8229957: Harden pid verification in attach mechanism

Reviewed-by: sspitsyn, ysuenaga, sgehwolf
2019-08-22 10:40:34 -07:00 · 2019-08-22 10:40:34 -07:00 · 186dcb2f42
commit 186dcb2f42
parent 0603bec5ce
5 changed files with 70 additions and 4 deletions
--- a/src/jdk.attach/aix/classes/sun/tools/attach/VirtualMachineImpl.java
+++ b/src/jdk.attach/aix/classes/sun/tools/attach/VirtualMachineImpl.java
@ -58,8 +58,11 @@ public class VirtualMachineImpl extends HotSpotVirtualMachine {
        int pid;
        try {
            pid = Integer.parseInt(vmid);
+            if (pid < 1) {
+                throw new NumberFormatException();
+            }
        } catch (NumberFormatException x) {
-            throw new AttachNotSupportedException("Invalid process identifier");
+            throw new AttachNotSupportedException("Invalid process identifier: " + vmid);
        }

        // Find the socket file. If not found then we attempt to start the
--- a/src/jdk.attach/linux/classes/sun/tools/attach/VirtualMachineImpl.java
+++ b/src/jdk.attach/linux/classes/sun/tools/attach/VirtualMachineImpl.java
@ -60,8 +60,11 @@ public class VirtualMachineImpl extends HotSpotVirtualMachine {
        int pid;
        try {
            pid = Integer.parseInt(vmid);
+            if (pid < 1) {
+                throw new NumberFormatException();
+            }
        } catch (NumberFormatException x) {
-            throw new AttachNotSupportedException("Invalid process identifier");
+            throw new AttachNotSupportedException("Invalid process identifier: " + vmid);
        }

        // Try to resolve to the "inner most" pid namespace
--- a/src/jdk.attach/macosx/classes/sun/tools/attach/VirtualMachineImpl.java
+++ b/src/jdk.attach/macosx/classes/sun/tools/attach/VirtualMachineImpl.java
@ -59,8 +59,11 @@ public class VirtualMachineImpl extends HotSpotVirtualMachine {
        int pid;
        try {
            pid = Integer.parseInt(vmid);
+            if (pid < 1) {
+                throw new NumberFormatException();
+            }
        } catch (NumberFormatException x) {
-            throw new AttachNotSupportedException("Invalid process identifier");
+            throw new AttachNotSupportedException("Invalid process identifier: " + vmid);
        }

        // Find the socket file. If not found then we attempt to start the
--- a/src/jdk.attach/solaris/classes/sun/tools/attach/VirtualMachineImpl.java
+++ b/src/jdk.attach/solaris/classes/sun/tools/attach/VirtualMachineImpl.java
@ -60,8 +60,11 @@ public class VirtualMachineImpl extends HotSpotVirtualMachine {
        int pid;
        try {
            pid = Integer.parseInt(vmid);
+            if (pid < 1) {
+                throw new NumberFormatException();
+            }
        } catch (NumberFormatException x) {
-            throw new AttachNotSupportedException("Invalid process identifier");
+            throw new AttachNotSupportedException("Invalid process identifier: " + vmid);
        }

        // Opens the door file to the target VM. If the file is not
--- a/test/hotspot/jtreg/serviceability/attach/AttachNegativePidTest.java
+++ b/test/hotspot/jtreg/serviceability/attach/AttachNegativePidTest.java
@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test Verifies that negative pids are correctly rejected
+ * @bug 8229957
+ * @requires os.family != "windows"
+ * @library /test/lib
+ * @modules jdk.attach/com.sun.tools.attach
+ * @run main AttachNegativePidTest
+ */
+
+import java.io.IOException;
+
+import com.sun.tools.attach.VirtualMachine;
+import com.sun.tools.attach.AttachNotSupportedException;
+
+import jdk.test.lib.apps.LingeredApp;
+
+public class AttachNegativePidTest {
+
+    public static void main(String... args) throws Exception {
+        LingeredApp app = LingeredApp.startApp();
+        String strPID = Long.toString(-1 * app.getPid());
+        try {
+            VirtualMachine.attach(strPID);
+        } catch (AttachNotSupportedException anse) {
+            // Passed
+            return;
+        }
+        throw new RuntimeException("There is no expected AttachNotSupportedException for " + strPID);
+    }
+
+}