[cp-patches] FYI: ServerSocket security fixes

Mon, 09 Oct 2006 07:51:50 -0700 

Hi all,

This commit adds some missing security checks to java.net.ServerSocket.
It also adds a check that ensures ServerSocket.setSocketFactory() is
only called once as per the spec.

Cheers,
Gary

Index: ChangeLog
===================================================================
RCS file: /cvsroot/classpath/classpath/ChangeLog,v
retrieving revision 1.8656
diff -u -r1.8656 ChangeLog
--- ChangeLog   9 Oct 2006 13:51:43 -0000       1.8656
+++ ChangeLog   9 Oct 2006 14:03:51 -0000
@@ -1,3 +1,10 @@
+2006-10-09  Gary Benson  <[EMAIL PROTECTED]>
+
+       * java/net/ServerSocket.java
+       (implAccept): Add security check.
+       (accept): Close socket if security check fails.
+       (setSocketFactory): Add security check and already-set check.
+
 2006-10-09  Roman Kennke  <[EMAIL PROTECTED]>
 
        PR 29325
Index: java/net/ServerSocket.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/net/ServerSocket.java,v
retrieving revision 1.48
diff -u -r1.48 ServerSocket.java
--- java/net/ServerSocket.java  24 Sep 2006 15:49:48 -0000      1.48
+++ java/net/ServerSocket.java  9 Oct 2006 14:03:51 -0000
@@ -345,6 +345,19 @@
 
        throw e;
       }
+    catch (SecurityException e)
+      {
+       try
+         {
+           socket.close();
+         }
+       catch (IOException e2)
+         {
+           // Ignore.
+         }
+
+       throw e;
+      }
 
     return socket;
   }
@@ -367,9 +380,6 @@
     if (isClosed())
       throw new SocketException("ServerSocket is closed");
 
-    // FIXME: Add a security check to make sure we're allowed to 
-    // connect to the remote host.
-
     // The Sun spec says that if we have an associated channel and
     // it is in non-blocking mode, we throw an IllegalBlockingModeException.
     // However, in our implementation if the channel itself initiated this
@@ -380,6 +390,11 @@
 
     impl.accept(socket.impl);
     socket.bound = true;
+
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      sm.checkAccept(socket.getInetAddress().getHostAddress(),
+                    socket.getPort());
   }
 
   /**
@@ -603,6 +618,13 @@
   public static synchronized void setSocketFactory(SocketImplFactory fac)
     throws IOException
   {
+    if (factory != null)
+      throw new SocketException("SocketFactory already defined");
+
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      sm.checkSetFactory();
+
     factory = fac;
   }
 }

Reply via email to