/hg/release/icedtea6-1.6: PR381 Stackoverflow error with Securit...
mjw at icedtea.classpath.org
mjw at icedtea.classpath.org
Tue Sep 1 03:53:49 PDT 2009
changeset b3106a2e4455 in /hg/release/icedtea6-1.6
details: http://icedtea.classpath.org/hg/release/icedtea6-1.6?cmd=changeset;node=b3106a2e4455
author: Mark Wielaard <mjw at redhat.com>
date: Mon Aug 31 07:45:07 2009 +0200
PR381 Stackoverflow error with SecurityManager, signed jar and debug
2009-08-31 Mark Wielaard <mjw at redhat.com> Keith Seitz
<keiths at redhat.com>
* patches/icedtea-use-system-tzdata.patch: Updated to initialize
JAVAZI_DIR once and inside a AccessController.doPrivileged() block.
* patches/icedtea-timezone-default-permission.patch: New patch.
* overlays/openjdk/jdk/test/java/util/TimeZone/
(TimeZoneDatePermissionCheck.java, TimeZoneDatePermissionCheck.sh):
New test.
* Makefile.am: Add new patch.
* HACKING: Describe new patch.
diffstat:
7 files changed, 184 insertions(+), 34 deletions(-)
ChangeLog | 13 +
HACKING | 8 -
Makefile.am | 1
overlays/openjdk/jdk/test/java/util/TimeZone/TimeZoneDatePermissionCheck.java | 40 +++++
overlays/openjdk/jdk/test/java/util/TimeZone/TimeZoneDatePermissionCheck.sh | 61 ++++++++
patches/icedtea-timezone-default-permission.patch | 23 +++
patches/icedtea-use-system-tzdata.patch | 72 +++++-----
diffs (273 lines):
diff -r 64057113c917 -r b3106a2e4455 ChangeLog
--- a/ChangeLog Thu Aug 27 17:43:31 2009 +0200
+++ b/ChangeLog Mon Aug 31 07:45:07 2009 +0200
@@ -1,3 +1,16 @@ 2009-08-27 Kees Cook <kees at canonical.co
+2009-08-31 Mark Wielaard <mjw at redhat.com>
+ Keith Seitz <keiths at redhat.com>
+
+ PR381 Stackoverflow error with SecurityManager, signed jar and debug
+ * patches/icedtea-use-system-tzdata.patch: Updated to initialize
+ JAVAZI_DIR once and inside a AccessController.doPrivileged() block.
+ * patches/icedtea-timezone-default-permission.patch: New patch.
+ * overlays/openjdk/jdk/test/java/util/TimeZone/
+ (TimeZoneDatePermissionCheck.java, TimeZoneDatePermissionCheck.sh):
+ New test.
+ * Makefile.am: Add new patch.
+ * HACKING: Describe new patch.
+
2009-08-27 Kees Cook <kees at canonical.com>
* patches/openjdk/oj100103-debugger-socket-overflow.patch: New.
diff -r 64057113c917 -r b3106a2e4455 HACKING
--- a/HACKING Thu Aug 27 17:43:31 2009 +0200
+++ b/HACKING Mon Aug 31 07:45:07 2009 +0200
@@ -114,8 +114,12 @@ The following patches are only applied t
* icedtea-lucene-crash.patch: Fix lucene bad code generation bug #6707044.
* icedtea-6700047-loopopts.patch: Fix partial peeling issue, bug #6700047.
* icedtea-6712835-ifnode.patch: Fix infinite loop in PhaseIterGVN::transform.
-* icedtea-timezone.patch : Makes java only look for time zone information in /etc/sysconfig/clock if /etc/localtime is not found (fix
- for rh-489586)
+* icedtea-timezone.patch : Makes java only look for time zone information in
+ /etc/sysconfig/clock if /etc/localtime is not found (fix for rh-489586)
+* icedtea-timezone-default-permission.patch: Partial fix for PR381
+ (in combination with icedtea-use-system-tzdata.patch) security check
+ debug printing overflow. Also in openjdk7 b22, but apparently lost
+ since b22 was from "before hg".
* icedtea-dnd-filelists.patch: Fix drag and drop behaviour when dragging a file list between JVMs (S5079469). Backported from OpenJDK.
* icedtea-signed-types-hot6.patch: Make use of unsigned/signed types explicit.
