Re: Code Review Request: 8013140: Heap corruption with NetworkInterface.getByInetAddress() and long i/f name
Nice find Kurchi, It is surprising to me that we are building Solaris without LIFNAMSIZ defined, but I accept that we are. Your changes look good to me. -Chris. On 05/02/2013 01:03 AM, Kurchi Subhra Hazra wrote: Hi, NetworkInterface.getByInetAddress() was crashing on solaris when the system had a network interface name longer than 15 characters, due to two instances in the native code for NetworkInterface where we were copying a char array of size 32 (LIFNAMSIZ) into a char array of size 16 (IFNAMSIZ), resulting in a buffer overflow with long names. The fix is to make sure that the space allocated for the interface name is consistent (16/32 bytes depending on the system), and to prevent overflows by using strncpy instead of strcpy. Bug: http://bugs.sun.com/view_bug.do?bug_id=8013140 Webrev: http://cr.openjdk.java.net/~khazra/8013140/webrev.00/ Thanks, - Kurchi
Re: Code Review Request: 8013140: Heap corruption with NetworkInterface.getByInetAddress() and long i/f name
On 02/05/2013 01:03, Kurchi Subhra Hazra wrote: Hi, NetworkInterface.getByInetAddress() was crashing on solaris when the system had a network interface name longer than 15 characters, due to two instances in the native code for NetworkInterface where we were copying a char array of size 32 (LIFNAMSIZ) into a char array of size 16 (IFNAMSIZ), resulting in a buffer overflow with long names. The fix is to make sure that the space allocated for the interface name is consistent (16/32 bytes depending on the system), and to prevent overflows by using strncpy instead of strcpy. Bug: http://bugs.sun.com/view_bug.do?bug_id=8013140 Webrev: http://cr.openjdk.java.net/~khazra/8013140/webrev.00/ Thanks, - Kurchi A good fine, looks okay to me. An alternative would be sizeof(name) but what you have is fine. -Alan
hg: jdk8/tl/jdk: 8013225: Refresh jdk's private ASM to the latest.
Changeset: 167d2dca Author:ksrini Date: 2013-05-01 15:08 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/167d2dca 8013225: Refresh jdk's private ASM to the latest. Reviewed-by: mduigou, sundar ! src/share/classes/jdk/internal/org/objectweb/asm/AnnotationVisitor.java ! src/share/classes/jdk/internal/org/objectweb/asm/AnnotationWriter.java ! src/share/classes/jdk/internal/org/objectweb/asm/Attribute.java ! src/share/classes/jdk/internal/org/objectweb/asm/ByteVector.java ! src/share/classes/jdk/internal/org/objectweb/asm/ClassReader.java ! src/share/classes/jdk/internal/org/objectweb/asm/ClassVisitor.java ! src/share/classes/jdk/internal/org/objectweb/asm/ClassWriter.java + src/share/classes/jdk/internal/org/objectweb/asm/Context.java ! src/share/classes/jdk/internal/org/objectweb/asm/FieldVisitor.java ! src/share/classes/jdk/internal/org/objectweb/asm/FieldWriter.java ! src/share/classes/jdk/internal/org/objectweb/asm/Frame.java ! src/share/classes/jdk/internal/org/objectweb/asm/Handle.java ! src/share/classes/jdk/internal/org/objectweb/asm/Handler.java ! src/share/classes/jdk/internal/org/objectweb/asm/Item.java ! src/share/classes/jdk/internal/org/objectweb/asm/Label.java ! src/share/classes/jdk/internal/org/objectweb/asm/MethodVisitor.java ! src/share/classes/jdk/internal/org/objectweb/asm/MethodWriter.java ! src/share/classes/jdk/internal/org/objectweb/asm/Opcodes.java ! src/share/classes/jdk/internal/org/objectweb/asm/Type.java + src/share/classes/jdk/internal/org/objectweb/asm/TypePath.java + src/share/classes/jdk/internal/org/objectweb/asm/TypeReference.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/AdviceAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/AnalyzerAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/CodeSizeEvaluator.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/GeneratorAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/InstructionAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/JSRInlinerAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/LocalVariablesSorter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/Method.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/Remapper.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/RemappingAnnotationAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/RemappingClassAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/RemappingFieldAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/RemappingMethodAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/RemappingSignatureAdapter.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/SerialVersionUIDAdder.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/StaticInitMerger.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/TableSwitchGenerator.java ! src/share/classes/jdk/internal/org/objectweb/asm/commons/TryCatchBlockSorter.java ! src/share/classes/jdk/internal/org/objectweb/asm/signature/SignatureReader.java ! src/share/classes/jdk/internal/org/objectweb/asm/signature/SignatureVisitor.java ! src/share/classes/jdk/internal/org/objectweb/asm/signature/SignatureWriter.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/AbstractInsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/AnnotationNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/ClassNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/FieldInsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/FieldNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/FrameNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/IincInsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/InnerClassNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/InsnList.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/InsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/IntInsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/InvokeDynamicInsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/JumpInsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/LdcInsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/LineNumberNode.java + src/share/classes/jdk/internal/org/objectweb/asm/tree/LocalVariableAnnotationNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/LocalVariableNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/LookupSwitchInsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/MethodInsnNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/MethodNode.java ! src/share/classes/jdk/internal/org/objectweb/asm/tree/MultiANewArrayInsnNode.java + src/share/classes/jdk/inte
