# HG changeset patch # User asaha # Date 1507152050 25200 # Node ID 1b40ae740b78de002d4096feee0407a4ce0e1608 # Parent 03791220212b92776f7dae0d8b0c6de5bf6cfa0e# Parent 819ee87a39abdf2779042e521704fdffd5dd2919 Merge diff -r 03791220212b -r 1b40ae740b78 .hgtags --- a/.hgtags Tue Oct 03 18:40:24 2017 -0700 +++ b/.hgtags Wed Oct 04 14:20:50 2017 -0700 @@ -745,6 +745,19 @@ 4f242f33e89a7900f2fcdcd9402058b6d01f340c jdk8u141-b15 77461a27d91fcb53106e6b3234468bff4d0eec9e jdk8u144-b00 0d5d2e29f93b01ffa4998c2e3a61d2e6eaa96b1b jdk8u144-b01 +2dbdceff6ade82aa9942cdea6b62d5655d65183c jdk8u151-b00 +4449c73dbfdf2e32889e3ce769bd4160daa48b71 jdk8u151-b01 +ffa099d5b88ff14cea677d2afa4229354e9404d0 jdk8u151-b02 +a6814326f989837019ff7dd0d9b0e57065499bc5 jdk8u151-b03 +cefb3694f8565e1f23ff3231fd21523f52161a95 jdk8u151-b04 +8977426affc02fdf74b1163865059ec86ddccb61 jdk8u151-b05 +3289ad7e88f3aa38fdaa4910e9eeed5e1e5430b1 jdk8u151-b06 +d41040488bbb511d64c6c2533d642e52675edfde jdk8u151-b07 +5d079476bf24cb8143473d2a0880e0b2e032b1eb jdk8u151-b08 +c5f095a1df38d9be119adcab5bbd7e4365e21871 jdk8u151-b09 +05a4bb70c2d84442e505b40e2059399da3f65633 jdk8u151-b10 +ea10de07bc171c8cf89f2acbc4a1288d4dc0f2d6 jdk8u151-b11 +87aaf4f5274e047cd1e0822a6b57dafcb987544b jdk8u151-b12 58d0ffe75dc5597310d422e214dc077476bd2338 jdk8u122-b00 a87b06da783bb5a11f7857220789979129e39e7c jdk8u122-b01 8684348ae5eb6f895d19e4752dea567642dbcec4 jdk8u122-b02 @@ -761,5 +774,16 @@ d36e9c6f195c5604626f7c836c17826960ca2a11 jdk8u152-b03 4f94cc55256028ab54390abe212959c241b0670f jdk8u152-b04 2917e61cfadab474625d19fb7775ccdec5584738 jdk8u152-b05 +bc6e4d3f7a20c34dcdccc1be17792188ccdcb917 jdk8u152-b06 +87992ac3484c6c2ae5cad4ad14701a03a9ec963c jdk8u152-b07 +1f7bbfb8b2632ac610c3a0d7d944ff0a3967469a jdk8u152-b08 +a9e83644bd11b5da49bb4424eed9c5a34003085c jdk8u152-b09 +3c302cc47b26715fb9ae863a477d6d0366feb713 jdk8u152-b10 +56a5346ca6448c188eb09de3856cbadf1532ffc4 jdk8u152-b11 +122a325c8bea6d8f49126ddc1644803d213197ae jdk8u152-b12 +f33390314a7d9311dc9474106ad6e66d71751e6d jdk8u152-b13 +2b4802994bf5a4a634258c9ff06d3da474130f8b jdk8u152-b14 +f89071fbde60b327d6940a34fcdeed96b6440dd2 jdk8u152-b15 +674aecf3d87ae774e2026a1cb2a60eaa651bc7c2 jdk8u152-b16 1160ad38fc7495c01c25421ae89689232481eb6b jdk8u162-b00 86b1cd17fde74427ac4b9312cc56bafc57b32fb4 jdk8u162-b01 diff -r 03791220212b -r 1b40ae740b78 THIRD_PARTY_README --- a/THIRD_PARTY_README Tue Oct 03 18:40:24 2017 -0700 +++ b/THIRD_PARTY_README Wed Oct 04 14:20:50 2017 -0700 @@ -2808,12 +2808,12 @@ ------------------------------------------------------------------------------- -%% This notice is provided with respect to zlib v1.2.8, which may be included +%% This notice is provided with respect to zlib v1.2.11, which may be included with JRE 8, JDK 8, and OpenJDK 8. --- begin of LICENSE --- - version 1.2.8, April 28th, 2013 + version 1.2.11, January 15th, 2017 Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler diff -r 03791220212b -r 1b40ae740b78 src/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java --- a/src/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java Tue Oct 03 18:40:24 2017 -0700 +++ b/src/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java Wed Oct 04 14:20:50 2017 -0700 @@ -31,13 +31,17 @@ package com.sun.corba.se.impl.io; +import java.security.AccessControlContext; +import java.security.AccessController; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.DigestOutputStream; -import java.security.AccessController; +import java.security.PermissionCollection; +import java.security.Permissions; import java.security.PrivilegedExceptionAction; import java.security.PrivilegedActionException; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.lang.reflect.Modifier; import java.lang.reflect.Array; @@ -47,6 +51,7 @@ import java.lang.reflect.Constructor; import java.lang.reflect.Proxy; import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.UndeclaredThrowableException; import java.io.IOException; import java.io.DataOutputStream; @@ -57,6 +62,11 @@ import java.util.Arrays; import java.util.Comparator; +import java.util.HashSet; +import java.util.Set; + +import sun.misc.JavaSecurityAccess; +import sun.misc.SharedSecrets; import com.sun.corba.se.impl.util.RepositoryId; @@ -418,6 +428,65 @@ private static final PersistentFieldsValue persistentFieldsValue = new PersistentFieldsValue(); + /** + * Creates a PermissionDomain that grants no permission. + */ + private