stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8074812: More specific error message when the .java_pid well-known file is not secure

Browse Source 
Reviewed-by: jbachorik, martin
This commit is contained in:
Staffan Larsen 2015-03-13 08:35:51 +01:00
parent 4e1348cb7b
commit 9e2660699e
4 changed files with 96 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
jdk/src/jdk.attach/aix/native/libattach/VirtualMachineImpl.c
View File

@ -26,6 +26,7 @@
#include "jni.h"
#include "jni_util.h"
#include "jvm.h"
#include <stdio.h>
#include <stdlib.h>
@ -184,15 +185,26 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_checkPermissions
res = errno;
}
/* release p here before we throw an I/O exception */
if (isCopy) {
JNU_ReleaseStringPlatformChars(env, path, p);
}
if (res == 0) {
if ( (sb.st_uid != uid) || (sb.st_gid != gid) ||
((sb.st_mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) != 0) ) {
JNU_ThrowIOException(env, "well-known file is not secure");
char msg[100];
jboolean isError = JNI_FALSE;
if (sb.st_uid != uid) {
jio_snprintf(msg, sizeof(msg)-1,
"file should be owned by the current user (which is %d) but is owned by %d", uid, sb.st_uid);
isError = JNI_TRUE;
} else if (sb.st_gid != gid) {
jio_snprintf(msg, sizeof(msg)-1,
"file's group should be the current group (which is %d) but the group is %d", gid, sb.st_gid);
isError = JNI_TRUE;
} else if ((sb.st_mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) != 0) {
jio_snprintf(msg, sizeof(msg)-1,
"file should only be readable and writable by the owner but has 0%03o access", sb.st_mode & 0777);
isError = JNI_TRUE;
}
if (isError) {
char buf[256];
jio_snprintf(buf, sizeof(buf)-1, "well-known file %s is not secure: %s", p, msg);
JNU_ThrowIOException(env, buf);
}
} else {
char* msg = strdup(strerror(res));
@ -201,6 +213,10 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_checkPermissions
free(msg);
}
}
if (isCopy) {
JNU_ReleaseStringPlatformChars(env, path, p);
}
}
}

32
jdk/src/jdk.attach/linux/native/libattach/VirtualMachineImpl.c
View File

@ -25,6 +25,7 @@
#include "jni.h"
#include "jni_util.h"
#include "jvm.h"
#include <stdio.h>
#include <stdlib.h>
@ -369,15 +370,26 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_checkPermissions
res = errno;
}
/* release p here before we throw an I/O exception */
if (isCopy) {
JNU_ReleaseStringPlatformChars(env, path, p);
}
if (res == 0) {
if ( (sb.st_uid != uid) || (sb.st_gid != gid) ||
((sb.st_mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) != 0) ) {
JNU_ThrowIOException(env, "well-known file is not secure");
char msg[100];
jboolean isError = JNI_FALSE;
if (sb.st_uid != uid) {
jio_snprintf(msg, sizeof(msg)-1,
"file should be owned by the current user (which is %d) but is owned by %d", uid, sb.st_uid);
isError = JNI_TRUE;
} else if (sb.st_gid != gid) {
jio_snprintf(msg, sizeof(msg)-1,
"file's group should be the current group (which is %d) but the group is %d", gid, sb.st_gid);
isError = JNI_TRUE;
} else if ((sb.st_mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) != 0) {
jio_snprintf(msg, sizeof(msg)-1,
"file should only be readable and writable by the owner but has 0%03o access", sb.st_mode & 0777);
isError = JNI_TRUE;
}
if (isError) {
char buf[256];
jio_snprintf(buf, sizeof(buf)-1, "well-known file %s is not secure: %s", p, msg);
JNU_ThrowIOException(env, buf);
}
} else {
char* msg = strdup(strerror(res));
@ -386,6 +398,10 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_checkPermissions
free(msg);
}
}
if (isCopy) {
JNU_ReleaseStringPlatformChars(env, path, p);
}
}
}

32
jdk/src/jdk.attach/macosx/native/libattach/VirtualMachineImpl.c
View File

@ -25,6 +25,7 @@
#include "jni.h"
#include "jni_util.h"
#include "jvm.h"
#include <stdio.h>
#include <stdlib.h>
@ -151,15 +152,26 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_checkPermissions
res = errno;
}
/* release p here before we throw an I/O exception */
if (isCopy) {
JNU_ReleaseStringPlatformChars(env, path, p);
}
if (res == 0) {
if ( (sb.st_uid != uid) || (sb.st_gid != gid) ||
((sb.st_mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) != 0) ) {
JNU_ThrowIOException(env, "well-known file is not secure");
char msg[100];
jboolean isError = JNI_FALSE;
if (sb.st_uid != uid) {
jio_snprintf(msg, sizeof(msg)-1,
"file should be owned by the current user (which is %d) but is owned by %d", uid, sb.st_uid);
isError = JNI_TRUE;
} else if (sb.st_gid != gid) {
jio_snprintf(msg, sizeof(msg)-1,
"file's group should be the current group (which is %d) but the group is %d", gid, sb.st_gid);
isError = JNI_TRUE;
} else if ((sb.st_mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) != 0) {
jio_snprintf(msg, sizeof(msg)-1,
"file should only be readable and writable by the owner but has 0%03o access", sb.st_mode & 0777);
isError = JNI_TRUE;
}
if (isError) {
char buf[256];
jio_snprintf(buf, sizeof(buf)-1, "well-known file %s is not secure: %s", p, msg);
JNU_ThrowIOException(env, buf);
}
} else {
char* msg = strdup(strerror(res));
@ -168,6 +180,10 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_checkPermissions
free(msg);
}
}
if (isCopy) {
JNU_ReleaseStringPlatformChars(env, path, p);
}
}
}

32
jdk/src/jdk.attach/solaris/native/libattach/VirtualMachineImpl.c
View File

@ -35,6 +35,7 @@
#include "jni.h"
#include "jni_util.h"
#include "jvm.h"
#include "sun_tools_attach_VirtualMachineImpl.h"
@ -112,15 +113,26 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_checkPermissions
res = errno;
}
/* release p here before we throw an I/O exception */
if (isCopy) {
JNU_ReleaseStringPlatformChars(env, path, p);
}
if (res == 0) {
if ( (sb.st_uid != uid) || (sb.st_gid != gid) ||
((sb.st_mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) != 0) ) {
JNU_ThrowIOException(env, "well-known file is not secure");
char msg[100];
jboolean isError = JNI_FALSE;
if (sb.st_uid != uid) {
jio_snprintf(msg, sizeof(msg)-1,
"file should be owned by the current user (which is %d) but is owned by %d", uid, sb.st_uid);
isError = JNI_TRUE;
} else if (sb.st_gid != gid) {
jio_snprintf(msg, sizeof(msg)-1,
"file's group should be the current group (which is %d) but the group is %d", gid, sb.st_gid);
isError = JNI_TRUE;
} else if ((sb.st_mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) != 0) {
jio_snprintf(msg, sizeof(msg)-1,
"file should only be readable and writable by the owner but has 0%03o access", sb.st_mode & 0777);
isError = JNI_TRUE;
}
if (isError) {
char buf[256];
jio_snprintf(buf, sizeof(buf)-1, "well-known file %s is not secure: %s", p, msg);
JNU_ThrowIOException(env, buf);
}
} else {
char* msg = strdup(strerror(res));
@ -129,6 +141,10 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_checkPermissions
free(msg);
}
}
if (isCopy) {
JNU_ReleaseStringPlatformChars(env, path, p);
}
}
}