Security fixes in b19 - Re: hg: jdk6/jdk6/jdk: 23 new changesets
Joe Darcy
joe.darcy at oracle.com
Tue Apr 6 17:13:18 PDT 2010
Sean,
Please have a look at this fix proposed by Andrew to address a crash in
rmid in OpenJDK 6. Looking at the changes to SharedSecrets, your fix
for 6633872 "Policy/PolicyFile leak dynamic ProtectionDomains." when
applied to OpenJDK 6 looks like the proximal cause of the crash.
Thanks,
-Joe
On 04/06/10 01:34 PM, Andrew John Hughes wrote:
> On 6 April 2010 18:08, Joe Darcy <joe.darcy at oracle.com> wrote:
>
>> Andrew John Hughes wrote:
>>
>>> On 6 April 2010 17:34, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>
>>>
>>>> Andrew John Hughes wrote:
>>>>
>>>>
>>>>> On 31 March 2010 00:52, Andrew John Hughes <ahughes at redhat.com> wrote:
>>>>>
>>>>>
>>>>>
>>>>>> On 31 March 2010 00:46, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> The latest round of security fixes are now in the OpenJDK 6 master
>>>>>>> repositories.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> And IcedTea6 1.6, 1.7, 1.8, HEAD and IcedTea7 :-)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> Joe, where are the fixes for the HotSpot tree? See top of
>>>>> http://hg.openjdk.java.net/icedtea/jdk7/hotspot
>>>>>
>>>>>
>>>>>
>>>>>
>>>> This time around, all the security fixes were in the jdk repository.
>>>>
>>>> -Joe
>>>>
>>>>
>>>>
>>> Err... no they weren't...
>>>
>>> 6626217: Loader-constraint table allows arrays instead of only the
>>> base-classes (CVE-2010-0082)
>>> 6892265: System.arraycopy unable to reference elements beyond
>>> Integer.MAX_VALUE bytes (CVE-2010-0093)
>>> 6894807: No ClassCastException for HashAttributeSet constructors if
>>> run with -Xcomp (CVE-2010-0845)
>>>
>>> and
>>>
>>> 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
>>>
>>> due to a breakage caused by one of the above.
>>>
>>>
>> Hmm, let me check into that...
>>
>> -Joe
>>
>>
>
> There's also a fix missing that we had to apply locally in IcedTea6.
> With current OpenJDK6 hg, rmid crashes:
>
> $ /home/andrew/build/icedtea6-hg/bin/rmid
> Activation.main: an exception occurred: java.lang.NullPointerException
> java.lang.NullPointerException
> at sun.security.provider.PolicyFile$PolicyInfo.<init>(PolicyFile.java:2491)
> at sun.security.provider.PolicyFile.init(PolicyFile.java:468)
> at sun.security.provider.PolicyFile.<init>(PolicyFile.java:327)
> at java.security.Policy.getPolicyNoCheck(Policy.java:189)
> at java.security.Policy.getPolicy(Policy.java:152)
> at sun.rmi.server.Activation$DefaultExecPolicy$1.run(Activation.java:1823)
> at sun.rmi.server.Activation$DefaultExecPolicy$1.run(Activation.java:1821)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.rmi.server.Activation$DefaultExecPolicy.checkConfiguration(Activation.java:1820)
>
> The fix is simple:
>
> diff -r fd831ae629ff src/share/classes/sun/misc/SharedSecrets.java
> --- a/src/share/classes/sun/misc/SharedSecrets.java Tue Apr 06
> 11:57:39 2010 +0100
> +++ b/src/share/classes/sun/misc/SharedSecrets.java Tue Apr 06
> 21:30:03 2010 +0100
> @@ -29,6 +29,7 @@
> import java.io.Console;
> import java.io.File;
> import java.io.FileDescriptor;
> +import java.security.ProtectionDomain;
>
> /** A repository of "shared secrets", which are a mechanism for
> calling implementation-private methods in another package without
> @@ -118,6 +119,9 @@
>
> public static JavaSecurityProtectionDomainAccess
> getJavaSecurityProtectionDomainAccess() {
> - return javaSecurityProtectionDomainAccess;
> + if (javaSecurityProtectionDomainAccess == null)
> + unsafe.ensureClassInitialized(ProtectionDomain.class);
> +
> + return javaSecurityProtectionDomainAccess;
> }
> }
>
> This ensures the class is initialized, making that SharedSecrets
> accessor like all the others.
>
> Can I have a bug ID to push this?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/jdk6-dev/attachments/20100406/390994f7/attachment-0001.html
More information about the jdk6-dev
mailing list