* openjdk/6648816.patch: Backport of regression (NPE) fix in AccessControlContext
diff -r 64057113c917 -r b3106a2e4455 Makefile.am
--- a/Makefile.am Thu Aug 27 17:43:31 2009 +0200
+++ b/Makefile.am Mon Aug 31 07:45:07 2009 +0200
@@ -536,6 +536,7 @@ ICEDTEA_PATCHES = \
patches/icedtea-rmi_amd64.patch \
patches/icedtea-tools.patch \
patches/icedtea-timezone.patch \
+ patches/icedtea-timezone-default-permission.patch \
patches/icedtea-use-system-tzdata.patch \
patches/icedtea-headers.patch \
patches/hotspot/$(HSBUILD)/icedtea-headers.patch \
diff -r 64057113c917 -r b3106a2e4455 overlays/openjdk/jdk/test/java/util/TimeZone/TimeZoneDatePermissionCheck.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/overlays/openjdk/jdk/test/java/util/TimeZone/TimeZoneDatePermissionCheck.java Mon Aug 31 07:45:07 2009 +0200
@@ -0,0 +1,40 @@
+/* Testcase for PR381 Stackoverflow error with security manager, signed jars
+ and -Djava.security.debug set.
+
+Copyright (c) 2009, Red Hat Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+*/
+
+
+import java.util.Date;
+
+/**
+ * Test class. Create a test keystore and dummy cert, create a jar file to
+ * sign with the test class in it. Sign it run it with the security manager
+ * on, plus accesscontroller debugging, will go into infinite recursion
+ * trying to get enough permissions for printing Date of failing
+ * certificate, unless fix is applied.
+ */
+public class TimeZoneDatePermissionCheck
+{
+ public static void main(String[] args)
+ {
+ System.out.println(new Date());
+ }
+}
diff -r 64057113c917 -r b3106a2e4455 overlays/openjdk/jdk/test/java/util/TimeZone/TimeZoneDatePermissionCheck.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/overlays/openjdk/jdk/test/java/util/TimeZone/TimeZoneDatePermissionCheck.sh Mon Aug 31 07:45:07 2009 +0200
@@ -0,0 +1,61 @@
+# Testcase for PR381 Stackoverflow error with security manager, signed jars
+# and -Djava.security.debug set.
+#
+# Copyright (c) 2009, Red Hat Inc.
+#
+# This file is part of IcedTea.
+#
+# IcedTea is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# IcedTea is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with IcedTea; see the file COPYING. If not, write to the
+# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA.
+
+# @test
+# @bug 0000381
+# @summary Stackoverflow error with security manager, signed jars and debug.
+# @build TimeZoneDatePermissionCheck
+# @run shell TimeZoneDatePermissionCheck.sh
+
+# Set default if not run under jtreg from test dir itself
+if [ "${TESTCLASSES}" = "" ] ; then
+ TESTCLASSES="."
+fi
+if [ "${TESTJAVA}" = "" ] ; then
+ TESTJAVA=/usr
+fi
+
+# create a test keystore and dummy cert
+rm -f ${TESTCLASSES}/timezonedatetest.store
+${TESTJAVA}/bin/keytool -genkeypair -alias testcert \
+ -keystore ${TESTCLASSES}/timezonedatetest.store \
+ -storepass testpass -validity 360 \
+ -dname "cn=Mark Wildebeest, ou=FreeSoft, o=Red Hat, c=NL" \
+ -keypass testpass
+
+# create a jar file to sign with the test class in it.
+rm -f ${TESTCLASSES}/timezonedatetest.jar
+${TESTJAVA}/bin/jar cf \
+ ${TESTCLASSES}/timezonedatetest.jar \
+ -C ${TESTCLASSES} TimeZoneDatePermissionCheck.class
+
+# sign it
+${TESTJAVA}/bin/jarsigner \
+ -keystore ${TESTCLASSES}/timezonedatetest.store \
+ -storepass testpass ${TESTCLASSES}/timezonedatetest.jar testcert
+
+# run it with the security manager on, plus accesscontroller debugging
+# will go into infinite recursion trying to get enough permissions for
+# printing Date of failing certificate unless fix is applied.