RFR JDK7188517
Greetings: Please consider the following change to the cookie constructor: http://cr.openjdk.java.net/~jzavgren/7188517/webrev.01/ Basically there are two issues: 1.) the existing cookie constructor was allowing cookie names to have a dollar sign as their leading character, which is "illegal". The constructor code was modified to disallow these illegal names. 2.) the API document (notice the specdiff: http://cr.openjdk.java.net/~jzavgren/7188517/specDiff/) prohibited the use of cookie names that are one of the tokens reserved for use by the cookie protocol, and this restriction is not necessary. Thanks! John Zavgren
hg: jdk8/tl/jdk: 8012645: Stream methods on BitSet, Random, ThreadLocalRandom, ZipFile
Changeset: 5045eb04a579 Author:mduigou Date: 2013-05-02 09:18 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5045eb04a579 8012645: Stream methods on BitSet, Random, ThreadLocalRandom, ZipFile Reviewed-by: mduigou, henryjen, alanb, martin, psandoz Contributed-by: [email protected], [email protected] ! src/share/classes/java/util/BitSet.java ! src/share/classes/java/util/Random.java ! src/share/classes/java/util/concurrent/ThreadLocalRandom.java ! src/share/classes/java/util/jar/JarFile.java ! src/share/classes/java/util/zip/ZipFile.java + test/java/util/BitSet/BitSetStreamTest.java + test/java/util/Random/RandomStreamTest.java + test/java/util/zip/ZipFile/StreamZipEntriesTest.java
Re: RFR JDK7188517
All: My original email was mangled by my email program (stbeehive/zimbra) ... so I'm sending a second correctly formatted copy. I'm sorry for the inconvenience. John --- Please consider the following change to the cookie constructor: http://cr.openjdk.java.net/~jzavgren/7188517/webrev.01/ Basically there are two issues: 1.) the existing cookie constructor was allowing cookie names to have a dollar sign as their leading character, which is "illegal". The constructor code was modified to disallow these illegal names. 2.) the API document (notice the specdiff: http://cr.openjdk.java.net/~jzavgren/7188517/specDiff/ ) prohibited the use of cookie names that are one of the tokens reserved for use by the cookie protocol, and this restriction is not necessary. Thanks! John Zavgren - Original Message - From: [email protected] To: [email protected] Sent: Thursday, May 2, 2013 10:36:38 AM GMT -05:00 US/Canada Eastern Subject: RFR JDK7188517 Greetings: Please consider the following change to the cookie constructor: http://cr.openjdk.java.net/~jzavgren/7188517/webrev.01/ Basically there are two issues: 1.) the existing cookie constructor was allowing cookie names to have a dollar sign as their leading character, which is "illegal". The constructor code was modified to disallow these illegal names. 2.) the API document (notice the specdiff: http://cr.openjdk.java.net/~jzavgren/7188517/specDiff/) prohibited the use of cookie names that are one of the tokens reserved for use by the cookie protocol, and this restriction is not necessary. Thanks! John Zavgren
hg: jdk8/tl/jdk: 8013140: Heap corruption with NetworkInterface.getByInetAddress() and long i/f name
Changeset: 3062bf908281 Author:khazra Date: 2013-05-02 14:26 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3062bf908281 8013140: Heap corruption with NetworkInterface.getByInetAddress() and long i/f name Summary: Remove buffer overruns in native code Reviewed-by: alanb, chegar ! src/solaris/native/java/net/NetworkInterface.c
Re: Code Review Request: 8013140: Heap corruption with NetworkInterface.getByInetAddress() and long i/f name
Thank you, committed now. - Kurchi On 5/2/2013 3:50 AM, Alan Bateman wrote: On 02/05/2013 01:03, Kurchi Subhra Hazra wrote: Hi, NetworkInterface.getByInetAddress() was crashing on solaris when the system had a network interface name longer than 15 characters, due to two instances in the native code for NetworkInterface where we were copying a char array of size 32 (LIFNAMSIZ) into a char array of size 16 (IFNAMSIZ), resulting in a buffer overflow with long names. The fix is to make sure that the space allocated for the interface name is consistent (16/32 bytes depending on the system), and to prevent overflows by using strncpy instead of strcpy. Bug: http://bugs.sun.com/view_bug.do?bug_id=8013140 Webrev: http://cr.openjdk.java.net/~khazra/8013140/webrev.00/ Thanks, - Kurchi A good fine, looks okay to me. An alternative would be sizeof(name) but what you have is fine. -Alan -- -Kurchi
hg: jdk8/tl/jdk: 8013855: DigestMD5Client has not checked RealmChoiceCallback value
Changeset: 81be41c7323f Author:weijun Date: 2013-05-03 10:43 +0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/81be41c7323f 8013855: DigestMD5Client has not checked RealmChoiceCallback value Reviewed-by: xuelei, mullan ! src/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java + test/com/sun/security/sasl/digest/AuthRealmChoices.java
