Security fixes in b19 - Re: hg: jdk6/jdk6/jdk: 23 new changesets

Andrew John Hughes ahughes at redhat.com
Wed Apr 7 09:16:59 PDT 2010 

On 7 April 2010 13:32, Sean Mullan <sean.mullan at oracle.com> wrote:
> Joe Darcy wrote:
>>
>> Sean,
>>
>> Please have a look at this fix proposed by Andrew to address a crash in
>> rmid in OpenJDK 6.  Looking at the changes to SharedSecrets, your fix for
>> 6633872 "Policy/PolicyFile leak dynamic ProtectionDomains." when applied to
>> OpenJDK 6 looks like the proximal cause of the crash.
>>
>> Thanks,
>
> Hmm. This bug was fixed already in our JDK releases but hasn't been
> integrated into 6-open yet. See
> http://bugs.sun.com/view_bug.do?bug_id=6909281
>
> You won't be able to see much of the details because the comments section is
> non-public.
>
> I'll add a release for 6-open. You can go ahead and push the fix.
>
> The diffs look good. It is the same fix.
>
> --Sean
>

Thanks Sean.  Pushed: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/7b641a18cf0b

>
>>
>> -Joe
>>
>> On 04/06/10 01:34 PM, Andrew John Hughes wrote:
>>>
>>> On 6 April 2010 18:08, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>
>>>>
>>>> Andrew John Hughes wrote:
>>>>
>>>>>
>>>>> On 6 April 2010 17:34, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>>>
>>>>>
>>>>>>
>>>>>> Andrew John Hughes wrote:
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> On 31 March 2010 00:52, Andrew John Hughes <ahughes at redhat.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> On 31 March 2010 00:46, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>> The latest round of security fixes are now in the OpenJDK 6 master
>>>>>>>>> repositories.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> And IcedTea6 1.6, 1.7, 1.8, HEAD and IcedTea7 :-)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> Joe, where are the fixes for the HotSpot tree?  See top of
>>>>>>> http://hg.openjdk.java.net/icedtea/jdk7/hotspot
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> This time around, all the security fixes were in the jdk repository.
>>>>>>
>>>>>> -Joe
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> Err... no they weren't...
>>>>>
>>>>> 6626217: Loader-constraint table allows arrays instead of only the
>>>>> base-classes (CVE-2010-0082)
>>>>> 6892265: System.arraycopy unable to reference elements beyond
>>>>> Integer.MAX_VALUE bytes (CVE-2010-0093)
>>>>> 6894807: No ClassCastException for HashAttributeSet constructors if
>>>>> run with -Xcomp (CVE-2010-0845)
>>>>>
>>>>> and
>>>>>
>>>>> 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
>>>>>
>>>>> due to a breakage caused by one of the above.
>>>>>
>>>>>
>>>>
>>>> Hmm, let me check into that...
>>>>
>>>> -Joe
>>>>
>>>>
>>>
>>> There's also a fix missing that we had to apply locally in IcedTea6.
>>> With current OpenJDK6 hg, rmid crashes:
>>>
>>> $ /home/andrew/build/icedtea6-hg/bin/rmid
>>> Activation.main: an exception occurred: java.lang.NullPointerException
>>> java.lang.NullPointerException
>>>        at
>>> sun.security.provider.PolicyFile$PolicyInfo.<init>(PolicyFile.java:2491)
>>>        at sun.security.provider.PolicyFile.init(PolicyFile.java:468)
>>>        at sun.security.provider.PolicyFile.<init>(PolicyFile.java:327)
>>>        at java.security.Policy.getPolicyNoCheck(Policy.java:189)
>>>        at java.security.Policy.getPolicy(Policy.java:152)
>>>        at
>>> sun.rmi.server.Activation$DefaultExecPolicy$1.run(Activation.java:1823)
>>>        at
>>> sun.rmi.server.Activation$DefaultExecPolicy$1.run(Activation.java:1821)
>>>        at java.security.AccessController.doPrivileged(Native Method)
>>>        at
>>> sun.rmi.server.Activation$DefaultExecPolicy.checkConfiguration(Activation.java:1820)
>>>
>>> The fix is simple:
>>>
>>> diff -r fd831ae629ff src/share/classes/sun/misc/SharedSecrets.java
>>> --- a/src/share/classes/sun/misc/SharedSecrets.java     Tue Apr 06
>>> 11:57:39 2010 +0100
>>> +++ b/src/share/classes/sun/misc/SharedSecrets.java     Tue Apr 06
>>> 21:30:03 2010 +0100
>>> @@ -29,6 +29,7 @@
>>>  import java.io.Console;
>>>  import java.io.File;
>>>  import java.io.FileDescriptor;
>>> +import java.security.ProtectionDomain;
>>>
>>>  /** A repository of "shared secrets", which are a mechanism for
>>>     calling implementation-private methods in another package without
>>> @@ -118,6 +119,9 @@
>>>
>>>     public static JavaSecurityProtectionDomainAccess
>>>         getJavaSecurityProtectionDomainAccess() {
>>> -            return javaSecurityProtectionDomainAccess;
>>> +        if (javaSecurityProtectionDomainAccess == null)
>>> +            unsafe.ensureClassInitialized(ProtectionDomain.class);
>>> +
>>> +        return javaSecurityProtectionDomainAccess;
>>>     }
>>>  }
>>>
>>> This ensures the class is initialized, making that SharedSecrets
>>> accessor like all the others.
>>>
>>> Can I have a bug ID to push this?
>>>
>>
>



-- 
Andrew :-)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net

PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8

More information about the jdk6-dev mailing list