stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8334169: Long arguments of attach operation are silently truncated on Windows

Browse Source 
Reviewed-by: sspitsyn, cjplummer
This commit is contained in:
Alex Menkov 2024-07-16 18:10:47 +00:00
parent 59bf3d77aa
commit a60608e7a3
2 changed files with 212 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/jdk.attach/windows/native/libattach/VirtualMachineImpl.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -54,8 +54,8 @@ typedef jint (WINAPI* EnqueueOperationFunc)
static HANDLE
doPrivilegedOpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);
/* convert jstring to C string */
static void jstring_to_cstring(JNIEnv* env, jstring jstr, char* cstr, int len);
/* Converts jstring to C string, returns JNI_FALSE if the string has been truncated. */
static jboolean jstring_to_cstring(JNIEnv* env, jstring jstr, char* cstr, size_t cstr_buf_size);
/*
@ -75,9 +75,9 @@ typedef struct {
char jvmLib[MAX_LIBNAME_LENGTH]; /* "jvm.dll" */
char func1[MAX_FUNC_LENGTH];
char func2[MAX_FUNC_LENGTH];
char cmd[MAX_CMD_LENGTH]; /* "load", "dump", ... */
char arg[MAX_ARGS][MAX_ARG_LENGTH]; /* arguments to command */
char pipename[MAX_PIPE_NAME_LENGTH];
char cmd[MAX_CMD_LENGTH + 1]; /* "load", "dump", ... */
char arg[MAX_ARGS][MAX_ARG_LENGTH + 1]; /* arguments to command */
char pipename[MAX_PIPE_NAME_LENGTH + 1];
} DataBlock;
/*
@ -377,7 +377,6 @@ JNIEXPORT jint JNICALL Java_sun_tools_attach_VirtualMachineImpl_readPipe
return (jint)nread;
}
/*
* Class: sun_tools_attach_VirtualMachineImpl
* Method: enqueue
@ -410,7 +409,11 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_enqueue
/*
* Command and arguments
*/
jstring_to_cstring(env, cmd, data.cmd, MAX_CMD_LENGTH);
if (!jstring_to_cstring(env, cmd, data.cmd, sizeof(data.cmd))) {
JNU_ThrowByName(env, "com/sun/tools/attach/AttachOperationFailedException",
"command is too long");
return;
}
argsLen = (*env)->GetArrayLength(env, args);
if (argsLen > 0) {
@ -423,7 +426,11 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_enqueue
if (obj == NULL) {
data.arg[i][0] = '\0';
} else {
jstring_to_cstring(env, obj, data.arg[i], MAX_ARG_LENGTH);
if (!jstring_to_cstring(env, obj, data.arg[i], sizeof(data.arg[i]))) {
JNU_ThrowByName(env, "com/sun/tools/attach/AttachOperationFailedException",
"argument is too long");
return;
}
}
if ((*env)->ExceptionOccurred(env)) return;
}
@ -433,7 +440,11 @@ JNIEXPORT void JNICALL Java_sun_tools_attach_VirtualMachineImpl_enqueue
}
/* pipe name */
jstring_to_cstring(env, pipename, data.pipename, MAX_PIPE_NAME_LENGTH);
if (!jstring_to_cstring(env, pipename, data.pipename, sizeof(data.pipename))) {
JNU_ThrowByName(env, "com/sun/tools/attach/AttachOperationFailedException",
"pipe name is too long");
return;
}
/*
* Allocate memory in target process for data and code stub
@ -615,21 +626,28 @@ doPrivilegedOpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProc
return hProcess;
}
/* convert jstring to C string */
static void jstring_to_cstring(JNIEnv* env, jstring jstr, char* cstr, int len) {
/* Converts jstring to C string, returns JNI_FALSE if the string has been truncated. */
static jboolean jstring_to_cstring(JNIEnv* env, jstring jstr, char* cstr, size_t cstr_buf_size) {
jboolean isCopy;
const char* str;
jboolean result = JNI_TRUE;
if (jstr == NULL) {
cstr[0] = '\0';
} else {
str = JNU_GetStringPlatformChars(env, jstr, &isCopy);
if ((*env)->ExceptionOccurred(env)) return;
if ((*env)->ExceptionOccurred(env)) {
return result;
}
if (strlen(str) >= cstr_buf_size) {
result = JNI_FALSE;
}
strncpy(cstr, str, len);
cstr[len-1] = '\0';
strncpy(cstr, str, cstr_buf_size);
cstr[cstr_buf_size - 1] = '\0';
if (isCopy) {
JNU_ReleaseStringPlatformChars(env, jstr, str);
}
}
return result;
}

