8227542: Manifest improved jar headers

Reviewed-by: sspitsyn, mschoene
2019-11-14 15:06:11 -08:00 · 2019-11-14 15:06:11 -08:00 · 3bbc499f06
commit 3bbc499f06
parent 0e4b718a25
2 changed files with 36 additions and 0 deletions
--- a/src/java.instrument/share/classes/java/lang/instrument/package-info.java
+++ b/src/java.instrument/share/classes/java/lang/instrument/package-info.java
@ -32,6 +32,13 @@
 * programs running on the JVM. The mechanism for instrumentation is modification
 * of the byte-codes of methods.
 *
+ * <p> Note: developers/admininstrators are responsible for verifying
+ * the trustworthiness of content and structure of the Java Agents they deploy,
+ * since those are able to arbitrarily transform the bytecode from other JAR files.
+ * Since that happens after the Jars containing the bytecode have been verified
+ * as trusted, the trustworthiness of a Java Agent can determine the trust towards
+ * the entire program.
+ *
 * <p> An agent is deployed as a JAR file. An attribute in the JAR file manifest
 * specifies the agent class which will be loaded to start the agent. Agents can
 * be started in several ways:
--- a/src/java.instrument/share/native/libinstrument/InvocationAdapter.c
+++ b/src/java.instrument/share/native/libinstrument/InvocationAdapter.c
@ -202,6 +202,17 @@ DEF_Agent_OnLoad(JavaVM *vm, char *tail, void * reserved) {
         */
        oldLen = (int)strlen(premainClass);
        newLen = modifiedUtf8LengthOfUtf8(premainClass, oldLen);
+        /*
+         * According to JVMS class name is represented as CONSTANT_Utf8_info,
+         * so its length is u2 (i.e. must be <= 0xFFFF).
+         */
+        if (newLen > 0xFFFF) {
+            fprintf(stderr, "-javaagent: Premain-Class value is too big\n");
+            free(jarfile);
+            if (options != NULL) free(options);
+            freeAttributes(attributes);
+            return JNI_ERR;
+        }
        if (newLen == oldLen) {
            premainClass = strdup(premainClass);
        } else {
@ -360,6 +371,17 @@ DEF_Agent_OnAttach(JavaVM* vm, char *args, void * reserved) {
         */
        oldLen = (int)strlen(agentClass);
        newLen = modifiedUtf8LengthOfUtf8(agentClass, oldLen);
+        /*
+         * According to JVMS class name is represented as CONSTANT_Utf8_info,
+         * so its length is u2 (i.e. must be <= 0xFFFF).
+         */
+        if (newLen > 0xFFFF) {
+            fprintf(stderr, "Agent-Class value is too big\n");
+            free(jarfile);
+            if (options != NULL) free(options);
+            freeAttributes(attributes);
+            return AGENT_ERROR_BADJAR;
+        }
        if (newLen == oldLen) {
            agentClass = strdup(agentClass);
        } else {
@ -485,6 +507,13 @@ jint loadAgent(JNIEnv* env, jstring path) {
    // The value of Launcher-Agent-Class is in UTF-8, convert it to modified UTF-8
    oldLen = (int) strlen(agentClass);
    newLen = modifiedUtf8LengthOfUtf8(agentClass, oldLen);
+    /*
+     * According to JVMS class name is represented as CONSTANT_Utf8_info,
+     * so its length is u2 (i.e. must be <= 0xFFFF).
+     */
+    if (newLen > 0xFFFF) {
+        goto releaseAndReturn;
+    }
    if (newLen == oldLen) {
        agentClass = strdup(agentClass);
    } else {