermission.java --- java/net/SocketPermission.java 14 Sep 2006 13:43:40 - 1.23 +++ java/net/SocketPermission.java 22 Sep 2006 13:23:56 - @@ -193,16 +193,19 @@ if (hostport.charAt(0) == '[') return hostport; -int colons = 0, last_colon = 0; +int colons = 0; +boolean colon_allowed = true; for (int i = 0; i hostport.length(); i++) { if (hostport.charAt(i) == ':') { - if (i - last_colon == 1) + if (!colon_allowed) throw new IllegalArgumentException(Ambiguous hostport part); colons++; - last_colon = i; + colon_allowed = false; } + else + colon_allowed = true; } switch (colons) @@ -218,6 +221,7 @@ case 8: // an IPv6 address with ports + int last_colon = hostport.lastIndexOf(':'); return [ + hostport.substring(0, last_colon) + ] + hostport.substring(last_colon);
[cp-patches] FYI: InetAddress DNS caching
Committed. Gary Benson wrote: Hi all, The documentation for java.net.InetAddress states that it maintains a DNS cache in order to guard against DNS spoofing attacks. This patch adds this, but I wanted to float it for comments before checking it in as this has been an issue before: Classpath _had_ a DNS cache, but it was removed in January: http://permalink.gmane.org/gmane.comp.java.classpath.patches/6288 The main difference between that cache and this one is that the old cache had its own set of rules for exipry and purging, and its own set of system properties for controlling those rules. This cache does exactly what the javadoc for InetAddress says it should, so it should defeat whatever attack the it was originally created for. What that attack _is_ exactly is not clear. One possibility is [1], though it seems that that would require the browser to be using the same cache for a fix. Of course, by doing exactly what the javadoc says we also inherit the same problems as other JVMs that implement this cache [2, 3, 4]. We do have the same solutions, however, so it's not like we'll be leaving people out to dry. Cheers, Gary [1] http://www.cs.princeton.edu/sip/news/sun-02-22-96.html [2] http://www.limewire.org/pipermail/codepatch/2004-February/000310.html [3] http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=13115e61 [4] http://www.openldap.org/lists/openldap-devel/200603/msg7.html Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8564 diff -u -r1.8564 ChangeLog --- ChangeLog 19 Sep 2006 05:47:38 - 1.8564 +++ ChangeLog 19 Sep 2006 08:40:36 - @@ -1,3 +1,9 @@ +2006-09-19 Gary Benson [EMAIL PROTECTED] + + * java/net/ResolverCache.java: New class (a DNS cache). + * java/net/InetAddress.java + (internalGetCanonicalHostName, getAllByName): Use the above. + 2006-09-19 Jeroen Frijters [EMAIL PROTECTED] * gnu/java/nio/SocketChannelImpl.java: Removed unused import. Index: java/net/ResolverCache.java === RCS file: java/net/ResolverCache.java diff -N java/net/ResolverCache.java --- /dev/null 1 Jan 1970 00:00:00 - +++ java/net/ResolverCache.java 19 Sep 2006 08:40:36 - @@ -0,0 +1,269 @@ +/* ResolverCache.java -- A cache of resolver lookups for InetAddress. + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.net; + +import java.security.Security; +import java.util.HashMap; +import java.util.Iterator; +import java.util.LinkedList; + +/** + * This class provides a cache of name service resolutions. By + * default successful resolutions are cached forever to guard + * against DNS spoofing attacks and failed resolutions are cached + * for 10 seconds to improve performance. The length of time that + * results remain in the cache is determined by the following + * security properties: + * dl + * dtcodenetworkaddress.cache.ttl/code/dt + * dd + * This property specifies the length of time in seconds that + * successful resolutions remain in the cache. The default is + * -1, indicating to cache forever. + * /dd
[cp-patches] RFC: InetAddress DNS caching
Hi all, The documentation for java.net.InetAddress states that it maintains a DNS cache in order to guard against DNS spoofing attacks. This patch adds this, but I wanted to float it for comments before checking it in as this has been an issue before: Classpath _had_ a DNS cache, but it was removed in January: http://permalink.gmane.org/gmane.comp.java.classpath.patches/6288 The main difference between that cache and this one is that the old cache had its own set of rules for exipry and purging, and its own set of system properties for controlling those rules. This cache does exactly what the javadoc for InetAddress says it should, so it should defeat whatever attack the it was originally created for. What that attack _is_ exactly is not clear. One possibility is [1], though it seems that that would require the browser to be using the same cache for a fix. Of course, by doing exactly what the javadoc says we also inherit the same problems as other JVMs that implement this cache [2, 3, 4]. We do have the same solutions, however, so it's not like we'll be leaving people out to dry. Cheers, Gary [1] http://www.cs.princeton.edu/sip/news/sun-02-22-96.html [2] http://www.limewire.org/pipermail/codepatch/2004-February/000310.html [3] http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=13115e61 [4] http://www.openldap.org/lists/openldap-devel/200603/msg7.html Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8543 diff -u -r1.8543 ChangeLog --- ChangeLog 14 Sep 2006 10:35:48 - 1.8543 +++ ChangeLog 14 Sep 2006 10:42:51 - @@ -1,3 +1,9 @@ +2006-09-14 Gary Benson [EMAIL PROTECTED] + + * java/net/ResolverCache.java: New class (a DNS cache). + * java/net/InetAddress.java + (getCanonicalHostName, getAllByName): Use the above. + 2006-09-14 David Gilbert [EMAIL PROTECTED] Fixes PR28699 Index: java/net/ResolverCache.java === RCS file: java/net/ResolverCache.java diff -N java/net/ResolverCache.java --- /dev/null 1 Jan 1970 00:00:00 - +++ java/net/ResolverCache.java 14 Sep 2006 10:42:51 - @@ -0,0 +1,269 @@ +/* ResolverCache.java -- A cache of resolver lookups for InetAddress. + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.net; + +import java.security.Security; +import java.util.HashMap; +import java.util.Iterator; +import java.util.LinkedList; + +/** + * This class provides a cache of name service resolutions. By + * default successful resolutions are cached forever to guard + * against DNS spoofing attacks and failed resolutions are cached + * for 10 seconds to improve performance. The length of time that + * results remain in the cache is determined by the following + * security properties: + * dl + * dtcodenetworkaddress.cache.ttl/code/dt + * dd + * This property specifies the length of time in seconds that + * successful resolutions remain in the cache. The default is + * -1, indicating to cache forever. + * /dd + * dtcodenetworkaddress.cache.negative.ttl/code/dt + * dd + * This property specifies the length of time in seconds that + * unsuccessful
[cp-patches] FYI: SocketPermission host checking rewrite
Hi again, This commit rewrites the host checking in SocketPermission so it does what the javadoc says it should. (This is the end result of all my InetAddress hacking this past couple of weeks.) We now pass all the SocketPermission mauve tests. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8543 diff -u -r1.8543 ChangeLog --- ChangeLog 14 Sep 2006 10:35:48 - 1.8543 +++ ChangeLog 14 Sep 2006 13:37:30 - @@ -1,3 +1,17 @@ +2006-09-14 Gary Benson [EMAIL PROTECTED] + + * java/net/InetAddress.java + (internalGetCanonicalHostName): New method. + (getCanonicalHostName): Use internalGetCanonicalHostName. + (getByLiteral): New method. + (getAllByName): Use getByLiteral. + * java/net/SocketPermission.java + (host): Replaced with... + (hostname, address): New fields. + (equals, hashcode): Reflect the above. + (setHostPort): Parse host into hostname or address. + (implies): Rewrite host checks. + 2006-09-14 David Gilbert [EMAIL PROTECTED] Fixes PR28699 Index: java/net/InetAddress.java === RCS file: /cvsroot/classpath/classpath/java/net/InetAddress.java,v retrieving revision 1.50 diff -u -r1.50 InetAddress.java --- java/net/InetAddress.java 8 Sep 2006 14:33:31 - 1.50 +++ java/net/InetAddress.java 14 Sep 2006 13:37:31 - @@ -311,20 +311,27 @@ /** * Returns the canonical hostname represented by this InetAddress - * - * @since 1.4 */ - public String getCanonicalHostName() + String internalGetCanonicalHostName() { -String hostname; try { - hostname = VMInetAddress.getHostByAddr(addr); + return VMInetAddress.getHostByAddr(addr); } catch (UnknownHostException e) { return getHostAddress(); } + } + + /** + * Returns the canonical hostname represented by this InetAddress + * + * @since 1.4 + */ + public String getCanonicalHostName() + { +String hostname = internalGetCanonicalHostName(); SecurityManager sm = System.getSecurityManager(); if (sm != null) @@ -492,6 +499,34 @@ } /** + * Returns an InetAddress object representing the IP address of + * the given literal IP address in dotted decimal format such as + * 127.0.0.1. This is used by SocketPermission.setHostPort() + * to parse literal IP addresses without performing a DNS lookup. + * + * @param literal The literal IP address to create the InetAddress + * object from + * + * @return The address of the host as an InetAddress object, or + * null if the IP address is invalid. + */ + static InetAddress getByLiteral(String literal) + { +byte[] address = VMInetAddress.aton(literal); +if (address == null) + return null; + +try + { + return getByAddress(address); + } +catch (UnknownHostException e) + { + throw new RuntimeException(should never happen, e); + } + } + + /** * Returns an InetAddress object representing the IP address of the given * hostname. This name can be either a hostname such as www.urbanophile.com * or an IP address in dotted decimal format such as 127.0.0.1. If the @@ -542,9 +577,9 @@ return new InetAddress[] {LOCALHOST}; // Check if hostname is an IP address -byte[] address = VMInetAddress.aton(hostname); +InetAddress address = getByLiteral(hostname); if (address != null) - return new InetAddress[] {getByAddress(address)}; + return new InetAddress[] {address}; // Perform security check before resolving SecurityManager sm = System.getSecurityManager(); Index: java/net/SocketPermission.java === RCS file: /cvsroot/classpath/classpath/java/net/SocketPermission.java,v retrieving revision 1.22 diff -u -r1.22 SocketPermission.java --- java/net/SocketPermission.java 31 Aug 2006 12:26:22 - 1.22 +++ java/net/SocketPermission.java 14 Sep 2006 13:37:31 - @@ -117,11 +117,18 @@ static final long serialVersionUID = -7204263841984476862L; /** - * A hostname (possibly wildcarded) or IP address (IPv4 or IPv6). + * A hostname (possibly wildcarded). Will be set if and only if + * this object was initialized with a hostname. */ - private transient String host; + private transient String hostname = null; /** + * An IP address (IPv4 or IPv6). Will be set if and only if this + * object was initialized with a single literal IP address. + */ + private transient InetAddress address = null; + + /** * A range of ports. */ private transient int minport; @@ -225,7 +232,7 @@ private void setHostPort(String hostport) { // Split into host and ports -String ports; +String host
[cp-patches] FYI: NetworkInterface security fix
Hi all, This commit fixes NetworkInterface.getInetAddresses()'s security check. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8532 diff -u -r1.8532 ChangeLog --- ChangeLog 12 Sep 2006 14:30:52 - 1.8532 +++ ChangeLog 12 Sep 2006 14:55:05 - @@ -1,3 +1,8 @@ +2006-09-12 Gary Benson [EMAIL PROTECTED] + + * java/net/NetworkInterface.java (getInetAddresses): + Fix port used in security check. + 2006-09-12 David Gilbert [EMAIL PROTECTED] * javax/swing/plaf/metal/DefaultMetalTheme.java Index: java/net/NetworkInterface.java === RCS file: /cvsroot/classpath/classpath/java/net/NetworkInterface.java,v retrieving revision 1.18 diff -u -r1.18 NetworkInterface.java --- java/net/NetworkInterface.java 29 Aug 2006 08:25:15 - 1.18 +++ java/net/NetworkInterface.java 12 Sep 2006 14:55:05 - @@ -1,5 +1,5 @@ /* NetworkInterface.java -- - Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -112,7 +112,7 @@ InetAddress addr = (InetAddress) addresses.nextElement(); try { - s.checkConnect(addr.getHostAddress(), 58000); + s.checkConnect(addr.getHostAddress(), -1); tmpInetAddresses.add(addr); } catch (SecurityException e)
[cp-patches] FYI: InetAddress family handling (take 2)
Hi all, This commit renames the constants AF_INET and AF_INET6 that I introduced in my last commit. Unfortunatly with gcj they end up in CNI headers where they conflict with the real AF_INET and AF_INET6. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8521 diff -u -r1.8521 ChangeLog --- ChangeLog 10 Sep 2006 21:16:39 - 1.8521 +++ ChangeLog 11 Sep 2006 10:31:14 - @@ -1,3 +1,12 @@ +2006-09-11 Gary Benson [EMAIL PROTECTED] + + * java/net/Inet4Address.java + (AF_INET): Renamed to FAMILY. + (init, writeReplace): Reflect the above. + * java/net/Inet6Address.java + (AF_INET6): Renamed to FAMILY. + (init): Reflect the above. + 2006-09-10 Ito Kazumitsu [EMAIL PROTECTED] Fixes bug #28867 Index: java/net/Inet4Address.java === RCS file: /cvsroot/classpath/classpath/java/net/Inet4Address.java,v retrieving revision 1.21 diff -u -r1.21 Inet4Address.java --- java/net/Inet4Address.java 8 Sep 2006 14:33:31 - 1.21 +++ java/net/Inet4Address.java 11 Sep 2006 10:31:14 - @@ -57,16 +57,16 @@ static final long serialVersionUID = 3286316764910316507L; /** - * The address family of these addresses. + * The address family of these addresses. Used for serialization. */ - private static final int AF_INET = 2; + private static final int FAMILY = 2; // AF_INET /** * Inet4Address objects are serialized as InetAddress objects. */ private Object writeReplace() throws ObjectStreamException { -return new InetAddress(addr, hostName, AF_INET); +return new InetAddress(addr, hostName, FAMILY); } /** @@ -79,7 +79,7 @@ */ Inet4Address(byte[] addr, String host) { -super(addr, host, AF_INET); +super(addr, host, FAMILY); } /** Index: java/net/Inet6Address.java === RCS file: /cvsroot/classpath/classpath/java/net/Inet6Address.java,v retrieving revision 1.14 diff -u -r1.14 Inet6Address.java --- java/net/Inet6Address.java 8 Sep 2006 14:33:31 - 1.14 +++ java/net/Inet6Address.java 11 Sep 2006 10:31:14 - @@ -93,9 +93,9 @@ private transient NetworkInterface nif; /** - * The address family of these addresses. + * The address family of these addresses. Used for serialization. */ - private static final int AF_INET6 = 10; + private static final int FAMILY = 10; // AF_INET6 /** * Create an Inet6Address object @@ -105,7 +105,7 @@ */ Inet6Address(byte[] addr, String host) { -super(addr, host, AF_INET6); +super(addr, host, FAMILY); // Super constructor clones the addr. Get a reference to the clone. this.ipaddress = this.addr; ifname = null;
[cp-patches] FYI: InetAddress family handling (take 3)
