changeset 436:7fe7aa39b5dc

6952603: NetworkInterface reveals local network address to untrusted code Reviewed-by: chegar
author michaelm
date Mon, 26 Jul 2010 10:40:22 +0100
parents 1f9e4b58a1f9
children 3f8ebe7db6e0
files src/share/classes/java/net/NetworkInterface.java
diffstat 1 files changed, 8 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/net/NetworkInterface.java	Thu Jul 01 11:17:31 2010 +0400
+++ b/src/share/classes/java/net/NetworkInterface.java	Mon Jul 26 10:40:22 2010 +0100
@@ -393,6 +393,10 @@
      * @since 1.6
      */
     public byte[] getHardwareAddress() throws SocketException {
+        if (!getInetAddresses().hasMoreElements()) {
+            // don't have connect permission to any local address
+            return null;
+        }
         for (InetAddress addr : addrs) {
             if (addr instanceof Inet4Address) {
                 return getMacAddr0(((Inet4Address)addr).getAddress(), name, index);
@@ -509,11 +513,10 @@
     }
 
     public int hashCode() {
-        int count = 0;
-        if (addrs != null) {
-            for (int i = 0; i < addrs.length; i++) {
-                count += addrs[i].hashCode();
-            }
+        int count = name == null? 0: name.hashCode();
+        Enumeration<InetAddress> addrs = getInetAddresses();
+        while (addrs.hasMoreElements()) {
+            count += addrs.nextElement().hashCode();
         }
         return count;
     }