RFR [13] 8225060: java.net.DefaultInterface invokes NetworkInterface::getInetAddresses without doPriv
Chris Hegarty
chris.hegarty at oracle.com
Thu May 30 14:54:15 UTC 2019
The test for 8224730 [1] exposes an issue in the macOS package-private
java.net.DefaultInterface - NetworkInterface::getInetAddresses is
invoked without a doPriv. DefaultInterface is loaded by
NetworkInterface's static initializer.
Example stacktrace, as seen from java/net/ServerSocket/TestLocalAddress.java:
...
at java.base/java.net.NetworkInterface.getCheckedInetAddresses(NetworkInterface.java:155)
at java.base/java.net.NetworkInterface.getInetAddresses(NetworkInterface.java:117)
at java.base/java.net.DefaultInterface.chooseDefaultInterface(DefaultInterface.java:85)
at java.base/java.net.DefaultInterface.<clinit>(DefaultInterface.java:46)
at java.base/java.net.NetworkInterface.<clinit>(NetworkInterface.java:69)
at java.base/java.net.Inet6AddressImpl.loopbackAddress(Inet6AddressImpl.java:126)
at java.base/java.net.InetAddress.getLoopbackAddress(InetAddress.java:1363)
at java.base/sun.nio.ch.Net.getLoopbackAddress(Net.java:229)
at java.base/sun.nio.ch.Net.getRevealedLocalAddress(Net.java:218)
at java.base/sun.nio.ch.ServerSocketAdaptor.getInetAddress(ServerSocketAdaptor.java:92)
at java.base/java.net.ServerSocket.getLocalSocketAddress(ServerSocket.java:460)
...
The fix is to add the missing doPriv:
diff --git a/src/java.base/macosx/classes/java/net/DefaultInterface.java b/src/java.base/macosx/classes/java/net/DefaultInterface.java
--- a/src/java.base/macosx/classes/java/net/DefaultInterface.java
+++ b/src/java.base/macosx/classes/java/net/DefaultInterface.java
@@ -1,12 +1,12 @@
/*
- * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
@@ -30,20 +30,22 @@
* outgoing IPv6 traffic that does not specify a scope_id (and which needs one).
* We choose the first interface that is up and is (in order of preference):
* 1. neither loopback nor point to point
* 2. point to point
* 3. loopback
* 4. none.
* Platforms that do not require a default interface implement a dummy
* that returns null.
*/
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.io.IOException;
class DefaultInterface {
private static final NetworkInterface defaultInterface =
chooseDefaultInterface();
static NetworkInterface getDefault() {
return defaultInterface;
@@ -75,21 +77,22 @@
NetworkInterface ppp = null;
NetworkInterface loopback = null;
while (nifs.hasMoreElements()) {
NetworkInterface ni = nifs.nextElement();
try {
if (!ni.isUp() || !ni.supportsMulticast())
continue;
boolean ip4 = false, ip6 = false;
- Enumeration<InetAddress> addrs = ni.getInetAddresses();
+ PrivilegedAction<Enumeration<InetAddress>> pa = ni::getInetAddresses;
+ Enumeration<InetAddress> addrs = AccessController.doPrivileged(pa);
while (addrs.hasMoreElements()) {
InetAddress addr = addrs.nextElement();
if (!addr.isAnyLocalAddress()) {
if (addr instanceof Inet4Address) {
ip4 = true;
} else if (addr instanceof Inet6Address) {
ip6 = true;
}
}
}
-Chris.
[1] https://bugs.openjdk.java.net/browse/JDK-8224730
More information about the net-dev
mailing list