+${TESTJAVA}/bin/java -Djava.security.manager \
+ -Djava.security.debug=access,failure,policy \
+ -cp ${TESTCLASSES}/timezonedatetest.jar TimeZoneDatePermissionCheck
diff -r 64057113c917 -r b3106a2e4455 patches/icedtea-timezone-default-permission.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-timezone-default-permission.patch Mon Aug 31 07:45:07 2009 +0200
@@ -0,0 +1,23 @@
+--- openjdk7/jdk/src/share/classes/java/util/TimeZone.java 2009-08-04 18:54:13.026104895 +0200
++++ openjdk/jdk/src/share/classes/java/util/TimeZone.java 2009-08-04 18:53:09.035985858 +0200
+@@ -602,11 +602,7 @@
+ }
+ });
+
+- if (hasPermission()) {
+- defaultTimeZone = tz;
+- } else {
+- defaultZoneTL.set(tz);
+- }
++ defaultTimeZone = tz;
+ return tz;
+ }
+
+@@ -637,6 +633,7 @@
+ if (hasPermission()) {
+ synchronized (TimeZone.class) {
+ defaultTimeZone = zone;
++ defaultZoneTL.set(null);
+ }
+ } else {
+ defaultZoneTL.set(zone);
diff -r 64057113c917 -r b3106a2e4455 patches/icedtea-use-system-tzdata.patch
--- a/patches/icedtea-use-system-tzdata.patch Thu Aug 27 17:43:31 2009 +0200
+++ b/patches/icedtea-use-system-tzdata.patch Mon Aug 31 07:45:07 2009 +0200
@@ -1,14 +1,34 @@
---- ../openjdkb23/openjdk/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java 2007-10-30 04:38:28.000000000 -0400
-+++ openjdk/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java 2007-11-13 13:16:52.000000000 -0500
-@@ -28,6 +28,7 @@
- import java.io.File;
- import java.io.FileInputStream;
- import java.io.FileNotFoundException;
-+import java.security.AccessControlException;
- import java.io.IOException;
- import java.lang.ref.SoftReference;
- import java.security.AccessController;
-@@ -1021,11 +1022,29 @@
+--- openjdk6.orig/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java Sat Mar 15 13:43:05 2008 -0400
++++ openjdk/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java Fri Aug 21 11:34:56 2009 +0200
+@@ -465,6 +465,27 @@
+ */
+ public static final byte TAG_TZDataVersion = 68;
+
++ // Cached location of the TZDATA files
++ private static final String JAVAZI_DIR = setup_JAVAZI_DIR();
++
++ private static String setup_JAVAZI_DIR() {
++ try {
++ final String dir = AccessController.doPrivileged
++ (new sun.security.action.GetPropertyAction("user.zoneinfo.dir"));
++ return AccessController.doPrivileged
++ (new PrivilegedExceptionAction<String>() {
++ public String run() {
++ File f = new File(dir, "ZoneInfoMappings");
++ if (f.exists())
++ return dir;
++ return null;
++ }
++ });
++ } catch (PrivilegedActionException e) {
++ return null;
++ }
++ }
++
+ /**
+ * Excluded zones item tag. (Added in Mustang)
+ */
+@@ -1021,11 +1042,17 @@
byte[] buffer = null;
try {
@@ -17,29 +37,17 @@
- final String fname = homeDir + File.separator + "lib" + File.separator
- + "zi" + File.separator + fileName;
- buffer = (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction() {
-+ String zi_dir = (String) AccessController.doPrivileged(new sun.security.action.GetPropertyAction("user.zoneinfo.dir"));
-+ File dir = null;
-+ if (zi_dir != null)
-+ dir = new File(zi_dir);
+
-+ // Some minimal sanity checking
-+ if (dir != null) {
-+ try {
-+ File f = new File(dir, "ZoneInfoMappings");
-+ if (!f.exists())
-+ dir = null;
-+ } catch (AccessControlException ace) {
-+ dir = null;
-+ }
-+ }
++ String zi_dir = JAVAZI_DIR;
++ if (zi_dir == null) {
++ // Fall back to JDK-supplied tzdata
++ String homeDir = (String) AccessController.doPrivileged(new sun.security.action.GetPropertyAction("java.home"));
++ zi_dir = homeDir + File.separator + "lib" + File.separator
++ + "zi";
++ }
+
-+ if (dir == null) {
-+ String homeDir = (String) AccessController.doPrivileged(new sun.security.action.GetPropertyAction("java.home"));
-+ zi_dir = homeDir + File.separator + "lib" + File.separator
-+ + "zi";
-+ }
-+ final String fname = zi_dir + File.separator + fileName;
-+ buffer = (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction() {
++ final String fname = zi_dir + File.separator + fileName;
++ buffer = (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws IOException {
File file = new File(fname);
if (!file.canRead()) {
More information about the distro-pkg-dev
mailing list