Security fixes in b19 - Re: hg: jdk6/jdk6/jdk: 23 new changesets

Sean Mullan sean.mullan at oracle.com
Wed Apr 7 06:32:25 PDT 2010 

Joe Darcy wrote:
> Sean,
> 
> Please have a look at this fix proposed by Andrew to address a crash in 
> rmid in OpenJDK 6.  Looking at the changes to SharedSecrets, your fix 
> for 6633872 "Policy/PolicyFile leak dynamic ProtectionDomains." when 
> applied to OpenJDK 6 looks like the proximal cause of the crash.
> 
> Thanks,

Hmm. This bug was fixed already in our JDK releases but hasn't been integrated 
into 6-open yet. See http://bugs.sun.com/view_bug.do?bug_id=6909281

You won't be able to see much of the details because the comments section is 
non-public.

I'll add a release for 6-open. You can go ahead and push the fix.

The diffs look good. It is the same fix.

--Sean


> 
> -Joe
> 
> On 04/06/10 01:34 PM, Andrew John Hughes wrote:
>> On 6 April 2010 18:08, Joe Darcy <joe.darcy at oracle.com> wrote:
>>   
>>> Andrew John Hughes wrote:
>>>     
>>>> On 6 April 2010 17:34, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>>
>>>>       
>>>>> Andrew John Hughes wrote:
>>>>>
>>>>>         
>>>>>> On 31 March 2010 00:52, Andrew John Hughes <ahughes at redhat.com> wrote:
>>>>>>
>>>>>>
>>>>>>           
>>>>>>> On 31 March 2010 00:46, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>>             
>>>>>>>> The latest round of security fixes are now in the OpenJDK 6 master
>>>>>>>> repositories.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>               
>>>>>>> And IcedTea6 1.6, 1.7, 1.8, HEAD and IcedTea7 :-)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>             
>>>>>> Joe, where are the fixes for the HotSpot tree?  See top of
>>>>>> http://hg.openjdk.java.net/icedtea/jdk7/hotspot
>>>>>>
>>>>>>
>>>>>>
>>>>>>           
>>>>> This time around, all the security fixes were in the jdk repository.
>>>>>
>>>>> -Joe
>>>>>
>>>>>
>>>>>         
>>>> Err... no they weren't...
>>>>
>>>> 6626217: Loader-constraint table allows arrays instead of only the
>>>> base-classes (CVE-2010-0082)
>>>> 6892265: System.arraycopy unable to reference elements beyond
>>>> Integer.MAX_VALUE bytes (CVE-2010-0093)
>>>> 6894807: No ClassCastException for HashAttributeSet constructors if
>>>> run with -Xcomp (CVE-2010-0845)
>>>>
>>>> and
>>>>
>>>> 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
>>>>
>>>> due to a breakage caused by one of the above.
>>>>
>>>>       
>>> Hmm, let me check into that...
>>>
>>> -Joe
>>>
>>>     
>>
>> There's also a fix missing that we had to apply locally in IcedTea6.
>> With current OpenJDK6 hg, rmid crashes:
>>
>> $ /home/andrew/build/icedtea6-hg/bin/rmid
>> Activation.main: an exception occurred: java.lang.NullPointerException
>> java.lang.NullPointerException
>> 	at sun.security.provider.PolicyFile$PolicyInfo.<init>(PolicyFile.java:2491)
>> 	at sun.security.provider.PolicyFile.init(PolicyFile.java:468)
>> 	at sun.security.provider.PolicyFile.<init>(PolicyFile.java:327)
>> 	at java.security.Policy.getPolicyNoCheck(Policy.java:189)
>> 	at java.security.Policy.getPolicy(Policy.java:152)
>> 	at sun.rmi.server.Activation$DefaultExecPolicy$1.run(Activation.java:1823)
>> 	at sun.rmi.server.Activation$DefaultExecPolicy$1.run(Activation.java:1821)
>> 	at java.security.AccessController.doPrivileged(Native Method)
>> 	at sun.rmi.server.Activation$DefaultExecPolicy.checkConfiguration(Activation.java:1820)
>>
>> The fix is simple:
>>
>> diff -r fd831ae629ff src/share/classes/sun/misc/SharedSecrets.java
>> --- a/src/share/classes/sun/misc/SharedSecrets.java	Tue Apr 06
>> 11:57:39 2010 +0100
>> +++ b/src/share/classes/sun/misc/SharedSecrets.java	Tue Apr 06
>> 21:30:03 2010 +0100
>> @@ -29,6 +29,7 @@
>>  import java.io.Console;
>>  import java.io.File;
>>  import java.io.FileDescriptor;
>> +import java.security.ProtectionDomain;
>>
>>  /** A repository of "shared secrets", which are a mechanism for
>>      calling implementation-private methods in another package without
>> @@ -118,6 +119,9 @@
>>
>>      public static JavaSecurityProtectionDomainAccess
>>          getJavaSecurityProtectionDomainAccess() {
>> -            return javaSecurityProtectionDomainAccess;
>> +        if (javaSecurityProtectionDomainAccess == null)
>> +            unsafe.ensureClassInitialized(ProtectionDomain.class);
>> +
>> +        return javaSecurityProtectionDomainAccess;
>>      }
>>  }
>>
>> This ensures the class is initialized, making that SharedSecrets
>> accessor like all the others.
>>
>> Can I have a bug ID to push this?
>>   
>

More information about the jdk6-dev mailing list