Hi again, So it turns out that my last commit was unnecessary -- the header causing the problems should never have been included anyway -- so since I preferred the original version with AF_INET and AF_INET6 I have reverted to it. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8523 diff -u -r1.8523 ChangeLog --- ChangeLog 11 Sep 2006 10:45:02 - 1.8523 +++ ChangeLog 11 Sep 2006 11:43:47 - @@ -1,3 +1,12 @@ +2006-09-11 Gary Benson [EMAIL PROTECTED] + + * java/net/Inet4Address.java + (FAMILY): Renamed back to AF_INET. + (init, writeReplace): Reflect the above. + * java/net/Inet6Address.java + (FAMILY): Renamed back to AF_INET6. + (init): Reflect the above. + 2006-09-11 Cameron McCormack [EMAIL PROTECTED] Fixes PR29010 Index: java/net/Inet4Address.java === RCS file: /cvsroot/classpath/classpath/java/net/Inet4Address.java,v retrieving revision 1.22 diff -u -r1.22 Inet4Address.java --- java/net/Inet4Address.java 11 Sep 2006 10:39:33 - 1.22 +++ java/net/Inet4Address.java 11 Sep 2006 11:43:47 - @@ -57,16 +57,16 @@ static final long serialVersionUID = 3286316764910316507L; /** - * The address family of these addresses. Used for serialization. + * The address family of these addresses (used for serialization). */ - private static final int FAMILY = 2; // AF_INET + private static final int AF_INET = 2; /** * Inet4Address objects are serialized as InetAddress objects. */ private Object writeReplace() throws ObjectStreamException { -return new InetAddress(addr, hostName, FAMILY); +return new InetAddress(addr, hostName, AF_INET); } /** @@ -79,7 +79,7 @@ */ Inet4Address(byte[] addr, String host) { -super(addr, host, FAMILY); +super(addr, host, AF_INET); } /** Index: java/net/Inet6Address.java === RCS file: /cvsroot/classpath/classpath/java/net/Inet6Address.java,v retrieving revision 1.15 diff -u -r1.15 Inet6Address.java --- java/net/Inet6Address.java 11 Sep 2006 10:39:33 - 1.15 +++ java/net/Inet6Address.java 11 Sep 2006 11:43:47 - @@ -93,9 +93,9 @@ private transient NetworkInterface nif; /** - * The address family of these addresses. Used for serialization. + * The address family of these addresses (used for serialization). */ - private static final int FAMILY = 10; // AF_INET6 + private static final int AF_INET6 = 10; /** * Create an Inet6Address object @@ -105,7 +105,7 @@ */ Inet6Address(byte[] addr, String host) { -super(addr, host, FAMILY); +super(addr, host, AF_INET6); // Super constructor clones the addr. Get a reference to the clone. this.ipaddress = this.addr; ifname = null;
[cp-patches] FYI: InetAddress merge
Hi all, This commit merges a bunch of funky stuff from GCJ's InetAddress (including all the fixes I've been working on over the past week or so) and adds a bunch of other stuff I noticed while merging. Particular hilights are that raw InetAddress objects no longer exist anywhere (only Inet4Address and Inet6Address objects are ever created now) and that a couple of excessive security checks were relaxed. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8513 diff -u -r1.8513 ChangeLog --- ChangeLog 7 Sep 2006 11:42:13 - 1.8513 +++ ChangeLog 8 Sep 2006 08:23:15 - @@ -1,3 +1,31 @@ +2006-09-08 Gary Benson [EMAIL PROTECTED] + + * java/net/InetAddress.java + (inaddr_any): Removed. + (ANY_IF, LOCALHOST): Create using getByAddress. + (init): Updated javadoc. + (getHostName): Cache hostname even if the lookup failed. + (getByAddress): Create Inet4Address objects when passed + IPv4-mapped IPv6 addresses. + (aton): Removed. + (getAllByName): Create address objects using getByAddress. + Do not perform security checks unless actually required. + Do not strip whitespace from the hostname. + (getInaddrAny): Removed. + (getLocalHost): Return the loopback address if getByName + throws a SecurityException. + (readResolve): Updated javadoc. + * vm/reference/java/net/VMInetAddress.java (aton): Declared. + * include/java_net_VMInetAddress.h + (Java_java_net_VMInetAddress_aton): Likewise. + * native/jni/java-net/java_net_VMInetAddress.c + (Java_java_net_VMInetAddress_aton): New method. + * native/jni/native-lib/cpnet.h (cpnet_aton): Declared. + * native/jni/native-lib/cpnet.c (cpnet_aton): New method. + * configure.ac (AC_CHECK_FUNCS): Checks for cpnet_aton. + * java/net/Inet4Address.java (writeReplace): Updated javadoc. + * NEWS: Added note about updated VM interface. + 2006-09-07 David Gilbert [EMAIL PROTECTED] * javax/swing/plaf/basic/BasicInternalFrameUI.java Index: java/net/InetAddress.java === RCS file: /cvsroot/classpath/classpath/java/net/InetAddress.java,v retrieving revision 1.46 diff -u -r1.46 InetAddress.java --- java/net/InetAddress.java 6 Feb 2006 12:50:03 - 1.46 +++ java/net/InetAddress.java 8 Sep 2006 08:23:19 - @@ -1,5 +1,6 @@ /* InetAddress.java -- Class to model an Internet address - Copyright (C) 1998, 1999, 2002, 2004, 2005 Free Software Foundation, Inc. + Copyright (C) 1998, 1999, 2002, 2004, 2005, 2006 + Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -43,7 +44,6 @@ import java.io.ObjectOutputStream; import java.io.ObjectStreamException; import java.io.Serializable; -import java.util.StringTokenizer; /** * This class models an Internet address. It does not have a public @@ -57,6 +57,7 @@ * * @author Aaron M. Renn ([EMAIL PROTECTED]) * @author Per Bothner + * @author Gary Benson ([EMAIL PROTECTED]) * * @specnote This class is not final since JK 1.4 */ @@ -65,37 +66,47 @@ private static final long serialVersionUID = 3286316764910316507L; /** - * The special IP address INADDR_ANY. - */ - private static InetAddress inaddr_any; - - /** * Dummy InetAddress, used to bind socket to any (all) network interfaces. */ static InetAddress ANY_IF; - + static + { +byte[] addr; +try + { + addr = VMInetAddress.lookupInaddrAny(); + } +catch (UnknownHostException e) + { + // Make one up and hope it works. + addr = new byte[] {0, 0, 0, 0}; + } +try + { + ANY_IF = getByAddress(addr); + } +catch (UnknownHostException e) + { + throw new RuntimeException(should never happen, e); + } +ANY_IF.hostName = ANY_IF.getHostName(); + } + /** * Stores static localhost address object. */ static InetAddress LOCALHOST; - static { -// precompute the ANY_IF address try { -ANY_IF = getInaddrAny(); - - byte[] ip_localhost = { 127, 0, 0, 1 }; - LOCALHOST = new Inet4Address(ip_localhost, localhost); + LOCALHOST = getByAddress(localhost, new byte[] {127, 0, 0, 1}); } -catch (UnknownHostException uhe) +catch (UnknownHostException e) { -// Hmmm, make one up and hope that it works. -byte[] zeros = { 0, 0, 0, 0 }; -ANY_IF = new Inet4Address(zeros, 0.0.0.0); + throw new RuntimeException(should never happen, e); } - } + } /** * The Serialized Form specifies that an int 'address' is saved/restored. @@ -124,9 +135,13 @@ int family; /** - * Initializes this object's addr instance variable from the passed in - * byte array. Note that this constructor
[cp-patches] FYI: InetAddress reorganisation
Hi again, InetAddress contains a bunch of IPv4-specific methods to which their equivalents in Inet4Address defer. This is decidedly non-OO, so this commit moves the implementations to Inet4Address and makes the methods in InetAddress throw UnsupportedOperationExceptions. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8514 diff -u -r1.8514 ChangeLog --- ChangeLog 8 Sep 2006 09:13:27 - 1.8514 +++ ChangeLog 8 Sep 2006 11:00:43 - @@ -1,3 +1,16 @@ +2006-09-08 Gary Benson [EMAIL PROTECTED] + + * java/net/Inet4Address.java (isMulticastAddress, + isLoopbackAddress, isAnyLocalAddress, isLinkLocalAddress, + isSiteLocalAddress, isMCGlobal, isMCNodeLocal, isMCLinkLocal, + isMCSiteLocal, isMCOrgLocal, getHostAddress): Moved + implementations from InetAddress. + * java/net/InetAddress.java (isMulticastAddress, + isLoopbackAddress, isAnyLocalAddress, isLinkLocalAddress, + isSiteLocalAddress, isMCGlobal, isMCNodeLocal, isMCLinkLocal, + isMCSiteLocal, isMCOrgLocal, getHostAddress): Replace + implementations with UnsupportedOperationExceptions. + 2006-09-08 Gary Benson [EMAIL PROTECTED] * java/net/InetAddress.java Index: java/net/Inet4Address.java === RCS file: /cvsroot/classpath/classpath/java/net/Inet4Address.java,v retrieving revision 1.19 diff -u -r1.19 Inet4Address.java --- java/net/Inet4Address.java 8 Sep 2006 08:59:56 - 1.19 +++ java/net/Inet4Address.java 8 Sep 2006 11:00:43 - @@ -84,7 +84,7 @@ */ public boolean isMulticastAddress() { -return super.isMulticastAddress(); +return (addr[0] 0xf0) == 0xe0; } /** @@ -92,7 +92,7 @@ */ public boolean isLoopbackAddress() { -return super.isLoopbackAddress(); +return (addr[0] 0xff) == 0x7f; } /** @@ -102,7 +102,7 @@ */ public boolean isAnyLocalAddress() { -return super.isAnyLocalAddress(); +return equals(InetAddress.ANY_IF); } /** @@ -112,7 +112,7 @@ */ public boolean isLinkLocalAddress() { -return super.isLinkLocalAddress(); +return false; } /** @@ -122,7 +122,19 @@ */ public boolean isSiteLocalAddress() { -return super.isSiteLocalAddress(); +// 10.0.0.0/8 +if ((addr[0] 0xff) == 0x0a) + return true; + +// 172.16.0.0/12 +if ((addr[0] 0xff) == 0xac (addr[1] 0xf0) == 0x10) + return true; + +// 192.168.0.0/16 +if ((addr[0] 0xff) == 0xc0 (addr[1] 0xff) == 0xa8) + return true; + +return false; } /** @@ -132,7 +144,7 @@ */ public boolean isMCGlobal() { -return super.isMCGlobal(); +return false; } /** @@ -142,7 +154,7 @@ */ public boolean isMCNodeLocal() { -return super.isMCNodeLocal(); +return false; } /** @@ -152,7 +164,12 @@ */ public boolean isMCLinkLocal() { -return super.isMCLinkLocal(); +if (! isMulticastAddress()) + return false; + +return ((addr[0] 0xff) == 0xe0 +(addr[1] 0xff) == 0x00 +(addr[2] 0xff) == 0x00); } /** @@ -162,7 +179,7 @@ */ public boolean isMCSiteLocal() { -return super.isMCSiteLocal(); +return false; } /** @@ -172,7 +189,7 @@ */ public boolean isMCOrgLocal() { -return super.isMCOrgLocal(); +return false; } /** @@ -190,7 +207,23 @@ */ public String getHostAddress() { -return super.getHostAddress(); +StringBuffer sb = new StringBuffer(40); + +int len = addr.length; +int i = 0; + +for ( ; ; ) + { +sb.append(addr[i] 0xff); +i++; + +if (i == len) + break; + +sb.append('.'); + } + +return sb.toString(); } /** Index: java/net/InetAddress.java === RCS file: /cvsroot/classpath/classpath/java/net/InetAddress.java,v retrieving revision 1.47 diff -u -r1.47 InetAddress.java --- java/net/InetAddress.java 8 Sep 2006 08:59:56 - 1.47 +++ java/net/InetAddress.java 8 Sep 2006 11:00:43 - @@ -159,150 +159,144 @@ * An address is multicast if the high four bits are 1110. These are * also known as Class D addresses. * + * pThis method cannot be abstract for backward compatibility reasons. By + * default it always throws [EMAIL PROTECTED] UnsupportedOperationException} unless + * overridden./p + * * @return true if mulitcast, false if not * * @since 1.1 */ public boolean isMulticastAddress() { -// Mask against high order bits of 1110 -if (addr.length == 4) - return (addr[0] 0xf0) == 0xe0; - -return false; +throw new UnsupportedOperationException(); } /** * Utility routine
[cp-patches] FYI: InetAddress.getHostName() reorganisation
Hi again, This commit makes InetAddress.getCanonicalHostName() perform its security check on the canonical hostname (ie after the lookup). It also makes getHostname() call getCanonicalHostName() rather than the other way around, so getHostname() picks up the security check, and getCanonicalHostName() doesn't have to create throwaway objects. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8515 diff -u -r1.8515 ChangeLog --- ChangeLog 8 Sep 2006 11:32:34 - 1.8515 +++ ChangeLog 8 Sep 2006 12:54:58 - @@ -1,3 +1,10 @@ +2006-09-08 Gary Benson [EMAIL PROTECTED] + + * java/net/InetAddress.java + (getHostName): Move lookup into getCanonicalHostName. + (getCanonicalHostName): Move lookup from getHostName, + Perform security check on canonical name (ie after lookup). + 2006-09-08 Gary Benson [EMAIL PROTECTED] * java/net/Inet4Address.java (isMulticastAddress, Index: java/net/InetAddress.java === RCS file: /cvsroot/classpath/classpath/java/net/InetAddress.java,v retrieving revision 1.48 diff -u -r1.48 InetAddress.java --- java/net/InetAddress.java 8 Sep 2006 11:32:34 - 1.48 +++ java/net/InetAddress.java 8 Sep 2006 12:54:58 - @@ -307,17 +307,8 @@ */ public String getHostName() { -if (hostName != null) - return hostName; - -try - { - hostName = VMInetAddress.getHostByAddr(addr); - } -catch (UnknownHostException e) - { - hostName = getHostAddress(); - } +if (hostName == null) + hostName = getCanonicalHostName(); return hostName; } @@ -329,12 +320,22 @@ */ public String getCanonicalHostName() { +String hostname; +try + { + hostname = VMInetAddress.getHostByAddr(addr); + } +catch (UnknownHostException e) + { + return getHostAddress(); + } + SecurityManager sm = System.getSecurityManager(); if (sm != null) { try { -sm.checkConnect(hostName, -1); +sm.checkConnect(hostname, -1); } catch (SecurityException e) { @@ -342,16 +343,7 @@ } } -// Try to find the FDQN now -InetAddress address; -byte[] ipaddr = getAddress(); - -if (ipaddr.length == 16) - address = new Inet6Address(getAddress(), null); -else - address = new Inet4Address(getAddress(), null); - -return address.getHostName(); +return hostname; } /**
[cp-patches] FYI: InetAddress family handling
