RFR [13] 8225060: java.net.DefaultInterface invokes NetworkInterface::getInetAddresses without doPriv

Alan Bateman Alan.Bateman at oracle.com
Thu May 30 15:57:12 UTC 2019


This looks okay. Hopefully we can get rid of this code as part of the 
fix for 8216417.

-Alan

On 30/05/2019 15:54, Chris Hegarty wrote:
> The test for 8224730 [1] exposes an issue in the macOS package-private
> java.net.DefaultInterface - NetworkInterface::getInetAddresses is
> invoked without a doPriv. DefaultInterface is loaded by
> NetworkInterface's static initializer.
>
> Example stacktrace, as seen from java/net/ServerSocket/TestLocalAddress.java:
>
>      ...
>      at java.base/java.net.NetworkInterface.getCheckedInetAddresses(NetworkInterface.java:155)
>      at java.base/java.net.NetworkInterface.getInetAddresses(NetworkInterface.java:117)
>      at java.base/java.net.DefaultInterface.chooseDefaultInterface(DefaultInterface.java:85)
>      at java.base/java.net.DefaultInterface.<clinit>(DefaultInterface.java:46)
>      at java.base/java.net.NetworkInterface.<clinit>(NetworkInterface.java:69)
>      at java.base/java.net.Inet6AddressImpl.loopbackAddress(Inet6AddressImpl.java:126)
>      at java.base/java.net.InetAddress.getLoopbackAddress(InetAddress.java:1363)
>      at java.base/sun.nio.ch.Net.getLoopbackAddress(Net.java:229)
>      at java.base/sun.nio.ch.Net.getRevealedLocalAddress(Net.java:218)
>      at java.base/sun.nio.ch.ServerSocketAdaptor.getInetAddress(ServerSocketAdaptor.java:92)
>      at java.base/java.net.ServerSocket.getLocalSocketAddress(ServerSocket.java:460)
>      ...
>
>
> The fix is to add the missing doPriv:
>
> diff --git a/src/java.base/macosx/classes/java/net/DefaultInterface.java b/src/java.base/macosx/classes/java/net/DefaultInterface.java
> --- a/src/java.base/macosx/classes/java/net/DefaultInterface.java
> +++ b/src/java.base/macosx/classes/java/net/DefaultInterface.java
> @@ -1,12 +1,12 @@
>   /*
> - * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
> + * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
>    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>    *
>    * This code is free software; you can redistribute it and/or modify it
>    * under the terms of the GNU General Public License version 2 only, as
>    * published by the Free Software Foundation.  Oracle designates this
>    * particular file as subject to the "Classpath" exception as provided
>    * by Oracle in the LICENSE file that accompanied this code.
>    *
>    * This code is distributed in the hope that it will be useful, but WITHOUT
>    * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> @@ -30,20 +30,22 @@
>    * outgoing IPv6 traffic that does not specify a scope_id (and which needs one).
>    * We choose the first interface that is up and is (in order of preference):
>    * 1. neither loopback nor point to point
>    * 2. point to point
>    * 3. loopback
>    * 4. none.
>    * Platforms that do not require a default interface implement a dummy
>    * that returns null.
>    */
>
> +import java.security.AccessController;
> +import java.security.PrivilegedAction;
>   import java.util.Enumeration;
>   import java.io.IOException;
>
>   class DefaultInterface {
>
>       private static final NetworkInterface defaultInterface =
>           chooseDefaultInterface();
>
>       static NetworkInterface getDefault() {
>           return defaultInterface;
> @@ -75,21 +77,22 @@
>           NetworkInterface ppp = null;
>           NetworkInterface loopback = null;
>
>           while (nifs.hasMoreElements()) {
>               NetworkInterface ni = nifs.nextElement();
>               try {
>                   if (!ni.isUp() || !ni.supportsMulticast())
>                       continue;
>
>                   boolean ip4 = false, ip6 = false;
> -                Enumeration<InetAddress> addrs = ni.getInetAddresses();
> +                PrivilegedAction<Enumeration<InetAddress>> pa = ni::getInetAddresses;
> +                Enumeration<InetAddress> addrs = AccessController.doPrivileged(pa);
>                   while (addrs.hasMoreElements()) {
>                       InetAddress addr = addrs.nextElement();
>                       if (!addr.isAnyLocalAddress()) {
>                           if (addr instanceof Inet4Address) {
>                               ip4 = true;
>                           } else if (addr instanceof Inet6Address) {
>                               ip6 = true;
>                           }
>                       }
>                   }
>
> -Chris.
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8224730
>



More information about the net-dev mailing list