ProtectionDomain noPermissionsDomain() { + PermissionCollection perms = new Permissions(); + perms.setReadOnly(); + return new ProtectionDomain(null, perms); + } + + /** + * Aggregate the ProtectionDomains of all the classes that separate + * a concrete class {@code cl} from its ancestor's class declaring + * a constructor {@code cons}. + * + * If {@code cl} is defined by the boot loader, or the constructor + * {@code cons} is declared by {@code cl}, or if there is no security + * manager, then this method does nothing and {@code null} is returned. + * + * @param cons A constructor declared by {@code cl} or one of its + * ancestors. + * @param cl A concrete class, which is either the class declaring + * the constructor {@code cons}, or a serializable subclass + * of that class. + * @return An array of ProtectionDomain representing the set of + * ProtectionDomain that separate the concrete class {@code cl} + * from its ancestor's declaring {@code cons}, or {@code null}. + */ + private ProtectionDomain[] getProtectionDomains(Constructor cons, + Class cl) { + ProtectionDomain[] domains = null; + if (cons != null && cl.getClassLoader() != null + && System.getSecurityManager() != null) { + Class cls = cl; + Class fnscl = cons.getDeclaringClass(); + Set pds = null; + while (cls != fnscl) { + ProtectionDomain pd = cls.getProtectionDomain(); + if (pd != null) { + if (pds == null) pds = new HashSet<>(); + pds.add(pd); + } + cls = cls.getSuperclass(); + if (cls == null) { + // that's not supposed to happen + // make a ProtectionDomain with no permission. + // should we throw instead? + if (pds == null) pds = new HashSet<>(); + else pds.clear(); + pds.add(noPermissionsDomain()); + break; + } + } + if (pds != null) { + domains = pds.toArray(new ProtectionDomain[0]); + } + } + return domains; + } + /* * Initialize class descriptor. This method is only invoked on class * descriptors created via calls to lookupInternal(). This method is kept @@ -551,11 +620,15 @@ readResolveObjectMethod = ObjectStreamClass.getInheritableMethod(cl, "readResolve", noTypesList, Object.class); + domains = new ProtectionDomain[] {noPermissionsDomain()}; + if (externalizable) cons = getExternalizableConstructor(cl) ; else cons = getSerializableConstructor(cl) ; + domains = getProtectionDomains(cons, cl); + if (serializable && !forProxyClass) { /* Look for the writeObject method * Set the accessible flag on it here. ObjectOutputStream @@ -902,20 +975,53 @@ throws InstantiationException, InvocationTargetException, UnsupportedOperationException { + if (!initialized) + throw new InternalError("Unexpected call when not initialized"); if (cons != null) { try { - return cons.newInstance(new Object[0]); + if (domains == null || domains.length == 0) { + return cons.newInstance(); + } else { + JavaSecurityAccess jsa = SharedSecrets.getJavaSecurityAccess(); + PrivilegedAction pea = (PrivilegedAction) new PrivilegedAction() { + public Object run() { + try { + return cons.newInstance(); + } catch (InstantiationException + | InvocationTargetException + | IllegalAccessException x) { + throw new UndeclaredThrowableException(x); + } + } + }; // Can't use PrivilegedExceptionAction with jsa + try { + return jsa.doIntersectionPrivilege(pea, + AccessController.getContext(), + new AccessControlContext(domains)); + } catch (UndeclaredThrowableException x) { + Throwable cause = x.getCause(); + if (cause instanceof InstantiationException) + throw (InstantiationException) cause; + if (cause instanceof InvocationTargetException) + throw (InvocationTargetException) cause; + if (cause instanceof IllegalAccessException) + throw (IllegalAccessException) cause; + // not supposed to happen + throw x; + } + } } catch (IllegalAccessException ex) { // should not occur, as access checks have been suppressed InternalError ie = new InternalError(); - ie.initCause( ex ) ; - throw ie ; + ie.initCause(ex); + throw ie; } } else { throw new UnsupportedOperationException(); } } + /** * Returns public no-arg constructor of given class, or null if none found. * Access checks are disabled on the returned constructor (if any), since @@ -1526,7 +1632,8 @@ Method readObjectMethod; private transient Method writeReplaceObjectMethod; private transient Method readResolveObjectMethod; - private Constructor cons ; + private Constructor cons; + private transient ProtectionDomain[] domains; /** * Beginning in Java to IDL ptc/02-01-12, RMI-IIOP has a