The following two patches I committed fix the remaining issues reported in PR42390:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42390 1. https://lists.gnu.org/archive/html/commit-classpath/2012-02/msg00002.html Add missing security calls in DatagramSocket.connect. 2. https://lists.gnu.org/archive/html/commit-classpath/2012-02/msg00003.html Access properties in a privileged block to avoid inappropriate SecurityExceptions being thrown. ChangeLog: 2012-02-08 Andrew John Hughes <ahug...@redhat.com> PR classpath/42390 * java/nio/channels/spi/SelectorProvider.java: (provider()): Retrieve property value using PrivilegedAction. * java/security/KeyStore.java: (getDefaultType()): Likewise. 2012-02-06 Andrew John Hughes <ahug...@redhat.com> PR classpath/42390 * java/net/DatagramSocket.java: (connect(InetAddress,int)): Add missing security checks which OpenJDK performs and we don't. It's possible to initialise a DatagramSocket with null so we should also ensure we are bound. Patches attached. -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
Index: java/net/DatagramSocket.java =================================================================== RCS file: /sources/classpath/classpath/java/net/DatagramSocket.java,v retrieving revision 1.52 diff -u -u -r1.52 DatagramSocket.java --- java/net/DatagramSocket.java 3 Jun 2010 19:13:02 -0000 1.52 +++ java/net/DatagramSocket.java 8 Feb 2012 14:34:20 -0000 @@ -525,7 +525,27 @@ SecurityManager sm = System.getSecurityManager(); if (sm != null) - sm.checkConnect(address.getHostAddress(), port); + { + if (address.isMulticastAddress()) + sm.checkMulticast(address); + else + { + sm.checkConnect(address.getHostAddress(), port); + sm.checkAccept(address.getHostAddress(), port); + } + } + + if (!isBound()) + { + try + { + bind(new InetSocketAddress(0)); + } + catch (SocketException e) + { + throw new Error("Binding socket failed.", e); + } + } try {
Index: java/nio/channels/spi/SelectorProvider.java =================================================================== RCS file: /sources/classpath/classpath/java/nio/channels/spi/SelectorProvider.java,v retrieving revision 1.14 diff -u -u -r1.14 SelectorProvider.java --- java/nio/channels/spi/SelectorProvider.java 3 Jun 2010 19:13:03 -0000 1.14 +++ java/nio/channels/spi/SelectorProvider.java 8 Feb 2012 18:29:26 -0000 @@ -46,6 +46,8 @@ import java.nio.channels.ServerSocketChannel; import java.nio.channels.SocketChannel; +import java.security.AccessController; +import java.security.PrivilegedAction; /** * @author Michael Koch @@ -145,14 +147,18 @@ * Returns the system-wide default selector provider for this invocation * of the Java virtual machine. * - * @return the default seletor provider + * @return the default selector provider */ public static synchronized SelectorProvider provider() { if (systemDefaultProvider == null) { - String propertyValue = - System.getProperty("java.nio.channels.spi.SelectorProvider"); + String propertyValue = AccessController.doPrivileged(new PrivilegedAction<String> () { + public String run() + { + return System.getProperty("java.nio.channels.spi.SelectorProvider"); + } + }); if (propertyValue == null || propertyValue.equals("")) systemDefaultProvider = new SelectorProviderImpl(); Index: java/security/KeyStore.java =================================================================== RCS file: /sources/classpath/classpath/java/security/KeyStore.java,v retrieving revision 1.16 diff -u -u -r1.16 KeyStore.java --- java/security/KeyStore.java 3 Jun 2010 19:13:07 -0000 1.16 +++ java/security/KeyStore.java 8 Feb 2012 18:29:27 -0000 @@ -214,7 +214,12 @@ { // Security reads every property in java.security so it // will return this property if it exists. - String tmp = Security.getProperty("keystore.type"); + String tmp = AccessController.doPrivileged(new PrivilegedAction<String> () { + public String run() + { + return Security.getProperty("keystore.type"); + } + }); if (tmp == null) tmp = "gkr";
signature.asc
Description: Digital signature