Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 868938 Details for
Bug 1071210
CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
DatagramSocket-connect-9-untested.patch
DatagramSocket-connect-9-untested.patch (text/plain), 9.69 KB, created by
Florian Weimer
on 2014-02-28 10:03:44 UTC
(
hide
)
Description:
DatagramSocket-connect-9-untested.patch
Filename:
MIME Type:
Creator:
Florian Weimer
Created:
2014-02-28 10:03:44 UTC
Size:
9.69 KB
patch
obsolete
># HG changeset patch ># User Florian Weimer <fweimer@redhat.com> ># Date 1393503592 -3600 ># Thu Feb 27 13:19:52 2014 +0100 ># Node ID 47feb8c2bce4ffa37330bcaadf0c7b261400b000 ># Parent 0731952efb104b783b75a5765a91a91601903a3c >Always filter source addresses on connected UDP sockets > >diff --git a/src/share/classes/java/net/DatagramSocket.java b/src/share/classes/java/net/DatagramSocket.java >--- a/src/share/classes/java/net/DatagramSocket.java >+++ b/src/share/classes/java/net/DatagramSocket.java >@@ -1,5 +1,5 @@ > /* >- * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. >+ * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved. > * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. > * > * This code is free software; you can redistribute it and/or modify it >@@ -704,12 +704,12 @@ > * @spec JSR-51 > */ > public synchronized void receive(DatagramPacket p) throws IOException { >+ SecurityManager security = System.getSecurityManager(); > synchronized (p) { > if (!isBound()) > bind(new InetSocketAddress(0)); > if (connectState == ST_NOT_CONNECTED) { > // check the address is ok with the security manager before every recv. >- SecurityManager security = System.getSecurityManager(); > if (security != null) { > while(true) { > String peekAd = null; >@@ -746,33 +746,45 @@ > } > } // end of while > } >- } >- if (connectState == ST_CONNECTED_NO_IMPL) { >- // We have to do the filtering the old fashioned way since >- // the native impl doesn't support connect or the connect >- // via the impl failed. >- boolean stop = false; >- while (!stop) { >- InetAddress peekAddress = null; >- int peekPort = -1; >- // peek at the packet to see who it is from. >- if (!oldImpl) { >- // We can use the new peekData() API >- DatagramPacket peekPacket = new DatagramPacket(new byte[1], 1); >- peekPort = getImpl().peekData(peekPacket); >- peekAddress = peekPacket.getAddress(); >- } else { >- // this api only works for IPv4 >- peekAddress = new InetAddress(); >- peekPort = getImpl().peek(peekAddress); >- } >- if ((!connectedAddress.equals(peekAddress)) || >- (connectedPort != peekPort)) { >- // throw the packet away and silently continue >- DatagramPacket tmp = new DatagramPacket(new byte[1], 1); >- getImpl().receive(tmp); >- } else { >- stop = true; >+ } else if (connectState == ST_CONNECTED || >+ connectState == ST_CONNECTED_NO_IMPL) { >+ // We have to do the address filtering even for >+ // sockets connected at the implementation layer >+ // because packets might have been queued while the >+ // socket was unconnected. >+ if (security == null) { >+ // Without a security manager, we can update p >+ // directly because the information leak via >+ // DatagramPacket#getData() is not critical. >+ do { >+ getImpl().receive(p); >+ } while (!connectedAddress.equals(p.getAddress()) || >+ connectedPort != p.getPort()); >+ return; >+ } else { >+ // Connected socket with a security manager. >+ // Filter using a temporary packet object to avoid >+ // information disclosure. >+ DatagramPacket tmp = new DatagramPacket(new byte[1], 1); >+ while (true) { >+ InetAddress peekAddress = null; >+ int peekPort = -1; >+ // peek at the packet to see who it is from. >+ if (!oldImpl) { >+ // We can use the new peekData() API >+ peekPort = getImpl().peekData(tmp); >+ peekAddress = tmp.getAddress(); >+ } else { >+ // this api only works for IPv4 >+ peekAddress = new InetAddress(); >+ peekPort = getImpl().peek(peekAddress); >+ } >+ if ((!connectedAddress.equals(peekAddress)) || >+ (connectedPort != peekPort)) { >+ // throw the packet away and silently continue >+ getImpl().receive(tmp); >+ } else >+ break; > } > } > } >diff --git a/src/share/classes/sun/nio/ch/DatagramChannelImpl.java b/src/share/classes/sun/nio/ch/DatagramChannelImpl.java >--- a/src/share/classes/sun/nio/ch/DatagramChannelImpl.java >+++ b/src/share/classes/sun/nio/ch/DatagramChannelImpl.java >@@ -1,5 +1,5 @@ > /* >- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. >+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. > * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. > * > * This code is free software; you can redistribute it and/or modify it >@@ -423,7 +423,7 @@ > throws IOException > { > int n = receive0(fd, ((DirectBuffer)bb).address() + pos, rem, >- isConnected()); >+ remoteAddress()); > if (n > 0) > bb.position(pos + n); > return n; >@@ -1129,7 +1129,7 @@ > throws IOException; > > private native int receive0(FileDescriptor fd, long address, int len, >- boolean connected) >+ SocketAddress remoteAddr) > throws IOException; > > private native int send0(boolean preferIPv6, FileDescriptor fd, long address, >diff --git a/src/solaris/native/sun/nio/ch/DatagramChannelImpl.c b/src/solaris/native/sun/nio/ch/DatagramChannelImpl.c >--- a/src/solaris/native/sun/nio/ch/DatagramChannelImpl.c >+++ b/src/solaris/native/sun/nio/ch/DatagramChannelImpl.c >@@ -1,5 +1,5 @@ > /* >- * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. >+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. > * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. > * > * This code is free software; you can redistribute it and/or modify it >@@ -144,7 +144,7 @@ > JNIEXPORT jint JNICALL > Java_sun_nio_ch_DatagramChannelImpl_receive0(JNIEnv *env, jobject this, > jobject fdo, jlong address, >- jint len, jboolean connected) >+ jint len, jobject remoteAddr) > { > jint fd = fdval(env, fdo); > void *buf = (void *)jlong_to_ptr(address); >@@ -169,7 +169,7 @@ > return IOS_INTERRUPTED; > } > if (errno == ECONNREFUSED) { >- if (connected == JNI_FALSE) { >+ if (remoteAddr == NULL) { > retry = JNI_TRUE; > } else { > JNU_ThrowByName(env, JNU_JAVANETPKG >@@ -179,6 +179,10 @@ > } else { > return handleSocketError(env, errno); > } >+ } else if (remoteAddr != NULL && >+ !NET_SockaddrEqualsInetAddress(env, (struct sockaddr *)&sa, >+ remoteAddr)) { >+ retry = JNI_TRUE; > } > } while (retry == JNI_TRUE); > >diff --git a/src/windows/native/sun/nio/ch/DatagramChannelImpl.c b/src/windows/native/sun/nio/ch/DatagramChannelImpl.c >--- a/src/windows/native/sun/nio/ch/DatagramChannelImpl.c >+++ b/src/windows/native/sun/nio/ch/DatagramChannelImpl.c >@@ -1,5 +1,5 @@ > /* >- * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. >+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. > * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. > * > * This code is free software; you can redistribute it and/or modify it >@@ -137,7 +137,7 @@ > JNIEXPORT jint JNICALL > Java_sun_nio_ch_DatagramChannelImpl_receive0(JNIEnv *env, jobject this, > jobject fdo, jlong address, >- jint len, jboolean connected) >+ jint len, jobject remoteAddr) > { > jint fd = fdval(env, fdo); > void *buf = (void *)jlong_to_ptr(address); >@@ -163,7 +163,7 @@ > n = len; > } else if (theErr == WSAECONNRESET) { > purgeOutstandingICMP(env, this, fd); >- if (connected == JNI_FALSE) { >+ if (remoteAddr == NULL) { > retry = TRUE; > } else { > JNU_ThrowByName(env, JNU_JAVANETPKG "PortUnreachableException", 0); >@@ -172,6 +172,10 @@ > } else if (theErr == WSAEWOULDBLOCK) { > return IOS_UNAVAILABLE; > } else return handleSocketError(env, theErr); >+ } else if (remoteAddr != NULL && >+ !NET_SockaddrEqualsInetAddress(env, (struct sockaddr *)&sa, >+ remoteAddr)) { >+ retry = JNI_TRUE; > } > } while (retry); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=868938">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1071210
: 868938