RFR [13] 8225060: java.net.DefaultInterface invokes NetworkInterface::getInetAddresses without doPriv

Chris Hegarty chris.hegarty at oracle.com
Thu May 30 14:54:15 UTC 2019


The test for 8224730 [1] exposes an issue in the macOS package-private
java.net.DefaultInterface - NetworkInterface::getInetAddresses is
invoked without a doPriv. DefaultInterface is loaded by
NetworkInterface's static initializer.

Example stacktrace, as seen from java/net/ServerSocket/TestLocalAddress.java:

    ...
    at java.base/java.net.NetworkInterface.getCheckedInetAddresses(NetworkInterface.java:155)
    at java.base/java.net.NetworkInterface.getInetAddresses(NetworkInterface.java:117)
    at java.base/java.net.DefaultInterface.chooseDefaultInterface(DefaultInterface.java:85)
    at java.base/java.net.DefaultInterface.<clinit>(DefaultInterface.java:46)
    at java.base/java.net.NetworkInterface.<clinit>(NetworkInterface.java:69)
    at java.base/java.net.Inet6AddressImpl.loopbackAddress(Inet6AddressImpl.java:126)
    at java.base/java.net.InetAddress.getLoopbackAddress(InetAddress.java:1363)
    at java.base/sun.nio.ch.Net.getLoopbackAddress(Net.java:229)
    at java.base/sun.nio.ch.Net.getRevealedLocalAddress(Net.java:218)
    at java.base/sun.nio.ch.ServerSocketAdaptor.getInetAddress(ServerSocketAdaptor.java:92)
    at java.base/java.net.ServerSocket.getLocalSocketAddress(ServerSocket.java:460)
    ...


The fix is to add the missing doPriv:

diff --git a/src/java.base/macosx/classes/java/net/DefaultInterface.java b/src/java.base/macosx/classes/java/net/DefaultInterface.java
--- a/src/java.base/macosx/classes/java/net/DefaultInterface.java
+++ b/src/java.base/macosx/classes/java/net/DefaultInterface.java
@@ -1,12 +1,12 @@
 /*
- * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this
  * particular file as subject to the "Classpath" exception as provided
  * by Oracle in the LICENSE file that accompanied this code.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
@@ -30,20 +30,22 @@
  * outgoing IPv6 traffic that does not specify a scope_id (and which needs one).
  * We choose the first interface that is up and is (in order of preference):
  * 1. neither loopback nor point to point
  * 2. point to point
  * 3. loopback
  * 4. none.
  * Platforms that do not require a default interface implement a dummy
  * that returns null.
  */

+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Enumeration;
 import java.io.IOException;

 class DefaultInterface {

     private static final NetworkInterface defaultInterface =
         chooseDefaultInterface();

     static NetworkInterface getDefault() {
         return defaultInterface;
@@ -75,21 +77,22 @@
         NetworkInterface ppp = null;
         NetworkInterface loopback = null;

         while (nifs.hasMoreElements()) {
             NetworkInterface ni = nifs.nextElement();
             try {
                 if (!ni.isUp() || !ni.supportsMulticast())
                     continue;

                 boolean ip4 = false, ip6 = false;
-                Enumeration<InetAddress> addrs = ni.getInetAddresses();
+                PrivilegedAction<Enumeration<InetAddress>> pa = ni::getInetAddresses;
+                Enumeration<InetAddress> addrs = AccessController.doPrivileged(pa);
                 while (addrs.hasMoreElements()) {
                     InetAddress addr = addrs.nextElement();
                     if (!addr.isAnyLocalAddress()) {
                         if (addr instanceof Inet4Address) {
                             ip4 = true;
                         } else if (addr instanceof Inet6Address) {
                             ip6 = true;
                         }
                     }
                 }

-Chris.

[1] https://bugs.openjdk.java.net/browse/JDK-8224730



More information about the net-dev mailing list