Hi again, This commit updates the javadoc of InetAddress.family to make clear that it is used only for serialization, and ensures that it is properly set. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8516 diff -u -r1.8516 ChangeLog --- ChangeLog 8 Sep 2006 12:58:13 - 1.8516 +++ ChangeLog 8 Sep 2006 14:31:25 - @@ -1,3 +1,17 @@ +2006-09-08 Gary Benson [EMAIL PROTECTED] + + * java/net/InetAddress.java + (family): Updated javadoc and made private. + (init): Add an address family argument. + (readObject): Don't overwrite family. + * java/net/Inet4Address.java + (AF_INET): New constant. + (init): Use AF_INET as the family. + (writeReplace): Likewise. + * java/net/Inet6Address.java + (AF_INET6): New constant. + (init): Use AF_INET6 as the family. + 2006-09-08 Gary Benson [EMAIL PROTECTED] * java/net/InetAddress.java Index: java/net/InetAddress.java === RCS file: /cvsroot/classpath/classpath/java/net/InetAddress.java,v retrieving revision 1.49 diff -u -r1.49 InetAddress.java --- java/net/InetAddress.java 8 Sep 2006 12:58:14 - 1.49 +++ java/net/InetAddress.java 8 Sep 2006 14:31:25 - @@ -126,13 +126,9 @@ String hostName; /** - * The field 'family' seems to be the AF_ value. - * FIXME: Much of the code in the other java.net classes does not make - * use of this family field. A better implementation would be to make - * use of getaddrinfo() and have other methods just check the family - * field rather than examining the length of the address each time. + * Needed for serialization. */ - int family; + private int family; /** * Constructor. Prior to the introduction of IPv6 support in 1.4, @@ -145,13 +141,13 @@ * * @param ipaddr The IP number of this address as an array of bytes * @param hostname The hostname of this IP address. + * @param family The address family of this IP address. */ - InetAddress(byte[] ipaddr, String hostname) + InetAddress(byte[] ipaddr, String hostname, int family) { addr = (null == ipaddr) ? null : (byte[]) ipaddr.clone(); hostName = hostname; - -family = 2; /* AF_INET */ +this.family = family; } /** @@ -607,8 +603,6 @@ for (int i = 2; i = 0; --i) addr[i] = (byte) (address = 8); - -family = 2; /* AF_INET */ } private void writeObject(ObjectOutputStream oos) throws IOException Index: java/net/Inet4Address.java === RCS file: /cvsroot/classpath/classpath/java/net/Inet4Address.java,v retrieving revision 1.20 diff -u -r1.20 Inet4Address.java --- java/net/Inet4Address.java 8 Sep 2006 11:32:34 - 1.20 +++ java/net/Inet4Address.java 8 Sep 2006 14:31:25 - @@ -1,5 +1,5 @@ /* Inet4Address.java -- - Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -57,11 +57,16 @@ static final long serialVersionUID = 3286316764910316507L; /** + * The address family of these addresses. + */ + private static final int AF_INET = 2; + + /** * Inet4Address objects are serialized as InetAddress objects. */ private Object writeReplace() throws ObjectStreamException { -return new InetAddress(addr, hostName); +return new InetAddress(addr, hostName, AF_INET); } /** @@ -74,7 +79,7 @@ */ Inet4Address(byte[] addr, String host) { -super(addr, host); +super(addr, host, AF_INET); } /** Index: java/net/Inet6Address.java === RCS file: /cvsroot/classpath/classpath/java/net/Inet6Address.java,v retrieving revision 1.13 diff -u -r1.13 Inet6Address.java --- java/net/Inet6Address.java 19 Jul 2006 16:21:20 - 1.13 +++ java/net/Inet6Address.java 8 Sep 2006 14:31:25 - @@ -1,5 +1,5 @@ /* Inet6Address.java -- - Copyright (C) 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright (C) 2002, 2003, 2004, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -93,6 +93,11 @@ private transient NetworkInterface nif; /** + * The address family of these addresses. + */ + private static final int AF_INET6 = 10; + + /** * Create an Inet6Address object * * @param addr The IP address @@ -100,7 +105,7 @@ */ Inet6Address(byte[] addr, String host) { -super(addr, host); +super(addr, host, AF_INET6); // Super constructor clones the addr. Get a reference to the clone. this.ipaddress = this.addr; ifname = null;
Re: [cp-patches] FYI: SocketPermission tweak
Tom Tromey wrote: Gary == Gary Benson [EMAIL PROTECTED] writes: This commit makes java.net.SocketPermission()'s constructor use localhost when called with an empty hostport argument as mandated by the spec. Do we want this in GCC 4.2? Or FC6? This particular one probably doesn't matter much, but I'm working on some more SocketPermission stuff which probably will need to go in. I'll merge them into gcc in one go when they're done. Cheers, Gary
[cp-patches] FYI: SocketPermission tweak
Hi all, This commit makes java.net.SocketPermission()'s constructor use localhost when called with an empty hostport argument as mandated by the spec. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8476 diff -u -r1.8476 ChangeLog --- ChangeLog 31 Aug 2006 10:50:56 - 1.8476 +++ ChangeLog 31 Aug 2006 12:25:06 - @@ -1,3 +1,11 @@ +2006-08-31 Gary Benson [EMAIL PROTECTED] + + * java/net/SocketPermission.java + (maybeBracketIPv6Address): Renamed to processHostport. + (processHostport): Also translate to localhost. + (setHostPort): Remove special cases for empty hostport and for + extra colons in hostport (processHostport handles these now). + 2006-08-31 Mark Wielaard [EMAIL PROTECTED] * javax/swing/text/ZoneView.java (Zone): Make static class. Index: java/net/SocketPermission.java === RCS file: /cvsroot/classpath/classpath/java/net/SocketPermission.java,v retrieving revision 1.21 diff -u -r1.21 SocketPermission.java --- java/net/SocketPermission.java 29 Aug 2006 08:25:15 - 1.21 +++ java/net/SocketPermission.java 31 Aug 2006 12:25:06 - @@ -164,21 +164,26 @@ */ public SocketPermission(String hostport, String actions) { -super(maybeBracketIPv6Address(hostport)); +super(processHostport(hostport)); setHostPort(getName()); setActions(actions); } /** - * IPv6 addresses in the hostport must either be enclosed by - * [ and ] or be specified in the full uncompressed form. - * In the latter case proprietary JVMs will quote the address - * with [ and ], so we do to. + * There are two cases in which hostport needs rewriting before + * being passed to the superclass constructor. If hostport is an + * empty string then it is substituted with localhost. And if + * the host part of hostport is a literal IPv6 address in the full + * uncompressed form not enclosed with [ and ] then we enclose + * it with them. */ - private static String maybeBracketIPv6Address(String hostport) + private static String processHostport(String hostport) { -if (hostport.length() == 0 || hostport.charAt(0) == '[') +if (hostport.length() == 0) + return localhost; + +if (hostport.charAt(0) == '[') return hostport; int colons = 0, last_colon = 0; @@ -221,11 +226,7 @@ { // Split into host and ports String ports; -if (hostport.length() == 0) - { - host = ports = ; - } -else if (hostport.charAt(0) == '[') +if (hostport.charAt(0) == '[') { // host is a bracketed IPv6 address int end = hostport.indexOf(]); @@ -255,8 +256,6 @@ ports = hostport.substring(sep + 1); } } -if (ports.indexOf(:) != -1) - throw new IllegalArgumentException(Unexpected ':'); // Parse and validate the ports if (ports.length() == 0)
[cp-patches] FYI: SocketPermission fix
Hi all, This commit makes java.net.SocketPermission() accept unbracketed IPv6 addresses when specified in the full uncompressed form. The way it does this (by intercepting the argument to the constructor) seems odd, but I had a play with a couple of proprietary JVMs and it seems that this is what they do. This commit also reverts my previous commit to NetworkInterface.getInetAddresses() which is now unnecessary. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8469 diff -u -r1.8469 ChangeLog --- ChangeLog 28 Aug 2006 21:41:57 - 1.8469 +++ ChangeLog 29 Aug 2006 08:23:49 - @@ -1,3 +1,12 @@ +2006-08-29 Gary Benson [EMAIL PROTECTED] + + * java/net/SocketPermission.java + (maybeBracketIPv6Address): New method. + (init): Pass the hostport argument through the above. + + * java/net/NetworkInterface.java (getInetAddresses): + Don't bracket IPv6 addresses. + 2006-08-28 Roman Kennke [EMAIL PROTECTED] * javax/swing/text/BoxView.java Index: java/net/SocketPermission.java === RCS file: /cvsroot/classpath/classpath/java/net/SocketPermission.java,v retrieving revision 1.20 diff -u -r1.20 SocketPermission.java --- java/net/SocketPermission.java 29 Jan 2006 18:55:59 - 1.20 +++ java/net/SocketPermission.java 29 Aug 2006 08:23:49 - @@ -164,13 +164,57 @@ */ public SocketPermission(String hostport, String actions) { -super(hostport); +super(maybeBracketIPv6Address(hostport)); -setHostPort(hostport); +setHostPort(getName()); setActions(actions); } /** + * IPv6 addresses in the hostport must either be enclosed by + * [ and ] or be specified in the full uncompressed form. + * In the latter case proprietary JVMs will quote the address + * with [ and ], so we do to. + */ + private static String maybeBracketIPv6Address(String hostport) + { +if (hostport.length() == 0 || hostport.charAt(0) == '[') + return hostport; + +int colons = 0, last_colon = 0; +for (int i = 0; i hostport.length(); i++) + { + if (hostport.charAt(i) == ':') + { + if (i - last_colon == 1) + throw new IllegalArgumentException(Ambiguous hostport part); + colons++; + last_colon = i; + } + } + +switch (colons) + { + case 0: + case 1: + // a hostname or IPv4 address + return hostport; + + case 7: + // an IPv6 address with no ports + return [ + hostport + ]; + + case 8: + // an IPv6 address with ports + return [ + hostport.substring(0, last_colon) + ] + + hostport.substring(last_colon); + + default: + throw new IllegalArgumentException(Ambiguous hostport part); + } + } + + /** * Parse the hostport argument to the constructor. */ private void setHostPort(String hostport) Index: java/net/NetworkInterface.java === RCS file: /cvsroot/classpath/classpath/java/net/NetworkInterface.java,v retrieving revision 1.17 diff -u -r1.17 NetworkInterface.java --- java/net/NetworkInterface.java 24 Aug 2006 10:58:55 - 1.17 +++ java/net/NetworkInterface.java 29 Aug 2006 08:23:49 - @@ -112,10 +112,7 @@ InetAddress addr = (InetAddress) addresses.nextElement(); try { - String hostAddress = addr.getHostAddress(); - if (addr instanceof Inet6Address) - hostAddress = [ + hostAddress + ]; - s.checkConnect(hostAddress, 58000); + s.checkConnect(addr.getHostAddress(), 58000); tmpInetAddresses.add(addr); } catch (SecurityException e)
[cp-patches] FYI: NetworkInterface.getInetAddresses() fix
Hi all, This commit makes NetworkInterface.getInetAddresses() bracket IPv6 addresses before calling SecurityManager.checkConnect() with them. This fixes http://gcc.gnu.org/ml/java/2006-08/msg00082.html. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8447 diff -u -r1.8447 ChangeLog --- ChangeLog 24 Aug 2006 06:40:04 - 1.8447 +++ ChangeLog 24 Aug 2006 10:57:43 - @@ -1,3 +1,8 @@ +2006-08-24 Gary Benson [EMAIL PROTECTED] + + * java/net/NetworkInterface.java (getInetAddresses): Bracket IPv6 + addresses. + 2006-08-24 Jeroen Frijters [EMAIL PROTECTED] * java/lang/ref/Reference.java Index: java/net/NetworkInterface.java === RCS file: /cvsroot/classpath/classpath/java/net/NetworkInterface.java,v retrieving revision 1.16 diff -u -r1.16 NetworkInterface.java --- java/net/NetworkInterface.java 7 Aug 2005 21:42:40 - 1.16 +++ java/net/NetworkInterface.java 24 Aug 2006 10:57:43 - @@ -112,7 +112,10 @@ InetAddress addr = (InetAddress) addresses.nextElement(); try { - s.checkConnect(addr.getHostAddress(), 58000); + String hostAddress = addr.getHostAddress(); + if (addr instanceof Inet6Address) + hostAddress = [ + hostAddress + ]; + s.checkConnect(hostAddress, 58000); tmpInetAddresses.add(addr); } catch (SecurityException e)
[cp-patches] FYI: AccessControlContext speedup
Hi all, This commit avoids calling AccessController.getContext() twice when creating an AccessControlContext with a security manager enabled. I've been using BC-compiled Tomcat on gcj to benchmark the security stuff, and this commit improves gcj's performance from 2200 to 2400 requests per second. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.8357 diff -u -r1.8357 ChangeLog --- ChangeLog 9 Aug 2006 22:25:51 - 1.8357 +++ ChangeLog 10 Aug 2006 14:33:06 - @@ -1,3 +1,8 @@ +2006-08-10 Gary Benson [EMAIL PROTECTED] + + * java/security/AccessControlContext.java (init): + Avoid a duplicated AccessController.getContext() call. + 2006-08-09 Mark Wielaard [EMAIL PROTECTED] * NEWS: Add updates for 0.92 release. Index: java/security/AccessControlContext.java === RCS file: /cvsroot/classpath/classpath/java/security/AccessControlContext.java,v retrieving revision 1.13 diff -u -r1.13 AccessControlContext.java --- java/security/AccessControlContext.java 23 Oct 2005 17:04:46 - 1.13 +++ java/security/AccessControlContext.java 10 Aug 2006 14:33:06 - @@ -89,12 +89,30 @@ public AccessControlContext(AccessControlContext acc, DomainCombiner combiner) { +AccessControlContext acc2 = null; SecurityManager sm = System.getSecurityManager (); if (sm != null) { -sm.checkPermission (new SecurityPermission (createAccessControlContext)); + Permission perm = + new SecurityPermission (createAccessControlContext); + + // The default SecurityManager.checkPermission(perm) just calls + // AccessController.checkPermission(perm) which in turn just + // calls AccessController.getContext().checkPermission(perm). + // This means AccessController.getContext() is called twice, + // once for the security check and once by us. It's a very + // expensive call (on gcj at least) so if we're using the + // default security manager we avoid this duplication. + if (sm.getClass() == SecurityManager.class) + { + acc2 = AccessController.getContext (); + acc2.checkPermission (perm); + } + else + sm.checkPermission (perm); } -AccessControlContext acc2 = AccessController.getContext(); +if (acc2 == null) + acc2 = AccessController.getContext (); protectionDomains = combiner.combine (acc2.protectionDomains, acc.protectionDomains); this.combiner = combiner;
[cp-patches] FYI: Fix FilePermission on root directory
Hi all, This commit fixes a bug whereby FilePermission(/) did not imply itself. There was some old (and broken) code for compensating for paths with trailing separators. Nowadays paths are canonicalized; canonical paths never have trailing separators, so I just junked the old code. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.7965 diff -u -r1.7965 ChangeLog --- ChangeLog 28 Jun 2006 20:10:25 - 1.7965 +++ ChangeLog 29 Jun 2006 09:01:35 - @@ -1,3 +1,7 @@ +2006-06-29 Gary Benson [EMAIL PROTECTED] + + * java/io/FilePermission.java (implies): Work when path is /. + 2006-06-28 Andrew John Hughes [EMAIL PROTECTED] * java/lang/Thread.java: Index: java/io/FilePermission.java === RCS file: /cvsroot/classpath/classpath/java/io/FilePermission.java,v retrieving revision 1.21 diff -u -r1.21 FilePermission.java --- java/io/FilePermission.java 29 Mar 2006 15:33:24 - 1.21 +++ java/io/FilePermission.java 29 Jun 2006 09:01:35 - @@ -274,12 +274,7 @@ break; default: - if (f2.charAt(f2.length() - 1) == File.separatorChar) - { - if (! f1.equals(f2.substring(0, f2.length() - 1))) - return false; - } - else if (!f1.equals(f2)) + if (!f1.equals(f2)) return false; break; }
[cp-patches] FYI: Merge File.listRoots security checks from libgcj
Hi again, This commit merges security checks for File.listRoots from libgcj. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.7966 diff -u -r1.7966 ChangeLog --- ChangeLog 29 Jun 2006 09:02:49 - 1.7966 +++ ChangeLog 29 Jun 2006 09:59:31 - @@ -1,3 +1,7 @@ +2006-06-29 Gary Benson [EMAIL PROTECTED] + + * java/io/File.java (listRoots): Merge security checks from libgcj. + 2006-06-29 Gary Benson [EMAIL PROTECTED] * java/io/FilePermission.java (implies): Work when path is /. Index: java/io/File.java === RCS file: /cvsroot/classpath/classpath/java/io/File.java,v retrieving revision 1.64 diff -u -r1.64 File.java --- java/io/File.java 14 Jun 2006 14:47:46 - 1.64 +++ java/io/File.java 29 Jun 2006 09:59:31 - @@ -1200,7 +1200,38 @@ */ public static File[] listRoots() { -return VMFile.listRoots(); +File[] roots = VMFile.listRoots(); + +SecurityManager s = System.getSecurityManager(); +if (s != null) + { + // Only return roots to which the security manager permits read access. + int count = roots.length; + for (int i = 0; i roots.length; i++) + { + try + { + s.checkRead (roots[i].path); + } + catch (SecurityException sx) + { + roots[i] = null; + count--; + } + } + if (count != roots.length) + { + File[] newRoots = new File[count]; + int k = 0; + for (int i = 0; i roots.length; i++) + { + if (roots[i] != null) + newRoots[k++] = roots[i]; + } + roots = newRoots; + } + } +return roots; } /**
[cp-patches] FYI: Add Graphics2D security checks