179
test/hotspot/jtreg/serviceability/attach/LongArgTest.java Normal file
View File

@ -0,0 +1,179 @@
/*
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @summary Tests that long arguments of attach operation are not truncated
* @bug 8334168
* @library /test/lib
* @modules jdk.attach/sun.tools.attach
* @run main LongArgTest
*/
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.InputStream;
import java.io.IOException;
import com.sun.tools.attach.VirtualMachine;
import sun.tools.attach.HotSpotVirtualMachine;
import jdk.test.lib.apps.LingeredApp;
public class LongArgTest {
// current restriction: max arg size is 1024
private static int MAX_ARG_SIZE = 1024;
public static void main(String[] args) throws Exception {
LingeredApp app = null;
try {
app = LingeredApp.startApp();
// sanity
test(app)
.mustSucceed()
.run();
test(app)
.valueLength(MAX_ARG_SIZE)
.mustSucceed()
.run();
test(app)
.valueLength(MAX_ARG_SIZE + 1)
.run();
// more than max args (3) with MAX_ARG_SIZE
test(app)
.valueLength(3 * MAX_ARG_SIZE + 1)
.run();
} finally {
LingeredApp.stopApp(app);
}
}
private static Test test(LingeredApp app) {
return new Test(app);
}
// For simplicity, the test uses internal HotSpotVirtualMachine,
// sets/gets "HeapDumpPath" flag value (string flag, not validated by JVM).
private static class Test {
private LingeredApp app;
private String flagName = "HeapDumpPath";
private String flagValue = generateValue(5);
private boolean setFlagMustSucceed = false;
Test(LingeredApp app) {
this.app = app;
}
Test valueLength(int len) {
flagValue = generateValue(len);
return this;
}
Test mustSucceed() {
setFlagMustSucceed = true;
return this;
}
void run() throws Exception {
System.out.println("======== Start ========");
System.out.println("Arg size = " + flagValue.length());
HotSpotVirtualMachine vm = (HotSpotVirtualMachine)VirtualMachine.attach(String.valueOf(app.getPid()));
if (setFlag(vm)) {
String actualValue = getFlag(vm);
if (!flagValue.equals(actualValue)) {
String msg = "Actual value is different: ";
if (actualValue == null) {
msg += "null";
} else if (flagValue.startsWith(actualValue)) {
msg += "truncated from " + flagValue.length() + " to " + actualValue.length();
} else {
msg += actualValue + ", expected value: " + flagValue;
}
System.out.println(msg);
vm.detach();
throw new RuntimeException(msg);
} else {
System.out.println("Actual value matches: " + actualValue);
}
}
vm.detach();
System.out.println("======== End ========");
System.out.println();
}
// Sets the flag value, return true on success.
private boolean setFlag(HotSpotVirtualMachine vm) throws Exception {
BufferedReader replyReader = null;
try {
replyReader = new BufferedReader(new InputStreamReader(
vm.setFlag(flagName, flagValue)));
} catch (IOException ex) {
if (setFlagMustSucceed) {
throw ex;
}
System.out.println("OK: setFlag() thrown exception:");
ex.printStackTrace(System.out);
return false;
}
String line;
while ((line = replyReader.readLine()) != null) {
System.out.println("setFlag: " + line);
}
replyReader.close();
return true;
}
private String getFlag(HotSpotVirtualMachine vm) throws Exception {
// Then read and make sure we get back the same value.
BufferedReader replyReader = new BufferedReader(new InputStreamReader(vm.printFlag(flagName)));
String prefix = "-XX:" + flagName + "=";
String value = null;
String line;
while((line = replyReader.readLine()) != null) {
System.out.println("getFlag: " + line);
if (line.startsWith(prefix)) {
value = line.substring(prefix.length());
}
}
return value;
}
private String generateValue(int len) {
return "X" + "A".repeat(len - 2) + "X";
}
}
}