RFR 8150679: closed/javax/crypto/CryptoPermission/CallerIdentification.sh fails after fix for JDK-8132734 - core-libs-dev - openjdk.org

newer
RFR:JDK-8032051:"ZonedDateTime"...

RFR 8150679: closed/javax/crypto/CryptoPermission/CallerIdentification.sh fails after fix for JDK-8132734

older
RFR: Regex exponential...

Steve Drach

2 Mar 2016 2 Mar '16

7:12 p.m.

Please review the following fix for JDK-8150679 webrev: http://cr.openjdk.java.net/~sdrach/8150679/webrev/ <http://cr.openjdk.java.net/~sdrach/8150679/webrev/> issue: https://bugs.openjdk.java.net/browse/JDK-8150679 <https://bugs.openjdk.java.net/browse/JDK-8150679> The test was modified to demonstrate the problem.

Show replies by date

Paul Sandoz

3 Mar 3 Mar

11:26 a.m.

On 2 Mar 2016, at 20:12, Steve Drach <steve.drach@oracle.com> wrote:

Please review the following fix for JDK-8150679

webrev: http://cr.openjdk.java.net/~sdrach/8150679/webrev/ <http://cr.openjdk.java.net/~sdrach/8150679/webrev/> issue: https://bugs.openjdk.java.net/browse/JDK-8150679 <https://bugs.openjdk.java.net/browse/JDK-8150679>

The test was modified to demonstrate the problem.

You are essentially bombing out of MR-JAR functionality if the JarEntry is not an instance of JarFileEntry. That might be ok for a short-term solution, but it might require some further deeper investigation on things that extend JarEntry and how it is is used by VerifierStream [*]. JarFile: 895 private JarEntry verifiableEntry(ZipEntry ze) { 896 if (ze == null) return null; You don’t need this. The code will anyway throw an NPE elsewhere, and the original code threw an NPE when obtaining the name: return new JarVerifier.VerifierStream( getManifestFromReference(), ze instanceof JarFileEntry ? (JarEntry) ze : getJarEntry(ze.getName()), super.getInputStream(ze), jv); 897 if (ze instanceof JarFileEntry) { 898 // assure the name and entry match for verification 899 return ((JarFileEntry)ze).reifiedEntry(); 900 } 901 ze = getJarEntry(ze.getName()); 902 assert ze instanceof JarEntry; This assertion is redundant as the method signature of getJarEntry returns JarEntry. 903 if (ze instanceof JarFileEntry) { 904 return ((JarFileEntry)ze).reifiedEntry(); 905 } 906 return (JarEntry)ze; 907 } MultiReleaseJarURLConnection — Given your changes above i am confused how your test passes for instances of URLJarFileEntry since they cannot be reified. Paul. [*] AFAICT JarVerifier directly accesses the fields JarEntry.signers/certs.

Claes Redestad

3 p.m.

New subject: RFR 8150679: closed/javax/crypto/CryptoPermission/CallerIdentification.sh fails after fix for JDK-8132734

Hi, On 2016-03-03 12:26, Paul Sandoz wrote:

...
On 2 Mar 2016, at 20:12, Steve Drach <steve.drach@oracle.com> wrote:

Please review the following fix for JDK-8150679

webrev: http://cr.openjdk.java.net/~sdrach/8150679/webrev/ <http://cr.openjdk.java.net/~sdrach/8150679/webrev/>

Looks OK to me.

...
issue: https://bugs.openjdk.java.net/browse/JDK-8150679 <https://bugs.openjdk.java.net/browse/JDK-8150679>

The test was modified to demonstrate the problem. You are essentially bombing out of MR-JAR functionality if the JarEntry is not an instance of JarFileEntry. That might be ok for a short-term solution, but it might require some further deeper investigation on things that extend JarEntry and how it is is used by VerifierStream [*].

I agree with Paul that this needs deeper investigation as a follow-up, but would like to stress that this fix addresses numerous things that is breaking in 9-b108, including many benchmarks. With a number of critical integrations planned in the next couple of weeks I think we need to fast-track a promotion with this fix before that happens so that we can provide reasonable testing. Thanks! /Claes

Steve Drach

5:20 p.m.