Morning all, No one objected, so I committed this patch that adds security checks to all Graphics2D peers. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.7888 diff -u -r1.7888 ChangeLog --- ChangeLog 20 Jun 2006 21:46:37 - 1.7888 +++ ChangeLog 21 Jun 2006 08:05:19 - @@ -1,3 +1,9 @@ +2006-06-21 Gary Benson [EMAIL PROTECTED] + + * gnu/java/awt/peer/gtk/CairoGraphics2D.java: Add security check. + * gnu/java/awt/peer/qt/QtGraphics.java: Likewise. + * gnu/java/awt/java2d/AbstractGraphics2D.java: Likewise. + 2006-06-20 Thomas Fitzsimmons [EMAIL PROTECTED] * native/plugin/Makefile.am (libgcjwebplugin_la_CXXFLAGS): Define Index: gnu/java/awt/peer/gtk/CairoGraphics2D.java === RCS file: /cvsroot/classpath/classpath/gnu/java/awt/peer/gtk/CairoGraphics2D.java,v retrieving revision 1.27 diff -u -r1.27 CairoGraphics2D.java --- gnu/java/awt/peer/gtk/CairoGraphics2D.java 20 Jun 2006 13:57:51 - 1.27 +++ gnu/java/awt/peer/gtk/CairoGraphics2D.java 21 Jun 2006 08:05:20 - @@ -41,6 +41,7 @@ import gnu.java.awt.ClasspathToolkit; import java.awt.AlphaComposite; +import java.awt.AWTPermission; import java.awt.BasicStroke; import java.awt.Color; import java.awt.Composite; @@ -886,6 +887,12 @@ } else { +// FIXME: this check is only required if this Graphics2D +// context is drawing to a Component on the display screen. +SecurityManager sm = System.getSecurityManager(); +if (sm != null) + sm.checkPermission(new AWTPermission(readDisplayPixels)); + // FIXME: implement general Composite support throw new java.lang.UnsupportedOperationException(); } Index: gnu/java/awt/peer/qt/QtGraphics.java === RCS file: /cvsroot/classpath/classpath/gnu/java/awt/peer/qt/QtGraphics.java,v retrieving revision 1.3 diff -u -r1.3 QtGraphics.java --- gnu/java/awt/peer/qt/QtGraphics.java23 Aug 2005 02:13:48 - 1.3 +++ gnu/java/awt/peer/qt/QtGraphics.java21 Jun 2006 08:05:20 - @@ -38,6 +38,7 @@ package gnu.java.awt.peer.qt; import java.awt.AlphaComposite; +import java.awt.AWTPermission; import java.awt.BasicStroke; import java.awt.Color; import java.awt.Composite; @@ -605,8 +606,16 @@ composite = comp; } else - throw new UnsupportedOperationException(We don't support custom+ - composites yet.); + { + // FIXME: this check is only required if this Graphics2D + // context is drawing to a Component on the display screen. + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(new AWTPermission(readDisplayPixels)); + + throw new UnsupportedOperationException(We don't support custom+ +composites yet.); + } } public Composite getComposite() Index: gnu/java/awt/java2d/AbstractGraphics2D.java === RCS file: /cvsroot/classpath/classpath/gnu/java/awt/java2d/AbstractGraphics2D.java,v retrieving revision 1.9 diff -u -r1.9 AbstractGraphics2D.java --- gnu/java/awt/java2d/AbstractGraphics2D.java 9 Jun 2006 20:49:51 - 1.9 +++ gnu/java/awt/java2d/AbstractGraphics2D.java 21 Jun 2006 08:05:21 - @@ -39,6 +39,7 @@ import java.awt.AWTError; import java.awt.AlphaComposite; +import java.awt.AWTPermission; import java.awt.BasicStroke; import java.awt.Color; import java.awt.Composite; @@ -539,6 +540,15 @@ */ public void setComposite(Composite comp) { +if (! (comp instanceof AlphaComposite)) + { +// FIXME: this check is only required if this Graphics2D +// context is drawing to a Component on the display screen. +SecurityManager sm = System.getSecurityManager(); +if (sm != null) + sm.checkPermission(new AWTPermission(readDisplayPixels)); + } + composite = comp; if (! (comp.equals(AlphaComposite.SrcOver))) isOptimized = false;
[cp-patches] FYI: Add printing security checks
Hi all, This commit adds security checks to all AWT peers' getPrintJob methods. None of the methods actually do anything yet, but having the checks there means the Mauve tests pass. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.7880 diff -u -r1.7880 ChangeLog --- ChangeLog 20 Jun 2006 11:24:41 - 1.7880 +++ ChangeLog 20 Jun 2006 11:35:39 - @@ -1,3 +1,9 @@ +2006-06-20 Gary Benson [EMAIL PROTECTED] + + * java/awt/Toolkit.java: Add security check. + * gnu/java/awt/peer/gtk/GtkToolkit.java: Likewise. + * gnu/java/awt/peer/qt/QtToolkit.java: Likewise. + 2006-06-20 Raif S. Naffah [EMAIL PROTECTED] * gnu/java/security/key/dss/DSSKey.java: Source formatting. Index: java/awt/Toolkit.java === RCS file: /cvsroot/classpath/classpath/java/awt/Toolkit.java,v retrieving revision 1.41 diff -u -r1.41 Toolkit.java --- java/awt/Toolkit.java 15 May 2006 16:11:48 - 1.41 +++ java/awt/Toolkit.java 20 Jun 2006 11:35:39 - @@ -695,6 +695,14 @@ public PrintJob getPrintJob(Frame frame, String title, JobAttributes jobAttr, PageAttributes pageAttr) { +// FIXME: it is possible this check may be removed +// if this method, when written, always delegates to +// getPrintJob(Frame, String, Properties). +SecurityManager sm; +sm = System.getSecurityManager(); +if (sm != null) + sm.checkPrintJobAccess(); + return null; } Index: gnu/java/awt/peer/gtk/GtkToolkit.java === RCS file: /cvsroot/classpath/classpath/gnu/java/awt/peer/gtk/GtkToolkit.java,v retrieving revision 1.87 diff -u -r1.87 GtkToolkit.java --- gnu/java/awt/peer/gtk/GtkToolkit.java 5 Jun 2006 13:47:04 - 1.87 +++ gnu/java/awt/peer/gtk/GtkToolkit.java 20 Jun 2006 11:35:39 - @@ -310,6 +310,11 @@ public PrintJob getPrintJob (Frame frame, String jobtitle, Properties props) { +SecurityManager sm; +sm = System.getSecurityManager(); +if (sm != null) + sm.checkPrintJobAccess(); + return null; } Index: gnu/java/awt/peer/qt/QtToolkit.java === RCS file: /cvsroot/classpath/classpath/gnu/java/awt/peer/qt/QtToolkit.java,v retrieving revision 1.6 diff -u -r1.6 QtToolkit.java --- gnu/java/awt/peer/qt/QtToolkit.java 7 Jun 2006 22:00:01 - 1.6 +++ gnu/java/awt/peer/qt/QtToolkit.java 20 Jun 2006 11:35:39 - @@ -402,6 +402,11 @@ String jobtitle, Properties props) { +SecurityManager sm; +sm = System.getSecurityManager(); +if (sm != null) + sm.checkPrintJobAccess(); + throw new RuntimeException(Not implemented); }
[cp-patches] RFC: Add security checks to Graphics2D peers
Hi all, Does anyone mind if I commit the following patch to add security checks to all Graphics2D peers? The reason I ask is that the checks might be overly restrictive, but at the moment the stuff after the checks isn't implemented anywhere. I just wanted to get them in so they don't get lost. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.7878 diff -u -r1.7878 ChangeLog --- ChangeLog 19 Jun 2006 12:43:48 - 1.7878 +++ ChangeLog 19 Jun 2006 16:00:44 - @@ -1,3 +1,9 @@ +2006-06-19 Gary Benson [EMAIL PROTECTED] + + * gnu/java/awt/peer/gtk/CairoGraphics2D.java: Add security check. + * gnu/java/awt/peer/qt/QtGraphics.java: Likewise. + * gnu/java/awt/java2d/AbstractGraphics2D.java: Likewise. + 2006-06-19 Raif S. Naffah [EMAIL PROTECTED] * gnu/java/security/jce/hash/HavalSpi.java: Source formatting. Index: gnu/java/awt/peer/gtk/CairoGraphics2D.java === RCS file: /cvsroot/classpath/classpath/gnu/java/awt/peer/gtk/CairoGraphics2D.java,v retrieving revision 1.25 diff -u -r1.25 CairoGraphics2D.java --- gnu/java/awt/peer/gtk/CairoGraphics2D.java 16 Jun 2006 10:27:29 - 1.25 +++ gnu/java/awt/peer/gtk/CairoGraphics2D.java 19 Jun 2006 16:00:44 - @@ -41,6 +41,7 @@ import gnu.java.awt.ClasspathToolkit; import java.awt.AlphaComposite; +import java.awt.AWTPermission; import java.awt.BasicStroke; import java.awt.Color; import java.awt.Composite; @@ -886,6 +887,12 @@ } else { +// FIXME: this check is only required if this Graphics2D +// context is drawing to a Component on the display screen. +SecurityManager sm = System.getSecurityManager(); +if (sm != null) + sm.checkPermission(new AWTPermission(readDisplayPixels)); + // FIXME: implement general Composite support throw new java.lang.UnsupportedOperationException(); } Index: gnu/java/awt/peer/qt/QtGraphics.java === RCS file: /cvsroot/classpath/classpath/gnu/java/awt/peer/qt/QtGraphics.java,v retrieving revision 1.3 diff -u -r1.3 QtGraphics.java --- gnu/java/awt/peer/qt/QtGraphics.java23 Aug 2005 02:13:48 - 1.3 +++ gnu/java/awt/peer/qt/QtGraphics.java19 Jun 2006 16:00:44 - @@ -38,6 +38,7 @@ package gnu.java.awt.peer.qt; import java.awt.AlphaComposite; +import java.awt.AWTPermission; import java.awt.BasicStroke; import java.awt.Color; import java.awt.Composite; @@ -605,8 +606,16 @@ composite = comp; } else - throw new UnsupportedOperationException(We don't support custom+ - composites yet.); + { + // FIXME: this check is only required if this Graphics2D + // context is drawing to a Component on the display screen. + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(new AWTPermission(readDisplayPixels)); + + throw new UnsupportedOperationException(We don't support custom+ +composites yet.); + } } public Composite getComposite() Index: gnu/java/awt/java2d/AbstractGraphics2D.java === RCS file: /cvsroot/classpath/classpath/gnu/java/awt/java2d/AbstractGraphics2D.java,v retrieving revision 1.9 diff -u -r1.9 AbstractGraphics2D.java --- gnu/java/awt/java2d/AbstractGraphics2D.java 9 Jun 2006 20:49:51 - 1.9 +++ gnu/java/awt/java2d/AbstractGraphics2D.java 19 Jun 2006 16:00:45 - @@ -39,6 +39,7 @@ import java.awt.AWTError; import java.awt.AlphaComposite; +import java.awt.AWTPermission; import java.awt.BasicStroke; import java.awt.Color; import java.awt.Composite; @@ -539,6 +540,15 @@ */ public void setComposite(Composite comp) { +if (! (comp instanceof AlphaComposite)) + { +// FIXME: this check is only required if this Graphics2D +// context is drawing to a Component on the display screen. +SecurityManager sm = System.getSecurityManager(); +if (sm != null) + sm.checkPermission(new AWTPermission(readDisplayPixels)); + } + composite = comp; if (! (comp.equals(AlphaComposite.SrcOver))) isOptimized = false;
[cp-patches] FYI: rewrite File.toCanonicalPath()
Hi all, I just checked in a rewrite of File.toCanonicalPath() for GNU/Posix systems to make it correctly handle symbolic links. It's basically a JNIified version of the one I committed yesterday for GCJ. This fixes PR 24895. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.7697 diff -u -r1.7697 ChangeLog --- ChangeLog 7 Jun 2006 14:46:49 - 1.7697 +++ ChangeLog 7 Jun 2006 15:08:26 - @@ -1,3 +1,15 @@ +2006-06-07 Gary Benson [EMAIL PROTECTED] + + PR 24895 + * native/jni/java-io/java_io_VMFile.c + (Java_java_io_VMFile_toCanonicalForm): New method. + * configure.ac: Added checks for lstat and readlink. + * include/java_io_VMFile.h: Added new method. + * vm/reference/java/io/VMFile.java: Use new method. + * gnu/java/io/PlatformHelper.java (toCanonicalForm): Removed. + * NEWS: Documented the above. + * java/io/File.java: Javadoc fix. + 2006-06-06 Roman Kennke [EMAIL PROTECTED] PR 27920 Index: configure.ac === RCS file: /cvsroot/classpath/classpath/configure.ac,v retrieving revision 1.159 diff -u -r1.159 configure.ac --- configure.ac6 Jun 2006 10:19:48 - 1.159 +++ configure.ac7 Jun 2006 15:08:27 - @@ -321,6 +321,7 @@ strerror_r \ fcntl \ mmap munmap mincore msync madvise getpagesize sysconf \ + lstat readlink \ ]) LIBMAGIC= Index: NEWS === RCS file: /cvsroot/classpath/classpath/NEWS,v retrieving revision 1.147 diff -u -r1.147 NEWS --- NEWS5 Jun 2006 18:37:59 - 1.147 +++ NEWS7 Jun 2006 15:08:28 - @@ -27,6 +27,9 @@ URLConnection.guessContentTypeFromStream. The reference implementation uses libmagic (and falls back to doing nothing if libmagic is not available). +* The method gnu.java.io.PlatformHelper.toCanonicalForm() has been + replaced with a JNI implementation of VMFile.toCanonicalForm() for + GNU/Posix systems. New in release 0.91 (May 15, 2006) Index: native/jni/java-io/java_io_VMFile.c === RCS file: /cvsroot/classpath/classpath/native/jni/java-io/java_io_VMFile.c,v retrieving revision 1.10 diff -u -r1.10 java_io_VMFile.c --- native/jni/java-io/java_io_VMFile.c 25 Jan 2006 10:40:12 - 1.10 +++ native/jni/java-io/java_io_VMFile.c 7 Jun 2006 15:08:28 - @@ -1,5 +1,5 @@ /* java_io_VMFile.c - Native methods for java.io.File class - Copyright (C) 1998, 2004 Free Software Foundation, Inc. + Copyright (C) 1998, 2004, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -730,3 +730,237 @@ return (0); #endif /* not WITHOUT_FILESYSTEM */ } + +/*/ + +/* + * These two methods are used to maintain dynamically allocated + * buffers for getCanonicalPath without the overhead of calling + * realloc every time a buffer is modified. Buffers are sized + * at the smallest multiple of CHUNKSIZ that is greater than or + * equal to the desired length. The default CHUNKSIZ is 256, + * longer than most paths, so in most cases a getCanonicalPath + * will require only one malloc per buffer. + */ + +#define CHUNKLOG 8 +#define CHUNKSIZ (1 CHUNKLOG) + +static int +nextChunkSize (int size) +{ + return ((size CHUNKLOG) + ((size (CHUNKSIZ - 1)) ? 1 : 0)) CHUNKLOG; +} + +static char * +maybeGrowBuf (JNIEnv *env, char *buf, int *size, int required) +{ + if (required *size) +{ + *size = nextChunkSize (required); + buf = JCL_realloc (env, buf, *size); +} + return buf; +} + +/*/ + +/* + * This method converts a path to canonical form on GNU/Posix systems. + * This involves the removal of redundant separators, references to + * . and .., and symbolic links. + * + * The conversion proceeds on a component-by-component basis: symbolic + * links and references to .. are resolved as and when they occur. + * This means that if /foo/bar is a symbolic link to /baz then the + * canonical form of /foo/bar/.. is / and not /foo. + * + * In order to mimic the behaviour of proprietary JVMs, non-existant + * path components are allowed (a departure from the normal GNU system + * convention). This means that if /foo/bar is a symbolic link to + * /baz, the canonical form of /non-existant-directory/../foo/bar + * is /baz. + * + * Class: java_io_VMFile + * Method:toCanonicalForm + * Signature: (Ljava/lang/String)Ljava/lang/String + */ + +JNIEXPORT jstring JNICALL +Java_java_io_VMFile_toCanonicalForm (JNIEnv *env, +jclass class __attribute__
[cp-patches] FYI: Remove unnecessary ThreadGroup access checks
Hi all, This commit removes some unnecessary ThreadGroup access checks that were happening during Thread and ThreadGroup access checks. This fixes the failures in the Mauve tests I committed earlier today. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.7348 diff -u -r1.7348 ChangeLog --- ChangeLog 10 May 2006 10:15:44 - 1.7348 +++ ChangeLog 10 May 2006 13:54:03 - @@ -1,3 +1,11 @@ +2006-05-10 Gary Benson [EMAIL PROTECTED] + + * java/lang/ThreadGroup.java (parent): Make package-private. + * java/lang/SecurityManager.java (checkAccess(Thread)): + Reference ThreadGroup.parent directly to avoid extra checks. + * java/lang/SecurityManager.java (checkAccess(ThreadGroup)): + Likewise. + 2006-05-10 Roman Kennke [EMAIL PROTECTED] Reported by Ingo Proetel ([EMAIL PROTECTED]) Index: java/lang/ThreadGroup.java === RCS file: /cvsroot/classpath/classpath/java/lang/ThreadGroup.java,v retrieving revision 1.20 diff -u -r1.20 ThreadGroup.java --- java/lang/ThreadGroup.java 12 Apr 2006 12:04:18 - 1.20 +++ java/lang/ThreadGroup.java 10 May 2006 13:54:03 - @@ -66,7 +66,7 @@ static boolean had_uncaught_exception; /** The parent thread group. */ - private final ThreadGroup parent; + final ThreadGroup parent; /** The group name, non-null. */ final String name; Index: java/lang/SecurityManager.java === RCS file: /cvsroot/classpath/classpath/java/lang/SecurityManager.java,v retrieving revision 1.33 diff -u -r1.33 SecurityManager.java --- java/lang/SecurityManager.java 10 Jan 2006 12:18:09 - 1.33 +++ java/lang/SecurityManager.java 10 May 2006 13:54:03 - @@ -421,7 +421,7 @@ public void checkAccess(Thread thread) { if (thread.getThreadGroup() != null -thread.getThreadGroup().getParent() == null) +thread.getThreadGroup().parent == null) checkPermission(new RuntimePermission(modifyThread)); } @@ -454,7 +454,7 @@ */ public void checkAccess(ThreadGroup g) { -if (g.getParent() == null) +if (g.parent == null) checkPermission(new RuntimePermission(modifyThreadGroup)); }
