From d2d0153dd63334fba028fac44d063dd3de21d68e Mon Sep 17 00:00:00 2001 From: Brian Burkhalter Date: Tue, 22 Oct 2013 11:25:01 -0700 Subject: [PATCH 1/2] 7179567: JCK8 tests: api/java_net/URLClassLoader/index.html#Ctor3 failed with NPE 6445180: URLClassLoader does not describe the behavior of several methods with respect to null arguments Document when a NPE will be thrown by URLClassLoader constructors, newInstance(), findClass(), and getPermissions(). Reviewed-by: alanb, mduigou, chegar, dholmes, jrose --- .../classes/java/net/URLClassLoader.java | 42 +++-- .../remote/rmi/NoCallStackClassLoader.java | 1 + .../classes/sun/applet/AppletClassLoader.java | 1 + .../java/net/URLClassLoader/NullURLTest.java | 175 ++++++++++++++++++ 4 files changed, 206 insertions(+), 13 deletions(-) create mode 100644 jdk/test/java/net/URLClassLoader/NullURLTest.java diff --git a/jdk/src/share/classes/java/net/URLClassLoader.java b/jdk/src/share/classes/java/net/URLClassLoader.java index 748748520ea..f272346ce2f 100644 --- a/jdk/src/share/classes/java/net/URLClassLoader.java +++ b/jdk/src/share/classes/java/net/URLClassLoader.java @@ -25,21 +25,30 @@ package java.net; -import java.io.*; -import java.util.*; -import java.util.jar.Manifest; -import java.util.jar.JarFile; -import java.util.jar.Attributes; -import java.util.jar.Attributes.Name; -import java.security.CodeSigner; -import java.security.PrivilegedAction; -import java.security.PrivilegedExceptionAction; -import java.security.AccessController; +import java.io.Closeable; +import java.io.File; +import java.io.FilePermission; +import java.io.IOException; +import java.io.InputStream; import java.security.AccessControlContext; -import java.security.SecureClassLoader; +import java.security.AccessController; +import java.security.CodeSigner; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; +import java.security.PrivilegedAction; +import java.security.PrivilegedExceptionAction; +import java.security.SecureClassLoader; +import java.util.Enumeration; +import java.util.List; +import java.util.NoSuchElementException; +import java.util.Objects; +import java.util.Set; +import java.util.WeakHashMap; +import java.util.jar.Attributes; +import java.util.jar.Attributes.Name; +import java.util.jar.JarFile; +import java.util.jar.Manifest; import sun.misc.Resource; import sun.misc.URLClassPath; import sun.net.www.ParseUtil; @@ -84,6 +93,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable { * @exception SecurityException if a security manager exists and its * {@code checkCreateClassLoader} method doesn't allow * creation of a class loader. + * @exception NullPointerException if {@code urls} is {@code null}. * @see SecurityManager#checkCreateClassLoader */ public URLClassLoader(URL[] urls, ClassLoader parent) { @@ -127,6 +137,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable { * @exception SecurityException if a security manager exists and its * {@code checkCreateClassLoader} method doesn't allow * creation of a class loader. + * @exception NullPointerException if {@code urls} is {@code null}. * @see SecurityManager#checkCreateClassLoader */ public URLClassLoader(URL[] urls) { @@ -169,6 +180,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable { * @exception SecurityException if a security manager exists and its * {@code checkCreateClassLoader} method doesn't allow * creation of a class loader. + * @exception NullPointerException if {@code urls} is {@code null}. * @see SecurityManager#checkCreateClassLoader */ public URLClassLoader(URL[] urls, ClassLoader parent, @@ -260,13 +272,13 @@ public class URLClassLoader extends SecureClassLoader implements Closeable { * and errors are not caught. Calling close on an already closed * loader has no effect. *

- * @throws IOException if closing any file opened by this class loader + * @exception IOException if closing any file opened by this class loader * resulted in an IOException. Any such exceptions are caught internally. * If only one is caught, then it is re-thrown. If more than one exception * is caught, then the second and following exceptions are added * as suppressed exceptions of the first one caught, which is then re-thrown. * - * @throws SecurityException if a security manager is set, and it denies + * @exception SecurityException if a security manager is set, and it denies * {@link RuntimePermission}{@code ("closeClassLoader")} * * @since 1.7 @@ -339,6 +351,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable { * @return the resulting class * @exception ClassNotFoundException if the class could not be found, * or if the loader is closed. + * @exception