On Mar 3, 2016, at 3:26 AM, Paul Sandoz <paul.sandoz@oracle.com> wrote:

...
On 2 Mar 2016, at 20:12, Steve Drach <steve.drach@oracle.com> wrote:

Please review the following fix for JDK-8150679

webrev: http://cr.openjdk.java.net/~sdrach/8150679/webrev/ <http://cr.openjdk.java.net/~sdrach/8150679/webrev/> issue: https://bugs.openjdk.java.net/browse/JDK-8150679 <https://bugs.openjdk.java.net/browse/JDK-8150679>

The test was modified to demonstrate the problem.

You are essentially bombing out of MR-JAR functionality if the JarEntry is not an instance of JarFileEntry.

If it’s not a JarFileEntry, none of the MR functionality has been invoked.

That might be ok for a short-term solution, but it might require some further deeper investigation on things that extend JarEntry and how it is is used by VerifierStream [*].

JarFile:

895 private JarEntry verifiableEntry(ZipEntry ze) { 896 if (ze == null) return null;

You don’t need this. The code will anyway throw an NPE elsewhere, and the original code threw an NPE when obtaining the name:

Ok. I’ll take this out. Feels a bit uncomfortable though.

return new JarVerifier.VerifierStream( getManifestFromReference(), ze instanceof JarFileEntry ? (JarEntry) ze : getJarEntry(ze.getName()), super.getInputStream(ze), jv);

897 if (ze instanceof JarFileEntry) { 898 // assure the name and entry match for verification 899 return ((JarFileEntry)ze).reifiedEntry(); 900 } 901 ze = getJarEntry(ze.getName()); 902 assert ze instanceof JarEntry;

This assertion is redundant as the method signature of getJarEntry returns JarEntry.

I know it’s redundant. It was a statement of fact. but the method signature does the same thing.

903 if (ze instanceof JarFileEntry) { 904 return ((JarFileEntry)ze).reifiedEntry(); 905 } 906 return (JarEntry)ze; 907 }

MultiReleaseJarURLConnection —

Given your changes above i am confused how your test passes for instances of URLJarFileEntry since they cannot be reified.

I suspect that it works for regular jar files but not for MR jar files. That’s another bug in URLJarFile — it gets a versioned entry that can’t be verified. I mentioned this yesterday. I’ll write a test and if warranted submit a bug on this.

Paul.

[*] AFAICT JarVerifier directly accesses the fields JarEntry.signers/certs.

Yes, but the overriden fields are the ones of interest.

Dave Brosius

6:26 p.m.

New subject: Match.appendReplacement with StringBuilder

Greetings, It would be nice if java.util.regex.Matcher had a replacement for Matcher appendReplacement(StringBuffer sb, String replacement) StringBuffer appendTail(StringBuffer sb) That took StringBuilder.

Xueming Shen

6:45 p.m.

New subject: Match.appendReplacement with StringBuilder

On 3/3/16, 10:26 AM, Dave Brosius wrote:

Greetings,

It would be nice if java.util.regex.Matcher had a replacement for

Matcher appendReplacement(StringBuffer sb, String replacement) StringBuffer appendTail(StringBuffer sb)

That took StringBuilder.

we have added that in 9, right?

Jeremy Manson

4 Mar 4 Mar

7:11 a.m.

New subject: Match.appendReplacement with StringBuilder

https://bugs.openjdk.java.net/browse/JDK-8039124 (Just diving in because I was surprised to see a FR for one of the things I thought we had contributed: I was afraid it hadn't managed to get in! Fortunately, I was wrong!) Jeremy On Thu, Mar 3, 2016 at 10:45 AM, Xueming Shen <xueming.shen@oracle.com> wrote:

On 3/3/16, 10:26 AM, Dave Brosius wrote:

...
Greetings,

It would be nice if java.util.regex.Matcher had a replacement for

Matcher appendReplacement(StringBuffer sb, String replacement) StringBuffer appendTail(StringBuffer sb)

That took StringBuilder.

we have added that in 9, right?

3657

Age (days ago)

3659

Last active (days ago)

Download

6 comments

6 participants

tags

participants (6)

Claes Redestad
Dave Brosius
Jeremy Manson
Paul Sandoz
Steve Drach
Xueming Shen