[cp-patches] FYI: Add missing security check to Thread constructor
Hi all, When a thread is created the constructor should perform a security check to ensure it is allowed to modify the perspective thread's parent threadgroup. In Classpath these checks were not being performed when the parent threadgroup was not specified explicitly. This commit fixes this. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.7334 diff -u -r1.7334 ChangeLog --- ChangeLog 9 May 2006 14:27:35 - 1.7334 +++ ChangeLog 9 May 2006 14:41:53 - @@ -1,3 +1,8 @@ +2006-05-09 Gary Benson [EMAIL PROTECTED] + + * java/lang/Thread.java (Thread): Always perform threadgroup + access checks on thread creation. + 2006-05-09 Chris Burdess [EMAIL PROTECTED] * gnu/xml/dom/DomNode.java: Permit comments and PIs in doctype nodes to Index: java/lang/Thread.java === RCS file: /cvsroot/classpath/classpath/java/lang/Thread.java,v retrieving revision 1.21 diff -u -r1.21 Thread.java --- java/lang/Thread.java 17 Apr 2006 10:27:52 - 1.21 +++ java/lang/Thread.java 9 May 2006 14:41:53 - @@ -347,8 +347,8 @@ if (group == null) group = current.group; } -else if (sm != null) - sm.checkAccess(group); +if (sm != null) + sm.checkAccess(group); this.group = group; // Use toString hack to detect null.
[cp-patches] FYI: Updated java.lang.Thread throwpoint tests
Hi all, My previous commit fixes a number of problems with the Thread throwpoint tests. Firstly, they failed big-time on proprietary runtimes: seems that Classpath's default SecurityManager's checkAccess() methods perform permission checks in more cases than is necessary. Secondly, some constructor throwpoints were not tested. It turns out they aren't working either, so this commit causes four new fails. My next task is to fix all this :) Cheers, Gary Index: ChangeLog === RCS file: /cvs/mauve/mauve/ChangeLog,v retrieving revision 1.1604 diff -u -r1.1604 ChangeLog --- ChangeLog 3 May 2006 00:13:37 - 1.1604 +++ ChangeLog 4 May 2006 14:37:33 - @@ -1,3 +1,9 @@ +2006-05-04 Gary Benson [EMAIL PROTECTED] + + * gnu/testlet/java/lang/Thread/security.java: Added some missing + constructor tests, and rearranged to work with class libraries + other than Classpath. + 2006-05-03 Robert Schuster [EMAIL PROTECTED] * gnu/testlet/javax/swing/text/GapContent/constructors.java: Index: gnu/testlet/java/lang/Thread/security.java === RCS file: /cvs/mauve/mauve/gnu/testlet/java/lang/Thread/security.java,v retrieving revision 1.2 diff -u -r1.2 security.java --- gnu/testlet/java/lang/Thread/security.java 17 Feb 2006 13:11:14 - 1.2 +++ gnu/testlet/java/lang/Thread/security.java 4 May 2006 14:37:33 - @@ -32,13 +32,17 @@ public class security implements Testlet { + private static Permission[] modifyThread = new Permission[] { +new RuntimePermission(modifyThread)}; + + private static Permission[] modifyThreadGroup = new Permission[] { +new RuntimePermission(modifyThreadGroup)}; + public void test(TestHarness harness) { try { harness.checkPoint(setup); - Thread testThread = new Thread(); - // we need a different classloader for some of the checks to occur. Class testClass = new URLClassLoader(new URL[] { new File(harness.getSourceDirectory()).toURL()}, null).loadClass( @@ -48,11 +52,30 @@ Method getContextClassLoaderTest = testClass.getMethod( testGetContextClassLoader, new Class[] {Thread.class}); - Thread currentThread = Thread.currentThread(); + TestSecurityManager2 sm = new TestSecurityManager2(harness); + + // The default SecurityManager.checkAccess(Thread) method only + // checks permissions when the thread in question is a system + // thread. System threads are those whose parent is the system + // threadgroup, which is the threadgroup with no parent. + // + // The default SecurityManager.checkAccess(ThreadGroup) method + // only checks permissions when the threadgroup in question is + // the system threadgroup. + ThreadGroup systemGroup = Thread.currentThread().getThreadGroup(); + while (systemGroup.getParent() != null) + systemGroup = systemGroup.getParent(); + + Thread testThread = new Thread(systemGroup, test thread); + harness.check(testThread.getThreadGroup().getParent() == null); + + Thread modifyGroupThread = new Thread( + systemGroup, new SysTestRunner(harness, sm, testThread)); + harness.check(modifyGroupThread.getThreadGroup().getParent() == null); + Throwable threadDeath = new ThreadDeath(); Throwable notThreadDeath = new ClassNotFoundException(); - ThreadGroup group = new ThreadGroup(test group); Runnable runnable = new Runnable() { public void run() @@ -66,17 +89,17 @@ Permission[] setContextClassLoader = new Permission[] { new RuntimePermission(setContextClassLoader)}; - Permission[] modifyThread = new Permission[] { - new RuntimePermission(modifyThread)}; - Permission[] stopThread = new Permission[] { new RuntimePermission(modifyThread), new RuntimePermission(stopThread)}; - Permission[] modifyThreadGroup = new Permission[] { - new RuntimePermission(modifyThreadGroup)}; + // XXX Thread.stop() tests only work on Classpath + // XXX The checks don't happen otherwise, so calls + // XXX to Thread.currentThread().stop() actually + // XXX happen :( So, we inhibit this. + boolean we_are_gnu_classpath = + System.getProperty(gnu.classpath.version) != null; - TestSecurityManager2 sm = new TestSecurityManager2(harness); try { sm.install(); @@ -189,18 +212,6 @@ harness.debug(ex); harness.check(false, unexpected check); } - - // throwpoint: java.lang.Thread-enumerate - harness.checkPoint(enumerate); - try { - sm.prepareChecks(modifyThreadGroup); - Thread.enumerate(new Thread[0]); - sm.checkAllChecked(harness); - } - catch (SecurityException ex) { - harness.debug(ex); - harness.check(false
[cp-patches] Re: FYI: Updated java.lang.Thread throwpoint tests
Balls, wrong list! Gary Benson wrote: Hi all, My previous commit fixes a number of problems with the Thread throwpoint tests. Firstly, they failed big-time on proprietary runtimes: seems that Classpath's default SecurityManager's checkAccess() methods perform permission checks in more cases than is necessary. Secondly, some constructor throwpoints were not tested. It turns out they aren't working either, so this commit causes four new fails. My next task is to fix all this :) Cheers, Gary
Re: [cp-patches] RFC: Path canonicalizer
Tom Tromey wrote: Gary == Gary Benson [EMAIL PROTECTED] writes: Gary It's possible, I suppose, but it seems over-complex when libgcj Gary manages to sidestep the PATH_MAX thing just fine with: Gary #ifndef MAXPATHLEN Gary#define MAXPATHLEN 4096 Gary #endif Yeah, I suppose so. Gary Also, aren't malloc/realloc and friends slow calls? Not compared to readlink. Ok, so I posted an updated patch to the gcj patches list that does dynamic allocation. If/when that's accepted there I'll port it to Classpath. Cheers, Gary
Re: [cp-patches] RFC: Path canonicalizer
Tom Tromey wrote: Mark == Mark Wielaard [EMAIL PROTECTED] writes: Mark It does look good to me. But in theory the usage of PATH_MAX Mark PATH_MAX might be a problem. Yeah, this famously is not defined in Hurd. Do we really need a limit here? Can't we just resize the buffer dynamically as needed? It's possible, I suppose, but it seems over-complex when libgcj manages to sidestep the PATH_MAX thing just fine with: #ifndef MAXPATHLEN #define MAXPATHLEN 4096 #endif Also, aren't malloc/realloc and friends slow calls? Cheers, Gary
Re: [cp-patches] RFC: Path canonicalizer
Mark Wielaard wrote: ...I assume this is normally called on absolute paths that are already in canonical form. Not necessarily. For example, the way JPackage makes Tomcat FHS compliant (with symlinks all over the place) means that just about every FilePermission check will involve following links. Cheers, Gary
Re: [cp-patches] RFC: Path canonicalizer
Mark Wielaard wrote: On Wed, 2006-03-29 at 09:54 +0100, Gary Benson wrote: This patch makes Classpath do the right thing on GNU/Posix systems. Cool. But where is the ChangeLog entry!? Erm, future work? :) It does look good to me. But in theory the usage of PATH_MAX might be a problem. According to the glibc manual it might not be defined if there is no limit on the file name and you should use pathconf() to get limits in case there are different file systems with different limits. But then you cannot/shouldn't allocate so much memory since it might be huge. I don't know if this is a problem in practice though. Anybody? http://www.gnu.org/software/libc/manual/html_node/Limits-for-Files.html http://www.gnu.org/software/libc/manual/html_node/Pathconf.html We could always use pathconf() and just cap the return value at something we wouldn't mind allocating. I'd need to experiment, though, to make sure it copes with non-existent paths. Should we cache the result of getCanonicalPath() or isn't it used that much? It's result should absolutely not be cached. Changes to the filesystem can alter the canonical form of a path. Could you also add a little note the the NEWS file under Runtime/Platform interface changes? Ok. I haven't committed it as it almost certainly breaks builds on Windows, and I need some help to get stuff building conditionally. After that I can have a go at porting the Windows canonicalizer from GCJ (I don't think Classpath's current one does much on Windows). No it doesn't. And it is actually pretty platform dependent. The PlatformHelper.toCanonicalForm() approach didn't really work. IKVM for example just has its own VMFile.toCanonicalForm() based on .net/C# System.IO.FileInfo. Your current code should work on cygwin also which is already nice. Ok, cool. Cheers, Gary
Re: [cp-patches] RFC: Path canonicalizer
Mark Wielaard wrote: Do note that with that define you will end up using 3 * 4K for each toCanonicalForm() operation. Will that be a problem do you think? Cheers, Gary
[cp-patches] RFC: Path canonicalizer
Hi all, Here's my attempt at a JNI GNU/Posix path canonicalizer. If you missed my previous mail, this is required in order for FilePermission checks to work (PR classpath/24895). Classpath's canonicalizer doesn't handle symbolic links, whereas GCJ's does, just not very well. This patch makes Classpath do the right thing on GNU/Posix systems. I haven't committed it as it almost certainly breaks builds on Windows, and I need some help to get stuff building conditionally. After that I can have a go at porting the Windows canonicalizer from GCJ (I don't think Classpath's current one does much on Windows). Thanks, Gary Index: java/io/File.java === RCS file: /cvsroot/classpath/classpath/java/io/File.java,v retrieving revision 1.61 diff -u -r1.61 File.java --- java/io/File.java 17 Dec 2005 21:16:23 - 1.61 +++ java/io/File.java 29 Mar 2006 08:40:39 - @@ -484,9 +484,9 @@ /** * This method returns a canonical representation of the pathname of * this file. The actual form of the canonical representation is - * different. On the GNU system, the canonical form differs from the - * absolute form in that all relative file references to . and .. - * are resolved and removed. + * system-dependent. On the GNU system, conversion to canonical + * form involves the removal of redundant separators, references to + * . and .., and symbolic links. * p * Note that this method, unlike the other methods which return path * names, can throw an IOException. This is because native method Index: vm/reference/java/io/VMFile.java === RCS file: /cvsroot/classpath/classpath/vm/reference/java/io/VMFile.java,v retrieving revision 1.7 diff -u -r1.7 VMFile.java --- vm/reference/java/io/VMFile.java2 Jul 2005 20:33:08 - 1.7 +++ vm/reference/java/io/VMFile.java29 Mar 2006 08:40:39 - @@ -210,10 +210,10 @@ /** * This method returns a canonical representation of the pathname of - * the given path. The actual form of the canonical representation is - * different. On the GNU system, the canonical form differs from the - * absolute form in that all relative file references to . and .. - * are resolved and removed. + * this file. The actual form of the canonical representation is + * system-dependent. On the GNU system, conversion to canonical + * form involves the removal of redundant separators, references to + * . and .., and symbolic links. * p * Note that this method, unlike the other methods which return path * names, can throw an IOException. This is because native method @@ -221,9 +221,5 @@ * * @exception IOException If an error occurs */ - public static String toCanonicalForm(String path) throws IOException - { - // FIXME: this only works on UNIX - return PlatformHelper.toCanonicalForm(path); - } + public static native String toCanonicalForm(String path) throws IOException; } Index: include/java_io_VMFile.h === RCS file: /cvsroot/classpath/classpath/include/java_io_VMFile.h,v retrieving revision 1.3 diff -u -r1.3 java_io_VMFile.h --- include/java_io_VMFile.h11 Nov 2004 17:31:31 - 1.3 +++ include/java_io_VMFile.h29 Mar 2006 08:40:39 - @@ -24,6 +24,7 @@ JNIEXPORT jboolean JNICALL Java_java_io_VMFile_canWrite (JNIEnv *env, jclass, jstring); JNIEXPORT jboolean JNICALL Java_java_io_VMFile_canRead (JNIEnv *env, jclass, jstring); JNIEXPORT jboolean JNICALL Java_java_io_VMFile_isDirectory (JNIEnv *env, jclass, jstring); +JNIEXPORT jstring JNICALL Java_java_io_VMFile_toCanonicalForm (JNIEnv *env,jclass, jstring); #undef java_io_VMFile_IS_CASE_SENSITIVE #define java_io_VMFile_IS_CASE_SENSITIVE 1L #undef java_io_VMFile_IS_DOS_8_3 Index: native/jni/java-io/java_io_VMFile.c === RCS file: /cvsroot/classpath/classpath/native/jni/java-io/java_io_VMFile.c,v retrieving revision 1.10 diff -u -r1.10 java_io_VMFile.c --- native/jni/java-io/java_io_VMFile.c 25 Jan 2006 10:40:12 - 1.10 +++ native/jni/java-io/java_io_VMFile.c 29 Mar 2006 08:40:39 - @@ -1,5 +1,5 @@ /* java_io_VMFile.c - Native methods for java.io.File class - Copyright (C) 1998, 2004 Free Software Foundation, Inc. + Copyright (C) 1998, 2004, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -41,6 +41,8 @@ #include stdio.h #include stdlib.h +#include limits.h + #include jni.h #include jcl.h @@ -730,3 +732,173 @@ return (0); #endif /* not WITHOUT_FILESYSTEM */ } + +/*/ + +/* + * This method converts a path to canonical form on GNU/Posix systems. + * + * Class: java_io_VMFile + * Method:toCanonicalForm + * Signature:
[cp-patches] FYI: Canonicalize paths during FilePermission checks
