Security fixes in b19 - Re: hg: jdk6/jdk6/jdk: 23 new changesets
Andrew John Hughes
ahughes at redhat.com
Tue Apr 6 13:34:21 PDT 2010
On 6 April 2010 18:08, Joe Darcy <joe.darcy at oracle.com> wrote:
> Andrew John Hughes wrote:
>>
>> On 6 April 2010 17:34, Joe Darcy <joe.darcy at oracle.com> wrote:
>>
>>>
>>> Andrew John Hughes wrote:
>>>
>>>>
>>>> On 31 March 2010 00:52, Andrew John Hughes <ahughes at redhat.com> wrote:
>>>>
>>>>
>>>>>
>>>>> On 31 March 2010 00:46, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>>>
>>>>>
>>>>>>
>>>>>> The latest round of security fixes are now in the OpenJDK 6 master
>>>>>> repositories.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> And IcedTea6 1.6, 1.7, 1.8, HEAD and IcedTea7 :-)
>>>>>
>>>>>
>>>>>
>>>>
>>>> Joe, where are the fixes for the HotSpot tree? See top of
>>>> http://hg.openjdk.java.net/icedtea/jdk7/hotspot
>>>>
>>>>
>>>>
>>>
>>> This time around, all the security fixes were in the jdk repository.
>>>
>>> -Joe
>>>
>>>
>>
>> Err... no they weren't...
>>
>> 6626217: Loader-constraint table allows arrays instead of only the
>> base-classes (CVE-2010-0082)
>> 6892265: System.arraycopy unable to reference elements beyond
>> Integer.MAX_VALUE bytes (CVE-2010-0093)
>> 6894807: No ClassCastException for HashAttributeSet constructors if
>> run with -Xcomp (CVE-2010-0845)
>>
>> and
>>
>> 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
>>
>> due to a breakage caused by one of the above.
>>
>
> Hmm, let me check into that...
>
> -Joe
>
There's also a fix missing that we had to apply locally in IcedTea6.
With current OpenJDK6 hg, rmid crashes:
$ /home/andrew/build/icedtea6-hg/bin/rmid
Activation.main: an exception occurred: java.lang.NullPointerException
java.lang.NullPointerException
at sun.security.provider.PolicyFile$PolicyInfo.<init>(PolicyFile.java:2491)
at sun.security.provider.PolicyFile.init(PolicyFile.java:468)
at sun.security.provider.PolicyFile.<init>(PolicyFile.java:327)
at java.security.Policy.getPolicyNoCheck(Policy.java:189)
at java.security.Policy.getPolicy(Policy.java:152)
at sun.rmi.server.Activation$DefaultExecPolicy$1.run(Activation.java:1823)
at sun.rmi.server.Activation$DefaultExecPolicy$1.run(Activation.java:1821)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.server.Activation$DefaultExecPolicy.checkConfiguration(Activation.java:1820)
The fix is simple:
diff -r fd831ae629ff src/share/classes/sun/misc/SharedSecrets.java
--- a/src/share/classes/sun/misc/SharedSecrets.java Tue Apr 06
11:57:39 2010 +0100
+++ b/src/share/classes/sun/misc/SharedSecrets.java Tue Apr 06
21:30:03 2010 +0100
@@ -29,6 +29,7 @@
import java.io.Console;
import java.io.File;
import java.io.FileDescriptor;
+import java.security.ProtectionDomain;
/** A repository of "shared secrets", which are a mechanism for
calling implementation-private methods in another package without
@@ -118,6 +119,9 @@
public static JavaSecurityProtectionDomainAccess
getJavaSecurityProtectionDomainAccess() {
- return javaSecurityProtectionDomainAccess;
+ if (javaSecurityProtectionDomainAccess == null)
+ unsafe.ensureClassInitialized(ProtectionDomain.class);
+
+ return javaSecurityProtectionDomainAccess;
}
}
This ensures the class is initialized, making that SharedSecrets
accessor like all the others.
Can I have a bug ID to push this?
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the jdk6-dev
mailing list