diff --git a/src/java.instrument/share/classes/java/lang/instrument/package-info.java b/src/java.instrument/share/classes/java/lang/instrument/package-info.java index 25b9c7280d2..aa663e8b70b 100644 --- a/src/java.instrument/share/classes/java/lang/instrument/package-info.java +++ b/src/java.instrument/share/classes/java/lang/instrument/package-info.java @@ -32,6 +32,13 @@ * programs running on the JVM. The mechanism for instrumentation is modification * of the byte-codes of methods. * + *
Note: developers/admininstrators are responsible for verifying + * the trustworthiness of content and structure of the Java Agents they deploy, + * since those are able to arbitrarily transform the bytecode from other JAR files. + * Since that happens after the Jars containing the bytecode have been verified + * as trusted, the trustworthiness of a Java Agent can determine the trust towards + * the entire program. + * *
An agent is deployed as a JAR file. An attribute in the JAR file manifest * specifies the agent class which will be loaded to start the agent. Agents can * be started in several ways: diff --git a/src/java.instrument/share/native/libinstrument/InvocationAdapter.c b/src/java.instrument/share/native/libinstrument/InvocationAdapter.c index a2ea40ae9ac..aa0faabc52a 100644 --- a/src/java.instrument/share/native/libinstrument/InvocationAdapter.c +++ b/src/java.instrument/share/native/libinstrument/InvocationAdapter.c @@ -202,6 +202,17 @@ DEF_Agent_OnLoad(JavaVM *vm, char *tail, void * reserved) { */ oldLen = (int)strlen(premainClass); newLen = modifiedUtf8LengthOfUtf8(premainClass, oldLen); + /* + * According to JVMS class name is represented as CONSTANT_Utf8_info, + * so its length is u2 (i.e. must be <= 0xFFFF). + */ + if (newLen > 0xFFFF) { + fprintf(stderr, "-javaagent: Premain-Class value is too big\n"); + free(jarfile); + if (options != NULL) free(options); + freeAttributes(attributes); + return JNI_ERR; + } if (newLen == oldLen) { premainClass = strdup(premainClass); } else { @@ -360,6 +371,17 @@ DEF_Agent_OnAttach(JavaVM* vm, char *args, void * reserved) { */ oldLen = (int)strlen(agentClass); newLen = modifiedUtf8LengthOfUtf8(agentClass, oldLen); + /* + * According to JVMS class name is represented as CONSTANT_Utf8_info, + * so its length is u2 (i.e. must be <= 0xFFFF). + */ + if (newLen > 0xFFFF) { + fprintf(stderr, "Agent-Class value is too big\n"); + free(jarfile); + if (options != NULL) free(options); + freeAttributes(attributes); + return AGENT_ERROR_BADJAR; + } if (newLen == oldLen) { agentClass = strdup(agentClass); } else { @@ -485,6 +507,13 @@ jint loadAgent(JNIEnv* env, jstring path) { // The value of Launcher-Agent-Class is in UTF-8, convert it to modified UTF-8 oldLen = (int) strlen(agentClass); newLen = modifiedUtf8LengthOfUtf8(agentClass, oldLen); + /* + * According to JVMS class name is represented as CONSTANT_Utf8_info, + * so its length is u2 (i.e. must be <= 0xFFFF). + */ + if (newLen > 0xFFFF) { + goto releaseAndReturn; + } if (newLen == oldLen) { agentClass = strdup(agentClass); } else {