Hi again, This commit makes java.io.FilePermission.implies() canonicalize paths before comparing them, thus avoiding directory- and symlink-traversal vulnerabilities (PR classpath/24895). Combined with the new path canonicalizer this patch makes Classpath pass the new Mauve tests I wrote the other week. (Of course, without the new canonicalizer it does very little...) Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.6941 diff -u -r1.6941 ChangeLog --- ChangeLog 29 Mar 2006 14:52:34 - 1.6941 +++ ChangeLog 29 Mar 2006 15:32:50 - @@ -1,3 +1,8 @@ +2006-03-29 Gary Benson [EMAIL PROTECTED] + + Partial fix for PR classpath/24895 + * java/io/FilePermission.java (implies): Canonicalize paths. + 2006-03-29 Robert Schuster [EMAIL PROTECTED] PR 26888 Index: java/io/FilePermission.java === RCS file: /cvsroot/classpath/classpath/java/io/FilePermission.java,v retrieving revision 1.20 diff -u -r1.20 FilePermission.java --- java/io/FilePermission.java 16 Nov 2005 19:17:37 - 1.20 +++ java/io/FilePermission.java 29 Mar 2006 15:32:50 - @@ -1,5 +1,6 @@ /* FilePermission.java -- - Copyright (C) 1998, 2000, 2003, 2004, 2005 Free Software Foundation, Inc. + Copyright (C) 1998, 2000, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -44,9 +45,6 @@ { private static final long serialVersionUID = 7930732926638008763L; - private static final String CURRENT_DIRECTORY = -System.getProperty(user.dir); - private static final String ALL_FILES = ALL FILES; private boolean readPerm = false; @@ -213,10 +211,18 @@ FilePermission fp = (FilePermission) p; String f2 = fp.getName(); -if (f1.charAt(0) != File.separatorChar) - f1 = CURRENT_DIRECTORY + f1; -if (f2.charAt(0) != File.separatorChar) - f2 = CURRENT_DIRECTORY + f2; +if (f2.equals(ALL_FILES)) + return false; + +try + { + f1 = new File(f1).getCanonicalPath(); + f2 = new File(f2).getCanonicalPath(); + } +catch (IOException ioe) + { + return false; + } String sub1;
[cp-patches] FYI: FilePermission symlink handling test
Hi all, My last commit adds a test to check FilePermission's handling of symbolic links. Both proprietary JVMs I tried passed this test, but Classpath does not. Now to figure out how to fix this... Cheers, Gary Index: ChangeLog === RCS file: /cvs/mauve/mauve/ChangeLog,v retrieving revision 1.1562 diff -u -r1.1562 ChangeLog --- ChangeLog 21 Mar 2006 19:59:15 - 1.1562 +++ ChangeLog 22 Mar 2006 10:41:39 - @@ -1,3 +1,7 @@ +2006-03-22 Gary Benson [EMAIL PROTECTED] + + * gnu/testlet/java/io/FilePermission/traversal.java: New test. + 2006-03-21 Tom Tromey [EMAIL PROTECTED] * gnu/testlet/java/text/Bidi/reorderVisually.java: New file. Index: gnu/testlet/java/io/FilePermission/traversal.java === RCS file: gnu/testlet/java/io/FilePermission/traversal.java diff -N gnu/testlet/java/io/FilePermission/traversal.java --- /dev/null 1 Jan 1970 00:00:00 - +++ gnu/testlet/java/io/FilePermission/traversal.java 22 Mar 2006 10:41:39 - @@ -0,0 +1,135 @@ +// Copyright (C) 2006 Red Hat, Inc. +// Written by Gary Benson [EMAIL PROTECTED] + +// This file is part of Mauve. + +// Mauve is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2, or (at your option) +// any later version. + +// Mauve is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Mauve; see the file COPYING. If not, write to +// the Free Software Foundation, 59 Temple Place - Suite 330, +// Boston, MA 02111-1307, USA. + +package gnu.testlet.java.io.FilePermission; + +import java.io.File; +import java.io.FilePermission; +import java.util.LinkedList; + +import gnu.testlet.Testlet; +import gnu.testlet.TestHarness; + +public class traversal implements Testlet +{ + public void test (TestHarness harness) + { +try { + harness.checkPoint(setup); + + String[] items_to_access = new String[] { + file,// a file in the directory + rlink, // a relative link to a file outside the directory + alink}; // an absolute link to a file outside the directory + + String[] ways_to_access = new String[] { + dir, // via the directory + rlink, // via a relative link to the directory + alink}; // via an absolute link to the directory + + String[] item_states = new String[] { + present, // the file exists + absent}; // the file does not exist + + LinkedList cleanup = new LinkedList(); + try { + File tempdir = new File(harness.getTempDirectory(), mauve-testdir); + harness.check(tempdir.isDirectory() || tempdir.mkdir()); + cleanup.add(tempdir); + + File testdir = new File(tempdir, dir); + harness.check(testdir.isDirectory() || testdir.mkdir()); + cleanup.add(testdir); + + File link = new File(tempdir, rlink); + harness.check(Runtime.getRuntime().exec(new String[] { + ln, -s, testdir.getName(), link.getPath() + }).waitFor() == 0); + cleanup.add(link); + + link = new File(tempdir, alink); + harness.check(Runtime.getRuntime().exec(new String[] { + ln, -s, testdir.getPath(), link.getPath() + }).waitFor() == 0); + cleanup.add(link); + + File[] dirs = new File[] {testdir, tempdir}; + for (int i = 0; i dirs.length; i++) { + File file = new File(dirs[i], file-present); + harness.check(file.isFile() || file.createNewFile()); + cleanup.add(file); + + file = new File(dirs[i], file-absent); + harness.check(!file.exists()); + } + + for (int i = 0; i item_states.length; i++) { + File file = new File(tempdir, file- + item_states[i]); + + link = new File(testdir, rlink- + item_states[i]); + harness.check(Runtime.getRuntime().exec(new String[] { + ln, -s, new File(..,file.getName()).getPath(), link.getPath() + }).waitFor() == 0); + cleanup.add(link); + + link = new File(testdir, alink- + item_states[i]); + harness.check(Runtime.getRuntime().exec(new String[] { + ln, -s, file.getPath(), link.getPath() + }).waitFor() == 0); + cleanup.add(link); + } + + harness.checkPoint(test); + for (int i = 0; i items_to_access.length; i++) { + String item_to_access = items_to_access[i]; + for (int j = 0; j ways_to_access.length; j++) { + String how_to_access = ways_to_access[j]; + for (int k = 0; k ways_to_access.length; k++) { + String
[cp-patches] Re: FYI: FilePermission symlink handling test
Oops, that was for mauve-patches! Sorry for the noise. Gary Benson wrote: Hi all, My last commit adds a test to check FilePermission's handling of symbolic links. Both proprietary JVMs I tried passed this test, but Classpath does not. Now to figure out how to fix this... Cheers, Gary
Re: [cp-patches] RFC: system clipboard integration
Robert Schuster wrote: The code contains security related stuff which I am unfamiliar with. Can somebody review that part? Gary? It looks fine. Cheers, Gary
Re: [cp-patches] RFC: Checking file resource validity by walking path components
Olivier Jolly wrote: the current implementation which retrieves a File resource allows to retrieve Files which are located above the root dir (imagine ClassLoader.getResource(../../../etc/passwd)) while it shouldn't (hence the current regression in gnu.testlet.java.net.URLClassLoader.getResource about '..'). Well spotted :) I propose to check the validity of a File resource by walking through all the path components and making sure that all intermediate components are valid (ie File.isDirectory and File.exists are true) and that we never try to get out the root directory. What you describe is mostly implemented in File.getCanonicalPath(). A fix for your issue might be as simple as: String base = new File(ROOT).getCanonicalPath() + File.separator; String resource = new File(ROOT, RESOURCE).getCanonicalPath(); if (!resource.startsWith(base)) throw new Whatever(); where ROOT and RESOURCE are the classloader root and the resource you're after, respectively. I only consider .. as a way to escaping the root directory, it may be more complex than that ... There are symbolic links to consider too. File.getCanonicalPath() should handle them. Cheers, Gary
[cp-patches] FYI: Added missing access check in Thread.stop
Hi, My last commit added a missing access check in Thread.stop. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.6414 diff -u -r1.6414 ChangeLog --- ChangeLog 16 Feb 2006 08:45:28 - 1.6414 +++ ChangeLog 16 Feb 2006 09:52:34 - @@ -1,3 +1,7 @@ +2006-02-16 Gary Benson [EMAIL PROTECTED] + + * java/lang/Thread.java (stop): Add a missing access check. + 2006-02-16 Robert Schuster [EMAIL PROTECTED] * javax/swing/text/JTextComponent.java: Index: java/lang/Thread.java === RCS file: /cvsroot/classpath/classpath/java/lang/Thread.java,v retrieving revision 1.17 diff -u -r1.17 Thread.java --- java/lang/Thread.java 6 Jan 2006 15:05:57 - 1.17 +++ java/lang/Thread.java 16 Feb 2006 09:52:35 - @@ -906,7 +906,7 @@ if (sm != null) { sm.checkAccess(this); -if (this != currentThread()) +if (this != currentThread() || !(t instanceof ThreadDeath)) sm.checkPermission(new RuntimePermission(stopThread)); } VMThread vt = vmThread;
[cp-patches] FYI: Implemented java.net.SocketPermission serialization
Hi all, I just committed a patch that implements serialization in java.net.SocketPermission. I had to add a dummy field, actions, in order for the serialized representation to match that from a proprietary JVM. This seems sucky, but I think it's the only way. Cheers, Gary k Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.6155 diff -u -r1.6155 ChangeLog --- ChangeLog 24 Jan 2006 14:06:11 - 1.6155 +++ ChangeLog 24 Jan 2006 14:07:28 - @@ -1,3 +1,7 @@ +2006-01-24 Gary Benson [EMAIL PROTECTED] + + * java/net/SocketPermission.java: Implemented serialization. + 2006-01-24 David Gilbert [EMAIL PROTECTED] * javax/swing/text/StringContent.java Index: java/net/SocketPermission.java === RCS file: /cvsroot/classpath/classpath/java/net/SocketPermission.java,v retrieving revision 1.18 diff -u -r1.18 SocketPermission.java --- java/net/SocketPermission.java 23 Jan 2006 15:40:55 - 1.18 +++ java/net/SocketPermission.java 24 Jan 2006 14:07:28 - @@ -38,6 +38,9 @@ package java.net; +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; import java.io.Serializable; import java.security.Permission; import java.security.PermissionCollection; @@ -113,18 +116,16 @@ { static final long serialVersionUID = -7204263841984476862L; -// FIXME: Needs serialization work, including readObject/writeObject methods. - /** * A hostname (possibly wildcarded) or IP address (IPv4 or IPv6). */ - private String host; + private transient String host; /** * A range of ports. */ - private int minport; - private int maxport; + private transient int minport; + private transient int maxport; /** * Values used for minimum and maximum ports when one or both bounds @@ -136,9 +137,17 @@ private static final int MAX_PORT = Integer.MAX_VALUE; /** - * A bitmask representing the actions for which we have permission + * The actions for which we have permission. This field is present + * to make the serialized form correct and should not be used by + * anything other than writeObject: everything else should use + * actionmask. */ - private int actions; + private String actions; + + /** + * A bitmask representing the actions for which we have permission. + */ + private transient int actionmask; /** * The available actions, in the canonical order required for getActions(). @@ -146,7 +155,7 @@ private static final String[] ACTIONS = new String[] { connect, listen, accept, resolve}; -/** + /** * Initializes a new instance of codeSocketPermission/code with the * specified host/port combination and actions string. * @@ -252,7 +261,7 @@ */ private void setActions(String actionstring) { -actions = 0; +actionmask = 0; boolean resolve_needed = false; boolean resolve_present = false; @@ -282,7 +291,7 @@ { if (action.equals(ACTIONS[i])) { - actions |= 1 i; + actionmask |= 1 i; return; } } @@ -309,7 +318,7 @@ else return false; -return p.actions == actions +return p.actionmask == actionmask p.minport == minport p.maxport == maxport p.host.equals(host); @@ -323,7 +332,7 @@ */ public int hashCode() { -return actions + minport + maxport + host.hashCode(); +return actionmask + minport + maxport + host.hashCode(); } /** @@ -338,7 +347,7 @@ for (int i = 0; i ACTIONS.length; i++) { - if ((actions (1 i)) != 0) + if ((actionmask (1 i)) != 0) { if (sb.length() != 0) sb.append(,); @@ -398,7 +407,7 @@ return false; // Next check the actions -if ((p.actions actions) != p.actions) +if ((p.actionmask actionmask) != p.actionmask) return false; // Then check the ports @@ -442,4 +451,35 @@ // Didn't make it return false; } + + /** + * Deserializes a codeSocketPermission/code object from + * an input stream. + * + * @param input the input stream. + * @throws IOException if an I/O error occurs in the stream. + * @throws ClassNotFoundException if the class of the + * serialized object could not be found. + */ + private void readObject(ObjectInputStream input) +throws IOException, ClassNotFoundException + { +input.defaultReadObject(); +setHostPort(getName()); +setActions(actions); + } + + /** + * Serializes a codeSocketPermission/code object to an + * output stream. + * + * @param output the output stream. + * @throws IOException if an I/O error occurs in the stream. + */ + private void writeObject(ObjectOutputStream output) +throws IOException
[cp-patches] RFC: Rewritten java.net.SocketPermission
