RFR: 8243376 java.net.SocketPermission.implies(Permission p) spec is mismatching with implementation
Michael McMahon
michael.x.mcmahon at oracle.com
Thu May 21 09:20:51 UTC 2020
Hi Jay,
A couple of comments. There are other places in SocketPermission which
assume that the addresses array only contains one element, eg getCanonName()
assumes there is only one such name. The fix would have to account for
the possibility
of multiple canonical names (obtained from DNS reverse lookup).
Also, I think the test shouldn't have a dependency on a particular
global domain
name. It might be better to build a test using the internal files based
name service
which would be guaranteed to always work, and then we could use it to
test some
of these additional things that the fix needs, as I mentioned above.
Regards,
Michael
On 21/05/2020 09:35, Jayashree Sk1 wrote:
> Hello,
>
> Please review the fix and Jtreg testcase to the following issue:
> https://bugs.openjdk.java.net/browse/JDK-8243376
>
> The proposed changeset is hosted at:
> http://cr.openjdk.java.net/~vtewari/8243376/webrev/index.html
>
> The scenario is:
> - Some specified target hostname resolves to two IP addresses (always the same address pair).
> - The DNS resolved order of the two ip addresses changes (a usual LoadBalancer type behavior).
> - The CNAME of the two ip addresses differ.
>
> In SocketPermission class(void getIP() method), it internally resolves and saves only the first IP address resolved, not all the IP addresses resolved.
> - Depending on when the implier/implied SocketPermission hostname is resolved, the resolved addresses order differs, and the internally saved IP address mismatches, resulting on SocketPermission#implies() false.
>
> So the fix is to:
> Pass all the IP addresses of the specified target instead of just saving the first IP.
>
> Thanks
> Jay
>
>
More information about the net-dev
mailing list