NullPointerException if {@code name} is {@code null}. */ protected Class findClass(final String name) throws ClassNotFoundException @@ -621,6 +634,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable { * If the protocol is not "file", then permission * to connect to and accept connections from the URL's host is granted. * @param codesource the codesource + * @exception NullPointerException if {@code codesource} is {@code null}. * @return the permissions granted to the codesource */ protected PermissionCollection getPermissions(CodeSource codesource) @@ -700,6 +714,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable { * * @param urls the URLs to search for classes and resources * @param parent the parent class loader for delegation + * @exception NullPointerException if {@code urls} is {@code null}. * @return the resulting class loader */ public static URLClassLoader newInstance(final URL[] urls, @@ -725,6 +740,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable { * loading the class. * * @param urls the URLs to search for classes and resources + * @exception NullPointerException if {@code urls} is {@code null}. * @return the resulting class loader */ public static URLClassLoader newInstance(final URL[] urls) { diff --git a/jdk/src/share/classes/javax/management/remote/rmi/NoCallStackClassLoader.java b/jdk/src/share/classes/javax/management/remote/rmi/NoCallStackClassLoader.java index 65c81ccb1c2..cd8e3ace9ba 100644 --- a/jdk/src/share/classes/javax/management/remote/rmi/NoCallStackClassLoader.java +++ b/jdk/src/share/classes/javax/management/remote/rmi/NoCallStackClassLoader.java @@ -120,6 +120,7 @@ class NoCallStackClassLoader extends ClassLoader { */ @Override protected Class findClass(String name) throws ClassNotFoundException { + // Note: classNames is guaranteed by the constructor to be non-null. for (int i = 0; i < classNames.length; i++) { if (name.equals(classNames[i])) { return defineClass(classNames[i], byteCodes[i], 0, diff --git a/jdk/src/share/classes/sun/applet/AppletClassLoader.java b/jdk/src/share/classes/sun/applet/AppletClassLoader.java index fe8521efae7..a3911974e44 100644 --- a/jdk/src/share/classes/sun/applet/AppletClassLoader.java +++ b/jdk/src/share/classes/sun/applet/AppletClassLoader.java @@ -239,6 +239,7 @@ public class AppletClassLoader extends URLClassLoader { * the "localhost". * * @param codesource the codesource + * @throws NullPointerException if {@code codesource} is {@code null}. * @return the permissions granted to the codesource */ protected PermissionCollection getPermissions(CodeSource codesource) diff --git a/jdk/test/java/net/URLClassLoader/NullURLTest.java b/jdk/test/java/net/URLClassLoader/NullURLTest.java new file mode 100644 index 00000000000..4171a4f6735 --- /dev/null +++ b/jdk/test/java/net/URLClassLoader/NullURLTest.java @@ -0,0 +1,175 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7179567 + * @summary Test that URLClassLoader public constructors and factory methods + * throw NullPointerException when appropriate. + * + * Tests whether URLClassLoader public constructors and factory methods throw + * appropriate NullPointerExceptions for 1) a null URL array parameter, and + * 2) a non-null URL array containing a null element. + */ + +import java.io.File; +import java.io.IOException; +import java.net.URL; +import java.net.URLClassLoader; +import java.util.jar.JarFile; + +public class NullURLTest { + JarFile jarFile; + + public static void main(String[] args) throws Throwable { + new NullURLTest(); + } + + NullURLTest() throws Throwable { + File local = new File(System.getProperty("test.src", "."), "jars"); + String path = "jar:file:" + + local.getPath() + + "/class_path_test.jar!/Foo.class"; + + URL validURL = new URL(path); + URL[] validURLArray = new URL[] { validURL, validURL }; + URL[] invalidURLArray = new URL[] { validURL, null }; + + int failures = 0; + URLClassLoader loader; + + try { + loader = new URLClassLoader(validURLArray); + } catch (Throwable t) { + System.err.println("URLClassLoader(validURLArray) threw " + t); + failures++; + } + try { + loader = new URLClassLoader(null); + System.err.println("URLClassLoader(null) did not throw NPE"); + failures++; + } catch (NullPointerException e) { + // expected + } + // This section should be uncommented if 8026517 is fixed. +// try { +// loader = new URLClassLoader(invalidURLArray); +// System.err.println("URLClassLoader(invalidURLArray) did not throw NPE"); +// failures++; +// } catch (NullPointerException e) { +// // expected +// } + + try { + loader = new URLClassLoader(validURLArray, null); + } catch (Throwable