Hi all, I've been writing Mauve tests to try and figure out what the patch on PR classpath/24708 is all about and I figured it made things a little neater but didn't go nearly far enough. I gave up trying to rescue bits of it after a while and just wrote chunks of it from scratch. It's my first major patch so I thought I'd pass it for review before committing. The changes I made are as follows: * The current implementation does all its parsing in the implies method. This is inefficient for instances that are part of the security policy, and it means that any parse exceptions are thrown at the wrong time. My patch solves these two problems by moving all parsing into methods called by the constructor. * The parser for the constructor's hostport argument is completely new. Improvements over the current implementation are that it can handle IPv6 addresses and that it checks its arguments and throws IllegalArgumentExceptions where appropriate. This mitigates the risk of misconfigurations in security policy files becoming exploitable. * The actions handling stuff is also completely new, replacing the current string-based one with one based on bitmasks. It too checks its arguments. The new patch does not check the host part of the hostport argument very much, and the host checking in implies() has not been touched. That's my next project :) Questions I have: * Should I make things transient? * Is hashcode() ok? * What should I put in the ChangeLog? There's so many changes it's hard to see how I'd break them down per-method. I'll be committing the Mauve tests shortly. Cheers, Gary Index: java/net/SocketPermission.java === RCS file: /cvsroot/classpath/classpath/java/net/SocketPermission.java,v retrieving revision 1.17 diff -u -r1.17 SocketPermission.java --- java/net/SocketPermission.java 16 Jan 2006 10:28:35 - 1.17 +++ java/net/SocketPermission.java 19 Jan 2006 11:43:58 - @@ -1,5 +1,6 @@ /* SocketPermission.java -- Class modeling permissions for socket operations - Copyright (C) 1998, 2000, 2001, 2002, 2004 Free Software Foundation, Inc. + Copyright (C) 1998, 2000, 2001, 2002, 2004, 2006 Free Software + Foundation, Inc. This file is part of GNU Classpath. @@ -105,7 +106,8 @@ * * @since 1.2 * - * @author Aaron M. Renn ([EMAIL PROTECTED]) + * @author Written by Aaron M. Renn ([EMAIL PROTECTED]) + * @author Extensively modified by Gary Benson ([EMAIL PROTECTED]) */ public final class SocketPermission extends Permission implements Serializable { @@ -114,16 +116,37 @@ // FIXME: Needs serialization work, including readObject/writeObject methods. /** - * A hostname/port combination as described above + * A hostname (possibly wildcarded) or IP address (IPv4 or IPv6). */ - private transient String hostport; + private String host; /** - * A comma separated list of actions for which we have permission + * A range of ports. */ - private String actions; + private int minport; + private int maxport; /** + * Values used for minimum and maximum ports when one or both bounds + * are omitted. This class is essentially independent of the + * networking code it describes, so we do not limit ports to the + * usual network limits of 1 and 65535. + */ + private static final int MIN_PORT = 0; + private static final int MAX_PORT = Integer.MAX_VALUE; + + /** + * A bitmask representing the actions for which we have permission + */ + private int actions; + + /** + * The available actions, in the canonical order required for getActions(). + */ + private static final String[] ACTIONS = new String[] { +connect, listen, accept, resolve}; + +/** * Initializes a new instance of codeSocketPermission/code with the * specified host/port combination and actions string. * @@ -134,8 +157,136 @@ { super(hostport); -this.hostport = hostport; -this.actions = actions; +setHostPort(hostport); +setActions(actions); + } + + /** + * Parse the hostport argument to the constructor. + */ + private void setHostPort(String hostport) + { +// Split into host and ports +String ports; +if (hostport.length() == 0) + { + host = ports = ; + } +else if (hostport.charAt(0) == '[') + { + // host is a bracketed IPv6 address + int end = hostport.indexOf(]); + if (end == -1) + throw new IllegalArgumentException(Unmatched '['); + host = hostport.substring(1, end); + + if (end == hostport.length() - 1) + ports = ; + else if (hostport.charAt(end + 1) == ':') + ports = hostport.substring(end + 2); + else + throw new IllegalArgumentException(Bad character after ']'); + } +else + { + // host is a hostname or IPv4 address + int sep = hostport.indexOf
[cp-patches] FYI: Security manager preload tweak
Hi all, This commit modifies my previous one to ignore ClassNotFoundException rather than Throwable, as suggested by Archie and Jeroen. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.6092 diff -u -r1.6092 ChangeLog --- ChangeLog 16 Jan 2006 20:43:20 - 1.6092 +++ ChangeLog 17 Jan 2006 10:25:21 - @@ -1,3 +1,8 @@ +2006-01-17 Gary Benson [EMAIL PROTECTED] + + * java/lang/System.java (setSecurityManager): Catch + ClassNotFoundException not Throwable. + 2006-01-16 Anthony Green [EMAIL PROTECTED] PR classpath/25803 Index: java/lang/System.java === RCS file: /cvsroot/classpath/classpath/java/lang/System.java,v retrieving revision 1.54 diff -u -r1.54 System.java --- java/lang/System.java 16 Jan 2006 09:53:31 - 1.54 +++ java/lang/System.java 17 Jan 2006 10:25:21 - @@ -190,7 +190,7 @@ { Class.forName(java.security.Security); } - catch (Throwable t) + catch (ClassNotFoundException e) { } } ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
[cp-patches] FYI: Load policies before setting security manager
Hi all, This fix loads java.security.Security before setting a security manager, ensuring that various classes and policy files are loaded before any restrictions on such things come into play. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.6069 diff -u -r1.6069 ChangeLog --- ChangeLog 16 Jan 2006 09:24:19 - 1.6069 +++ ChangeLog 16 Jan 2006 09:53:13 - @@ -1,3 +1,8 @@ +2006-01-16 Gary Benson [EMAIL PROTECTED] + + * java/lang/System.java (setSecurityManager): Ensure policy + files are loaded before a security manager is put in place. + 2006-01-16 David Gilbert [EMAIL PROTECTED] * javax/swing/text/SimpleAttributeSet.java: Updated API docs all over. Index: java/lang/System.java === RCS file: /cvsroot/classpath/classpath/java/lang/System.java,v retrieving revision 1.53 diff -u -r1.53 System.java --- java/lang/System.java 13 Sep 2005 22:19:15 - 1.53 +++ java/lang/System.java 16 Jan 2006 09:53:13 - @@ -178,6 +178,23 @@ if (SecurityManager.current != null) SecurityManager.current.checkPermission (new RuntimePermission(setSecurityManager)); + +// java.security.Security's class initialiser loads and parses the +// policy files. If it hasn't been run already it will be run +// during the first permission check. That initialisation will +// fail if a very restrictive security manager is in force, so we +// preload it here. +if (SecurityManager.current == null) + { + try + { + Class.forName(java.security.Security); + } + catch (Throwable t) + { + } + } + SecurityManager.current = sm; } ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
[cp-patches] FYI: Fix SocketPermission action checks
Hi, This patch fixes the action checks in java.net.SocketPermission's implies method. I noticed they were broken whilst writing Mauve tests to try and figure out what the patch on PR classpath/24708 is all about. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.6073 diff -u -r1.6073 ChangeLog --- ChangeLog 16 Jan 2006 10:15:47 - 1.6073 +++ ChangeLog 16 Jan 2006 10:27:42 - @@ -1,3 +1,7 @@ +2006-01-16 Gary Benson [EMAIL PROTECTED] + + * java/net/SocketPermission.java (implies): Fix action checks. + 2006-01-16 Roman Kennke [EMAIL PROTECTED] * native/target/generic/target_generic_math_float.h: Removed. This Index: java/net/SocketPermission.java === RCS file: /cvsroot/classpath/classpath/java/net/SocketPermission.java,v retrieving revision 1.16 diff -u -r1.16 SocketPermission.java --- java/net/SocketPermission.java 2 Jul 2005 20:32:39 - 1.16 +++ java/net/SocketPermission.java 16 Jan 2006 10:27:42 - @@ -40,6 +40,7 @@ import java.io.Serializable; import java.security.Permission; import java.security.PermissionCollection; +import java.util.StringTokenizer; /** @@ -269,10 +270,11 @@ // Next check the actions String ourlist = getActions(); -String theirlist = p.getActions(); +StringTokenizer theirlist = new StringTokenizer(p.getActions(), ,); -if (! ourlist.startsWith(theirlist)) - return false; +while (theirlist.hasMoreTokens()) + if (ourlist.indexOf(theirlist.nextToken()) == -1) + return false; // Now check ports int ourfirstport = 0; ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: remove bogus ServerSocket security check
Mark Wielaard wrote: On Mon, 2005-12-26 at 19:05 -0800, Anthony Green wrote: This patch removes a bogus security check from ServerSocket.accept(), and replaces it with a request to implement a proper check. Once applied I will file a bug report for our records. Gary, do we have Mauve tests for this case already? No. FWIW if I had you could find it with something like grep 'security: java.net.ServerSocket-accept' Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] FYI: Allow Security.setProperty(foo, null)
Tom Tromey wrote: Gary == Gary Benson [EMAIL PROTECTED] writes: Gary At the moment Security.setProperty() will not allow the Gary setting of null property values. Since Security.getProperty() Gary returns null for unset properties this means that the Gary following will fail: When you sent this last week I replied to it... did you not see that? No, I did not. I certainly wouldn't have committed without replying. I seem to have missed a bunch of mails lately. I wonder if someone's installed an overzealous spam filter upstream of me. In particular I wanted to know about Mauve tests and documenting the behavior of 'null'. With the patch Security.setProperty(foo, null) will unset the property. Security.getProperty(foo) returns null for unset properties. I'll do a Mauve test now... Also your ChangeLog entry is not really formatted properly. I wouldn't bother changing that at this point though, it is just a pedantic thing. Ok, sorry. Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
[cp-patches] FYI: Allow Security.setProperty(foo, null)
Hi, At the moment Security.setProperty() will not allow the setting of null property values. Since Security.getProperty() returns null for unset properties this means that the following will fail: String key = some.old.property; Security.setProperty(key, Security.getProperty(key)); The javadoc is unclear: it says nothing about null values, but it doesn't say anything about throwing NullPointerExceptions (which we currently do). I tried it on a proprietary JVM and it accepted the null pointer. On the principle of accepting what you emit I think we should do the same. Also included in this patch is the spelling correction s/datnum/datum/. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.5793 diff -u -r1.5793 ChangeLog --- ChangeLog 12 Dec 2005 13:24:22 - 1.5793 +++ ChangeLog 12 Dec 2005 15:28:48 - @@ -1,3 +1,8 @@ +2005-12-12 Gary Benson [EMAIL PROTECTED] + + * java/security/Security.java (setProperty): Spelling correction. + * java/security/Security.java (setProperty): Allow null values. + 2005-12-12 Roman Kennke [EMAIL PROTECTED] * javax/swing/ViewportLayout.java Index: java/security/Security.java === RCS file: /cvsroot/classpath/classpath/java/security/Security.java,v retrieving revision 1.37 diff -u -r1.37 Security.java --- java/security/Security.java 18 Sep 2005 03:06:39 - 1.37 +++ java/security/Security.java 7 Dec 2005 15:44:29 - @@ -399,20 +399,23 @@ * /p * * @param key the name of the property to be set. - * @param datnum the value of the property to be set. + * @param datum the value of the property to be set. * @throws SecurityException if a security manager exists and its * [EMAIL PROTECTED] SecurityManager#checkPermission(Permission)} method denies access * to set the specified security property value. * @see #getProperty(String) * @see SecurityPermission */ - public static void setProperty(String key, String datnum) + public static void setProperty(String key, String datum) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkSecurityAccess(setProperty. + key); -secprops.put(key, datnum); +if (datum == null) + secprops.remove(key); +else + secprops.put(key, datum); } /** ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] FYI: Opening RandomAccessFilesrequiresexcessivepermission
Hi Jeroen, David, What was the point? Cheers, Gary Jeroen Frijters wrote: Hi Gary, David Daney made a good point that reminded me that it probably wasn't as clever as I thought to extend the FilterOutputStream, so extend OutputStream and implementing all methods would be a better idea. I also liked David's suggestion of making this a reusable utility class in gnu.java.io.*. (and just to be complete, I agree with the others that the exception text should be changed as well.) Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Benson Sent: Thursday, December 08, 2005 17:25 To: classpath-patches@gnu.org Subject: Re: [cp-patches] FYI: Opening RandomAccessFilesrequiresexcessivepermission Hi Jeroen, Oh, in that case I'll use your patch, assuming nobody objects. The mauve test ought to spot anything that slips through. Cheers, Gary Jeroen Frijters wrote: Hi Gary, I used a FilterOutputStream because that funnels all writes into the write(int b) method, so you'd only have to override that single method. Personally I wouldn't really like a solution based on FileChannelImpl, but that's simply because IKVM uses a modified version FileChannelImpl. Regards, Jeroen ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: Opening RandomAccessFiles requires excessive permission
David Daney wrote: Gary Benson wrote: David Daney wrote: Gary Benson wrote: ...I'll commit my original patch for now. I hate to sound like I have a burr under the saddle, but does anybody see any merit whatsoever in changing the exception text as I suggested in my previous response to the patch? What did you suggest? I saw your mail about exception handling, but that's all... http://lists.gnu.org/archive/html/classpath-patches/2005-12/msg00042.html Wierd, I never got that mail. But I don't mind the message changing. How do people feel about file not opened for writing? Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] FYI: Opening RandomAccessFiles requiresexcessivepermission
Hi Jeroen, Oh, in that case I'll use your patch, assuming nobody objects. The mauve test ought to spot anything that slips through. Cheers, Gary Jeroen Frijters wrote: Hi Gary, I used a FilterOutputStream because that funnels all writes into the write(int b) method, so you'd only have to override that single method. Personally I wouldn't really like a solution based on FileChannelImpl, but that's simply because IKVM uses a modified version FileChannelImpl. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Benson Sent: Thursday, December 08, 2005 13:02 To: classpath-patches@gnu.org Subject: Re: [cp-patches] FYI: Opening RandomAccessFiles requiresexcessivepermission Hi Jeroen, Hey, interesting. You'd have to override more methods than that though, I think. Maybe the best solution would be to override in gnu.java.nio.channels.FileChannelImpl and create a FileOutputStream with that as its argument. I'll have a proper think about it when I change the exception messages. I'm deep in something else at the moment. Cheers, Gary Jeroen Frijters wrote: Hi Gary, Sorry for the late response, but a somewhat easier (and more efficient) way to fix the problem would have been: +if ((fdmode FileChannelImpl.WRITE) != 0) + out = new DataOutputStream (new FileOutputStream (fd)); +else + out = new DataOutputStream (new FilterOutputStream() { + public void write(int b) throws IOException { + throw new IOException(Bad file descriptor); + } +}); Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Benson Sent: Wednesday, December 07, 2005 16:32 To: classpath-patches@gnu.org Subject: [cp-patches] FYI: Opening RandomAccessFiles requires excessivepermission Hi all, As promised, I committed my fix that means you don't need permission to write file descriptors to open a java.io.RandomAccessFile in read-only mode under a security manager. Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: Add security check to Class.getClasses()
