RFR: JDK-8243376: java.net.SocketPermission.implies(Permission p) spec is mismatching with implementation [v3]

Michael McMahon michaelm at openjdk.java.net
Mon Feb 8 14:40:53 UTC 2021


On Fri, 5 Feb 2021 11:15:56 GMT, Jayashree S Kumar <github.com+31532647+jaysk1 at openjdk.org> wrote:

>> Issue
>> 
>> https://bugs.openjdk.java.net/browse/JDK-8243376
>> 
>> Problem
>> 
>> The scenario is: 
>> - Some specified target hostname resolves to two IP addresses (always the same address pair). 
>> - The DNS resolved order of the two ip addresses changes (a usual LoadBalancer type behavior). 
>> - The CNAME of the two ip addresses differ. 
>> 
>> In SocketPermission class(void getIP() method), it internally resolves and saves only the first IP address resolved, not all the IP addresses resolved. 
>> - Depending on when the implier/implied SocketPermission hostname is resolved, the resolved addresses order differs, and the internally saved IP address mismatches, resulting on SocketPermission#implies() false. 
>> 
>> 
>> Michael McMahon kindly reviewed and suggested changes: https://mail.openjdk.java.net/pipermail/net-dev/2020-May/014001.html
>
> Jayashree S Kumar has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains ten commits:
> 
>  - Merge branch 'master' of https://github.com/openjdk/jdk into socketperm_implies
>  - Incorporated changes suggested by Vyom in testcase
>  - Fixed all Whitespace error in testcase
>  - Fixed all Whitespace error in testcase
>  - Fixed automerge failed conflicts
>  - Correct WhiteSpace error
>  - Merge branch 'master' of https://github.com/openjdk/jdk into socketperm_implies
>  -  Added testcase and corrected WhiteSpace tab error
>  - JDK-8243376: java.net.SocketPermission.implies(Permission p) spec is mismatching with implementation

src/java.base/share/classes/java/net/SocketPermission.java line 668:

> 666:             } else {
> 667:                // Always calls getIP(), this will make sure that if order of IP
> 668:                // addresses changed then cname also get's change.

The block above 665:667 is still needed. getIP() must be called to set the addresses field. There's a test that checks this.

src/java.base/share/classes/java/net/SocketPermission.java line 675:

> 673:         } catch (UnknownHostException uhe) {
> 674:             invalid = true;
> 675:             throw uhe;

The indentation wasn't right here before. Maybe we could fix it now/

-------------

PR: https://git.openjdk.java.net/jdk/pull/1916


More information about the net-dev mailing list