t) { + System.err.println("URLClassLoader(validURLArray, null) threw " + t); + failures++; + } + try { + loader = new URLClassLoader(null, null); + System.err.println("URLClassLoader(null, null) did not throw NPE"); + failures++; + } catch (NullPointerException e) { + // expected + } + // This section should be uncommented if 8026517 is fixed. +// try { +// loader = new URLClassLoader(invalidURLArray, null); +// System.err.println("URLClassLoader(invalidURLArray, null) did not throw NPE"); +// failures++; +// } catch (NullPointerException e) { +// // expected +// } + + try { + loader = new URLClassLoader(validURLArray, null, null); + } catch (Throwable t) { + System.err.println("URLClassLoader(validURLArray, null, null) threw " + t); + failures++; + } + try { + loader = new URLClassLoader(null, null, null); + System.err.println("URLClassLoader(null, null, null) did not throw NPE"); + failures++; + } catch (NullPointerException e) { + // expected + } + // This section should be uncommented if 8026517 is fixed. +// try { +// loader = new URLClassLoader(invalidURLArray, null, null); +// System.err.println("URLClassLoader(invalidURLArray, null, null) did not throw NPE"); +// failures++; +// } catch (NullPointerException e) { +// // expected +// } + + try { + loader = URLClassLoader.newInstance(validURLArray); + } catch (Throwable t) { + System.err.println("URLClassLoader.newInstance(validURLArray) threw " + t); + failures++; + } + try { + loader = URLClassLoader.newInstance(null); + System.err.println("URLClassLoader.newInstance(null) did not throw NPE"); + failures++; + } catch (NullPointerException e) { + // expected + } + // This section should be uncommented if 8026517 is fixed. +// try { +// loader = URLClassLoader.newInstance(invalidURLArray); +// System.err.println("URLClassLoader.newInstance(invalidURLArray) did not throw NPE"); +// failures++; +// } catch (NullPointerException e) { +// // expected +// } + + try { + loader = URLClassLoader.newInstance(validURLArray, null); + } catch (Throwable t) { + System.err.println("URLClassLoader.newInstance(validURLArray, null) threw " + t); + failures++; + } + try { + loader = URLClassLoader.newInstance(null, null); + System.err.println("URLClassLoader.newInstance(null, null) did not throw NPE"); + failures++; + } catch (NullPointerException e) { + // expected + } + // This section should be uncommented if 8026517 is fixed. +// try { +// loader = URLClassLoader.newInstance(invalidURLArray, null); +// System.err.println("URLClassLoader.newInstance(invalidURLArray, null) did not throw NPE"); +// failures++; +// } catch (NullPointerException e) { +// // expected +// } + + if (failures != 0) { + throw new Exception("URLClassLoader NullURLTest had "+failures+" failures!"); + } + } +} From c6ac4eb557990c2e1a630faeb1c324005fc90499 Mon Sep 17 00:00:00 2001 From: Jason Uh Date: Tue, 22 Oct 2013 11:57:38 -0700 Subject: [PATCH 2/2] 8025287: NPE in api/java_security/cert/PKIXRevocationChecker/GeneralTests_GeneralTests Reviewed-by: mullan --- .../sun/security/provider/certpath/RevocationChecker.java | 2 +- .../java/security/cert/PKIXRevocationChecker/UnitTest.java | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/jdk/src/share/classes/sun/security/provider/certpath/RevocationChecker.java b/jdk/src/share/classes/sun/security/provider/certpath/RevocationChecker.java index 0aad090a8b0..f34e737102a 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/RevocationChecker.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/RevocationChecker.java @@ -307,7 +307,7 @@ class RevocationChecker extends PKIXRevocationChecker { : anchor.getCAPublicKey(); } crlSignFlag = true; - if (params.certPath() != null) { + if (params != null && params.certPath() != null) { certIndex = params.certPath().getCertificates().size() - 1; } else { certIndex = -1; diff --git a/jdk/test/java/security/cert/PKIXRevocationChecker/UnitTest.java b/jdk/test/java/security/cert/PKIXRevocationChecker/UnitTest.java index 5c5f5bcfcf0..8ddfda2429a 100644 --- a/jdk/test/java/security/cert/PKIXRevocationChecker/UnitTest.java +++ b/jdk/test/java/security/cert/PKIXRevocationChecker/UnitTest.java @@ -23,7 +23,7 @@ /** * @test - * @bug 6854712 7171570 8010748 + * @bug 6854712 7171570 8010748 8025287 * @summary Basic unit test for PKIXRevocationChecker */ @@ -44,6 +44,8 @@ public class UnitTest { CertPathChecker cpc = cpv.getRevocationChecker(); PKIXRevocationChecker prc = (PKIXRevocationChecker)cpc; + prc.init(false); + System.out.println("Testing that get methods return null or " + "empty lists/sets/maps"); requireNull(prc.getOcspResponder(), "getOcspResponder()");