Tom Tromey wrote: Gary == Gary Benson [EMAIL PROTECTED] writes: Gary Class.getClasses() was not performing the member access checks Gary like it ought. The attached patch fixes. I'm working on Gary mauve tests for all of Class's security calls so there will be Gary a check for this issue soonish. Class.getClasses is directly calling memberAccessCheck before it calls internalGetClasses. Also supposedly getClasses should call with Member.PUBLIC, not Member.DECLARED. So it seems to me that this patch is not needed. Ok, so I guess the documentation is inconsistent: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Class.html#getClasses() For this class _and_each_of_its_superclasses_, the following security checks are performed: If there is a security manager, the security manager's checkMemberAccess method is called with this and Member.PUBLIC http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html#PermsAndMethods For this class and each of its superclasses, checkMemberAccess(this, Member.DECLARED) is called... Presently Classpath checks Member.PUBLIC for this class but not for its superclasses. (Member.DECLARED is higher than Member.PUBLIC). FWIW Member.PUBLIC is consistent with getFields(), getMethods(), etc. Hmmm... Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: Opening RandomAccessFiles requires excessive permission
Tom Tromey wrote: Twisti == Christian Thalinger [EMAIL PROTECTED] writes: Twisti Yeah, i didn't take it personally :-) Of course i see your Twisti point, but what i'm trying to say is, if we ever want to Twisti catch up (or even be better) than sun or other proprietary Twisti JVMs, we should think about optimizing some core functions Twisti in classpath... Yeah. This is tricky for us since the various VMs differ. That said, I think we've seen a number of performance fixes go in during the last year, and for the most part these haven't been micro-optimizations. In this particular case, I think RandomAccessFile is not used very much. I would only bother looking at optimizations in this code if it showed up in a profile of some application. Ok, so I'll commit my original patch for now. Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
[cp-patches] FYI: Opening RandomAccessFiles requires excessive permission
Hi all, As promised, I committed my fix that means you don't need permission to write file descriptors to open a java.io.RandomAccessFile in read- only mode under a security manager. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.5775 diff -u -r1.5775 ChangeLog --- ChangeLog 7 Dec 2005 15:12:19 - 1.5775 +++ ChangeLog 7 Dec 2005 15:24:26 - @@ -1,3 +1,9 @@ +2005-12-07 Gary Benson [EMAIL PROTECTED] + + * java/io/RandomAccessFile.java (RandomAccessFile): Don't create + DataOutputStream for read-only files to avoid unnecessary security + manager check. + 2005-12-07 Ito Kazumitsu [EMAIL PROTECTED] Fixes bug #25273 Index: java/io/RandomAccessFile.java === RCS file: /cvsroot/classpath/classpath/java/io/RandomAccessFile.java,v retrieving revision 1.47 diff -u -r1.47 RandomAccessFile.java --- java/io/RandomAccessFile.java 2 Jul 2005 20:32:38 - 1.47 +++ java/io/RandomAccessFile.java 7 Dec 2005 15:24:26 - @@ -124,7 +124,10 @@ ch = FileChannelImpl.create(file, fdmode); fd = new FileDescriptor(ch); -out = new DataOutputStream (new FileOutputStream (fd)); +if ((fdmode FileChannelImpl.WRITE) != 0) + out = new DataOutputStream (new FileOutputStream (fd)); +else + out = null; in = new DataInputStream (new FileInputStream (fd)); } @@ -766,6 +769,9 @@ */ public void write (int oneByte) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.write(oneByte); } @@ -777,6 +783,9 @@ */ public void write (byte[] buffer) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.write(buffer); } @@ -792,6 +801,9 @@ */ public void write (byte[] buffer, int offset, int len) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.write (buffer, offset, len); } @@ -806,6 +818,9 @@ */ public final void writeBoolean (boolean val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeBoolean(val); } @@ -820,6 +835,9 @@ */ public final void writeByte (int val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeByte(val); } @@ -834,6 +852,9 @@ */ public final void writeShort (int val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeShort(val); } @@ -848,6 +869,9 @@ */ public final void writeChar (int val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeChar(val); } @@ -861,6 +885,9 @@ */ public final void writeInt (int val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeInt(val); } @@ -874,6 +901,9 @@ */ public final void writeLong (long val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeLong(val); } @@ -893,6 +923,9 @@ */ public final void writeFloat (float val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeFloat(val); } @@ -913,6 +946,9 @@ */ public final void writeDouble (double val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeDouble(val); } @@ -927,6 +963,9 @@ */ public final void writeBytes (String val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeBytes(val); } @@ -941,6 +980,9 @@ */ public final void writeChars (String val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeChars(val); } @@ -975,6 +1017,9 @@ */ public final void writeUTF (String val) throws IOException { +if (out == null) + throw new IOException(Bad file descriptor); + out.writeUTF(val); } ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
[cp-patches] Patch: Allow Security.setProperty(foo, null)
Hi, At the moment Security.setProperty() will not allow the setting of null property values. Since Security.getProperty() returns null for unset properties this means that the following will fail: String key = some.old.property; Security.setProperty(key, Security.getProperty(key)); The javadoc is unclear: it says nothing about null values, but it doesn't say anything about throwing NullPointerExceptions (which we currently do). I tried it on a proprietary JVM and it accepted the null pointer. On the principle of accepting what you emit I think we should do the same. Also included in this patch is the spelling correction s/datnum/datum/. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.5776 diff -u -r1.5776 ChangeLog --- ChangeLog 7 Dec 2005 15:27:04 - 1.5776 +++ ChangeLog 7 Dec 2005 15:44:29 - @@ -1,5 +1,10 @@ 2005-12-07 Gary Benson [EMAIL PROTECTED] + * java/security/Security.java (setProperty): Spelling correction. + * java/security/Security.java (setProperty): Allow null values. + +2005-12-07 Gary Benson [EMAIL PROTECTED] + * java/io/RandomAccessFile.java (RandomAccessFile): Don't create DataOutputStream for read-only files to avoid unnecessary security manager check. Index: java/security/Security.java === RCS file: /cvsroot/classpath/classpath/java/security/Security.java,v retrieving revision 1.37 diff -u -r1.37 Security.java --- java/security/Security.java 18 Sep 2005 03:06:39 - 1.37 +++ java/security/Security.java 7 Dec 2005 15:44:29 - @@ -399,20 +399,23 @@ * /p * * @param key the name of the property to be set. - * @param datnum the value of the property to be set. + * @param datum the value of the property to be set. * @throws SecurityException if a security manager exists and its * [EMAIL PROTECTED] SecurityManager#checkPermission(Permission)} method denies access * to set the specified security property value. * @see #getProperty(String) * @see SecurityPermission */ - public static void setProperty(String key, String datnum) + public static void setProperty(String key, String datum) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkSecurityAccess(setProperty. + key); -secprops.put(key, datnum); +if (datum == null) + secprops.remove(key); +else + secprops.put(key, datum); } /** ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: Opening RandomAccessFiles requires excessive permission
David Daney wrote: Gary Benson wrote: ...I'll commit my original patch for now. I hate to sound like I have a burr under the saddle, but does anybody see any merit whatsoever in changing the exception text as I suggested in my previous response to the patch? What did you suggest? I saw your mail about exception handling, but that's all... Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] FYI: Getting the system clipboard in javax/swing/TransferHandler
Mark Wielaard wrote: On Sat, 2005-11-19 at 23:40 +0100, Meskauskas Audrius wrote: The idea probably is that if we cannot get access to the system clipboard, we may still want to cut/copy/paste inside the same application (for instance, to move the text fragment in the text area being currently edited). With the local clipboard, the application can only read the clipboard data that it have placed there itself. With the system clipboard, the application may have access on some data that are just accidently remaining there; it is probably possible to steal a valuable information this way. Yes. But the problem was that 1) whenever there was any insecure access to the clipboard all successive calls would use this local clipboard and 2) I am not sure it is really valuable to have (mutually?) insecure code (ex)change the information in a local clipboard. It does seem odd, I agree. I guess the burning question is what does Sun's JRE do?, since we probably ought to be doing the same. As an aside, caching the result of a SecurityManager check is probably something to avoid, and I'm glad to see it was removed in a later commit. (And as another aside, the best way to draw my attention to a thread is a direct mail with an exciting subject ;)) Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: SecurityManager.checkAccess broken
Mark Wielaard wrote: BTW If you are going to more work like this and want developer access please sent register a user name on savannah and sent me an email to add that user to the group. Cool, ok, my savanna username is gbenson. Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
[cp-patches] FYI: Adding myself to AUTHORS
Mark Wielaard wrote: Please post a patch and ChangeLog entry to classpath-patches to add yourself to the AUTHORS file. You can consider that patch pre-approved of course. Here I go! 2005-11-17 Gary Benson [EMAIL PROTECTED] * AUTHORS: Added myself. Cheers, Gary Index: AUTHORS === RCS file: /cvsroot/classpath/classpath/AUTHORS,v retrieving revision 1.29 diff -u -r1.29 AUTHORS --- AUTHORS 16 Nov 2005 18:58:51 - 1.29 +++ AUTHORS 18 Nov 2005 13:51:33 - @@ -8,6 +8,7 @@ Anthony Balkissoon ([EMAIL PROTECTED]) Stuart Ballard ([EMAIL PROTECTED]) Mark Benvenuto ([EMAIL PROTECTED]) +Gary Benson ([EMAIL PROTECTED]) Geoff Berry ([EMAIL PROTECTED]) James E. Blair ([EMAIL PROTECTED]) Eric Blake ([EMAIL PROTECTED]) ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
Re: [cp-patches] Patch: java.io.FilePermission.implies checks reversed
Mark Wielaard wrote: On Wed, 2005-11-16 at 15:10 +, Gary Benson wrote: 2005-11-16 Gary Benson [EMAIL PROTECTED] * java/io/FilePermission.java (implies): Correct the sense in which action checks are applied. And you created mauve tests for this. Very nice! Patch checked in. Thank you! Also, as an aside, the (simple) action checks are performed after the (complex) pathname checks. We'd refuse permission slightly faster if we did the action checks first. Yeah, but I assume that in general programs only try to open files that they have permission for, so we have to do all checks anyway Ah, of course. Never mind then ;) Cheers, Gary ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
[cp-patches] Patch: infinite loop in security manager
Michael Koch wrote: On Wed, Nov 16, 2005 at 11:56:37AM +, Gary Benson wrote: I found a bug where the thing that throws SecurityExceptions can itself cause a SecurityException to be thrown causing an infinite loop. When java.security.AccessControlContext.checkPermission decides that a permission is denied it throws the exception with the following line: throw new AccessControlException (permission + perm + not granted: + domain + does not imply it.); Where domain is a java.security.ProtectionDomain, whose toString() method calls System.getProperty(line.separator). If your security policy denies read access to that system property then it's going to end up trying to throw the same AccessControlException and failing to access line.separator again, ad infinitum (until you run out of stack). I wasn't sure quite how best to fix this so I haven't made a patch. The solution is to use gnu.classpath.SystemProperties.getProperty(...). This does no security check. It is exactly for such issues. Sure, here you are. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.5612 diff -u -r1.5612 ChangeLog --- ChangeLog 15 Nov 2005 23:07:23 - 1.5612 +++ ChangeLog 16 Nov 2005 12:51:26 - @@ -1,3 +1,9 @@ +2005-11-16 Gary Benson [EMAIL PROTECTED] + + * java/security/ProtectionDomain.java (toString): Use + gnu.classpath.SystemProperties to read line.separator + without security manager check. + 2005-11-15 Roman Kennke [EMAIL PROTECTED] * javax/swing/JComponent.java Index: java/security/ProtectionDomain.java === RCS file: /cvsroot/classpath/classpath/java/security/ProtectionDomain.java,v retrieving revision 1.13 diff -u -r1.13 ProtectionDomain.java --- java/security/ProtectionDomain.java 2 Jul 2005 20:32:40 - 1.13 +++ java/security/ProtectionDomain.java 16 Nov 2005 12:51:26 - @@ -37,6 +37,8 @@ package java.security; +import gnu.classpath.SystemProperties; + /** * pThis codeProtectionDomain/code class encapsulates the characteristics * of a domain, which encloses a set of classes whose instances are granted a @@ -222,7 +224,7 @@ */ public String toString() { -String linesep = System.getProperty(line.separator); +String linesep = SystemProperties.getProperty(line.separator); StringBuffer sb = new StringBuffer(ProtectionDomain ().append(linesep); if (code_source == null) ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
[cp-patches] Patch: java.io.FilePermission.implies checks reversed
Hi again, The checks at the end of java.io.FilePermission.implies are backward. They're supposed to be checking that fp's actions are a subset of this object's actions, but they're actually checking that this object's actions are a subset of fp's. The attached patch fixes. Also, as an aside, the (simple) action checks are performed after the (complex) pathname checks. We'd refuse permission slightly faster if we did the action checks first. Cheers, Gary Index: ChangeLog === RCS file: /cvsroot/classpath/classpath/ChangeLog,v retrieving revision 1.5612 diff -u -r1.5612 ChangeLog --- ChangeLog 15 Nov 2005 23:07:23 - 1.5612 +++ ChangeLog 16 Nov 2005 15:09:25 - @@ -1,3 +1,8 @@ +2005-11-16 Gary Benson [EMAIL PROTECTED] + + * java/io/FilePermission.java (implies): Correct the sense + in which action checks are applied. + 2005-11-16 Gary Benson [EMAIL PROTECTED] * java/security/ProtectionDomain.java (toString): Use Index: java/io/FilePermission.java === RCS file: /cvsroot/classpath/classpath/java/io/FilePermission.java,v retrieving revision 1.19 diff -u -r1.19 FilePermission.java --- java/io/FilePermission.java 2 Jul 2005 20:32:37 - 1.19 +++ java/io/FilePermission.java 16 Nov 2005 15:09:25 - @@ -278,13 +278,13 @@ break; } -if (readPerm ! fp.readPerm) +if (fp.readPerm ! readPerm) return false; -if (writePerm ! fp.writePerm) +if (fp.writePerm ! writePerm) return false; -if (executePerm ! fp.executePerm) +if (fp.executePerm ! executePerm) return false; -if (deletePerm ! fp.deletePerm) +if (fp.deletePerm ! deletePerm) return false; return true; ___ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches