RFR [13] 8225060: java.net.DefaultInterface invokes NetworkInterface::getInetAddresses without doPriv
Alan Bateman
Alan.Bateman at oracle.com
Thu May 30 15:57:12 UTC 2019
This looks okay. Hopefully we can get rid of this code as part of the
fix for 8216417.
-Alan
On 30/05/2019 15:54, Chris Hegarty wrote:
> The test for 8224730 [1] exposes an issue in the macOS package-private
> java.net.DefaultInterface - NetworkInterface::getInetAddresses is
> invoked without a doPriv. DefaultInterface is loaded by
> NetworkInterface's static initializer.
>
> Example stacktrace, as seen from java/net/ServerSocket/TestLocalAddress.java:
>
> ...
> at java.base/java.net.NetworkInterface.getCheckedInetAddresses(NetworkInterface.java:155)
> at java.base/java.net.NetworkInterface.getInetAddresses(NetworkInterface.java:117)
> at java.base/java.net.DefaultInterface.chooseDefaultInterface(DefaultInterface.java:85)
> at java.base/java.net.DefaultInterface.<clinit>(DefaultInterface.java:46)
> at java.base/java.net.NetworkInterface.<clinit>(NetworkInterface.java:69)
> at java.base/java.net.Inet6AddressImpl.loopbackAddress(Inet6AddressImpl.java:126)
> at java.base/java.net.InetAddress.getLoopbackAddress(InetAddress.java:1363)
> at java.base/sun.nio.ch.Net.getLoopbackAddress(Net.java:229)
> at java.base/sun.nio.ch.Net.getRevealedLocalAddress(Net.java:218)
> at java.base/sun.nio.ch.ServerSocketAdaptor.getInetAddress(ServerSocketAdaptor.java:92)
> at java.base/java.net.ServerSocket.getLocalSocketAddress(ServerSocket.java:460)
> ...
>
>
> The fix is to add the missing doPriv:
>
> diff --git a/src/java.base/macosx/classes/java/net/DefaultInterface.java b/src/java.base/macosx/classes/java/net/DefaultInterface.java
> --- a/src/java.base/macosx/classes/java/net/DefaultInterface.java
> +++ b/src/java.base/macosx/classes/java/net/DefaultInterface.java
> @@ -1,12 +1,12 @@
> /*
> - * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
> + * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> * under the terms of the GNU General Public License version 2 only, as
> * published by the Free Software Foundation. Oracle designates this
> * particular file as subject to the "Classpath" exception as provided
> * by Oracle in the LICENSE file that accompanied this code.
> *
> * This code is distributed in the hope that it will be useful, but WITHOUT
> * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> @@ -30,20 +30,22 @@
> * outgoing IPv6 traffic that does not specify a scope_id (and which needs one).
> * We choose the first interface that is up and is (in order of preference):
> * 1. neither loopback nor point to point
> * 2. point to point
> * 3. loopback
> * 4. none.
> * Platforms that do not require a default interface implement a dummy
> * that returns null.
> */
>
> +import java.security.AccessController;
> +import java.security.PrivilegedAction;
> import java.util.Enumeration;
> import java.io.IOException;
>
> class DefaultInterface {
>
> private static final NetworkInterface defaultInterface =
> chooseDefaultInterface();
>
> static NetworkInterface getDefault() {
> return defaultInterface;
> @@ -75,21 +77,22 @@
> NetworkInterface ppp = null;
> NetworkInterface loopback = null;
>
> while (nifs.hasMoreElements()) {
> NetworkInterface ni = nifs.nextElement();
> try {
> if (!ni.isUp() || !ni.supportsMulticast())
> continue;
>
> boolean ip4 = false, ip6 = false;
> - Enumeration<InetAddress> addrs = ni.getInetAddresses();
> + PrivilegedAction<Enumeration<InetAddress>> pa = ni::getInetAddresses;
> + Enumeration<InetAddress> addrs = AccessController.doPrivileged(pa);
> while (addrs.hasMoreElements()) {
> InetAddress addr = addrs.nextElement();
> if (!addr.isAnyLocalAddress()) {
> if (addr instanceof Inet4Address) {
> ip4 = true;
> } else if (addr instanceof Inet6Address) {
> ip6 = true;
> }
> }
> }
>
> -Chris.
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8224730
>
More information about the net-dev
mailing list