RFR(S): JDK-8041435 Make JDWP socket connector accept only local connections by default
Dmitry Samersoff
dmitry.samersoff at oracle.com
Fri May 16 08:37:49 UTC 2014
Serguei,
Thank you for the review!
see below.
On 2014-05-16 02:20, serguei.spitsyn at oracle.com wrote:
> Dmitry,
>
> I've reviewed the .01 webrev.
>
> src/share/transport/socket/socketTransport.c
>
> Lines 197-240: to be consistent with the rest of the file the indent must be 4, not 2.
>
> The comment at the line 200 is better to start from capital letter: "It looks up ..."
>
> 202 struct addrinfo hints, *res;
> ...
> 205 memset(&hints, 0, sizeof(hints));
>
> Would it more simple to use initialization instead of memset:
>
> 202 struct addrinfo hints = { 0 };
> 203 struct addrinfo *res = NULL;
Agree, will fix it.
> The space is missed after the commas and around '+':
>
> 228 n = strtoul(s_port,&eptr,10);
> 229 if (eptr != s_port+strlen(s_port)) {
> 247 memset((void *)sa,0,sizeof(struct sockaddr_in));
> 261 } else if (strncmp(address,"localhost:",10) == 0) {
will fix it.
>
> Unnecessary dot:
> 235 // invalid port number.
will fix it
> The n is declared as u_long but a cast to u_short is used in comparison:
> 220 u_long n;
> ...
> 234 if (n > (u_short) -1) {
Original code uses u_short to handle port number. So I check that value
supplied by user is less than maximum possible u_short value (65535) and
will not be truncated later.
Unfortunately there are no portable macro like MAX_USHORT, so I use
(u_short) -1 instead.
Will update the code with comments.
> Not sure I understand the condition at line 234.
> The unsigned long n is always bigger than -1, right?
> Or the type u_long is not unsigned long?
>
>
> Thanks,
> Serguei
>
> On 5/15/14 12:31 PM, Dmitry Samersoff wrote:
>> Dan,
>>
>> Thank you for the review. Next version is:
>>
>> http://cr.openjdk.java.net/~dsamersoff/JDK-8041435/webrev.02/
>>
>> please, see below.
>>
>> On 2014-05-15 19:58, Daniel D. Daugherty wrote:
>>> On 5/15/14 5:50 AM, Dmitry Samersoff wrote:
>>>> Hi Everyone,
>>>>
>>>> Please review the fix:
>>>>
>>>> http://cr.openjdk.java.net/~dsamersoff/JDK-8041435/webrev.01/
>>> src/share/transport/socket/socketTransport.c
>>> line 200: // it lookups "localhost" and return 127.0.0.1 if lookup
>>> Typo: "it lookups" -> "it looks up"
>>> Typo: "and return 127.0.0.1" -> "and returns 127.0.0.1"
>> fixed. .
>>
>>> line 210: return dbgsysHostToNetworkLong(INADDR_LOOPBACK);
>>> nit: indent should be 4-spaces (for this file)
>> fixed.
>>
>>> line 235: u_short port = (u_short)atoi(address+10);
>>> Will this crash on "localhost:"? (colon, but no port number)
>>>
>>> line 236: sa->sin_port = dbgsysHostToNetworkShort(port);
>>> If atoi() on line 235 is passed a non-decimal, what will the
>>> value of 'port' be and what will happen here?
>>>
>>> line 241: u_short port = (u_short)atoi(address+2);
>>> line 242: sa->sin_port = dbgsysHostToNetworkShort(port);
>>> Same questions about these two lines...
>> Original code doesn't have any guards for invalid user input and I plan
>> to add it later as a part of upcoming cleanup.
>>
>> But it's worth to do it now. I also add a test for it.
>>
>>
>>> old line 440: err = parseAddress(addressString, &sa, 0x7f000001);
>>> Is it bad that my brain automatically translated that HEX
>>> string into 127.0.0.1? I guess I still remember networking
>>> code...
>> Yes, you are correct. It's a bad way to specify loopback address. I
>> replaced it with INADDR_LOOPBACK.
>>
>>
>>> I checked out this doc:
>>>
>>> http://docs.oracle.com/javase/7/docs/technotes/guides/jpda/conninv.html
>> Thanks!
>>
>> -Dmitry
>>
>>> and the help message:
>>>
>>> $ java -agentlib:jdwp=help
>>> Java Debugger JDWP Agent Library
>>> --------------------------------
>>>
>>> (see http://java.sun.com/products/jpda for more information)
>>>
>>> jdwp usage: java -agentlib:jdwp=[help]|[<option>=<value>, ...]
>>>
>>> Option Name and Value Description Default
>>> --------------------- ----------- -------
>>> suspend=y|n wait on startup? y
>>> transport=<name> transport spec none
>>> address=<listen/attach address> transport spec ""
>>> server=y|n listen for debugger? n
>>> launch=<command line> run debugger on event none
>>> onthrow=<exception name> debug on throw none
>>> onuncaught=y|n debug on any uncaught? n
>>> timeout=<timeout value> for listen/attach in milliseconds n
>>> mutf8=y|n output modified utf-8 n
>>> quiet=y|n control over terminal messages n
>>>
>>> Obsolete Options
>>> ----------------
>>> strict=y|n
>>> stdalloc=y|n
>>>
>>> Examples
>>> --------
>>> - Using sockets connect to a debugger at a specific address:
>>> java -agentlib:jdwp=transport=dt_socket,address=localhost:8000 ...
>>> - Using sockets listen for a debugger to attach:
>>> java -agentlib:jdwp=transport=dt_socket,server=y,suspend=y ...
>>>
>>> Notes
>>> -----
>>> - A timeout value of 0 (the default) is no timeout.
>>>
>>> Warnings
>>> --------
>>> - The older -Xrunjdwp interface can still be used, but will be removed in
>>> a future release, for example:
>>> java -Xdebug -Xrunjdwp:[help]|[<option>=<value>, ...]
>>>
>>>
>>> I don't think your change requires any doc changes...
>>>
>>> Dan
>>>
>>>
>>>> After the fix, JDWP server attempts to guess localhost address and bind
>>>> to it only if no address is specified in command line but user can
>>>> explicitly bind server to all of available addresses by using * as an
>>>> address.
>>>>
>>
>
--
Dmitry Samersoff
Oracle Java development team, Saint Petersburg, Russia
* I would love to change the world, but they won't give me the source code.
More information about the serviceability-dev
mailing list