changeset 7822:493f8eace980

Merge
author asaha
date Tue, 28 Oct 2014 13:25:01 -0700
parents 3265941b1b6c 535df8cdec4a
children 1c785101c881
files .hgtags src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java src/share/classes/sun/security/ssl/Handshaker.java src/share/classes/sun/util/resources/TimeZoneNames_de.java src/share/classes/sun/util/resources/TimeZoneNames_es.java src/share/classes/sun/util/resources/TimeZoneNames_sv.java test/ProblemList.txt
diffstat 33 files changed, 449 insertions(+), 167 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Wed Oct 15 10:06:55 2014 -0700
+++ b/.hgtags	Tue Oct 28 13:25:01 2014 -0700
@@ -456,11 +456,19 @@
 7f7430459adfe7b7fb65da8c3fac2ac5e3495ea1 jdk7u65-b18
 ba6cef21c369076be97dd8133fd4a158cd486bd8 jdk7u65-b19
 c3a56021fc22f886106f123d4f25b385ac6b79d7 jdk7u65-b32
+efc8886310cbccb941f826acfad2ad51a2891be5 jdk7u80-b00
+bc7f9d966c1df3748ef9c148eab25976cd065963 jdk7u80-b01
+2590a9c18fdba19086712bb91a28352e9239a2be jdk7u80-b02
 8b9d926bd35adceb99f244b7b068fedb0f220f03 jdk7u65-b20
 5cf343beab2ce73d299d4f1a8f3b95892f9fd818 jdk7u67-b01
 ba6cef21c369076be97dd8133fd4a158cd486bd8 jdk7u65-b40
 7b47a34063e94e1ab5636b11231d33fae92754c9 jdk7u65-b31
 4cb63f8ca9ee8c60d6f3d0051b69acc8392bd8de jdk7u65-b33
+5cf343beab2ce73d299d4f1a8f3b95892f9fd818 jdk7u67-b01
+388d34a2e45c2660e7ede2a9d80949b14b5d8df9 jdk7u67-b31
+de2b809bb95904bfd5c2ad47cf0f41c97abd5750 jdk7u67-b32
+193d852a6dce1aaf47f1e6960e1c83936bd0e0a4 jdk7u67-b33
+d425e2aa1a6bcdf909c9ac7f690f3e87dcf6e3f6 jdk7u67-b34
 9ccfe70cee626ac7831cfa7b7a7eb7a88fe1cd42 jdk7u66-b00
 fc87b55d62fc1e81aaf61ff21175129b8ccc302e jdk7u66-b01
 c67e394e49429565540f04c5c2a5544f750658bb jdk7u66-b09
@@ -502,6 +510,21 @@
 13ed37084621a8af551ec46650c07ea96f1a22ba jdk7u72-b13
 f4cf053f2ed3df23b756dd182061876ac9774bc5 jdk7u72-b14
 6ef59d24666e8af5428706fc32295a5d088a48c9 jdk7u72-b30
+550c9196d41b566e01f2d164a1b5e0aba9871f5e jdk7u72-b31
+87f9570ca734714f981d4a47477dcc6c80a7d324 jdk7u75-b00
+0fefa48e670a31015be985ba74e35841d0cc66c1 jdk7u75-b01
+e885a036cc5dc0f8fa07dc0a5f55647f819f3fc5 jdk7u75-b02
+4b81833e1c004460c78208c2529775a05f3abf80 jdk7u75-b03
+1964c973dcc1ddb30115b7c7b6183548b3adcdf5 jdk7u75-b04
+ec3e1e179298a41bc6b77a170e2da66efb0bae3b jdk7u75-b05
+e9596c6470c944ff19c5198cfeb7fd979aad9120 jdk7u75-b06
+0666a58a7e584380c1b1dadb50ec67400110a9ab jdk7u76-b00
+182b3e8a732d6b0d21bd7d602361e5276f14b886 jdk7u76-b01
+3c743031578a431ccc1e27691b1958355d02caec jdk7u76-b02
+5e3a73518863851da31129b815a142ad34a3d376 jdk7u76-b03
+50322d45a16bd3f50a050f858495a586395e6095 jdk7u76-b04
+e41867e626749cf34019f9e45493cf049acbcec4 jdk7u76-b05
+7ca26abf06dd8e11c6d7f6ad724b8d5abc3c709d jdk7u76-b06
 efc8886310cbccb941f826acfad2ad51a2891be5 jdk7u80-b00
 bc7f9d966c1df3748ef9c148eab25976cd065963 jdk7u80-b01
 2590a9c18fdba19086712bb91a28352e9239a2be jdk7u80-b02
--- a/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java	Tue Oct 28 13:25:01 2014 -0700
@@ -1067,16 +1067,9 @@
 
             directories.clear();
 
-            File[] baseFolders;
-            if (useShellFolder) {
-                baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
-                    public File[] run() {
-                        return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
-                    }
-                });
-            } else {
-                baseFolders = fsv.getRoots();
-            }
+            File[] baseFolders = (useShellFolder)
+                    ? (File[]) ShellFolder.get("fileChooserComboBoxFolders")
+                    : fsv.getRoots();
             directories.addAll(Arrays.asList(baseFolders));
 
             // Get the canonical (full) path. This has the side
--- a/src/share/classes/com/sun/jndi/ldap/BerDecoder.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/com/sun/jndi/ldap/BerDecoder.java	Tue Oct 28 13:25:01 2014 -0700
@@ -95,6 +95,9 @@
             for( int i = 0; i < lengthbyte; i++) {
                 retval = (retval << 8) + (buf[offset++] & 0xff);
             }
+            if (retval < 0) {
+                throw new DecodeException("Invalid length bytes");
+            }
             return retval;
         } else {
             return lengthbyte;
--- a/src/share/classes/java/net/MulticastSocket.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/java/net/MulticastSocket.java	Tue Oct 28 13:25:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -565,7 +565,7 @@
     public NetworkInterface getNetworkInterface() throws SocketException {
         NetworkInterface ni
             = (NetworkInterface)getImpl().getOption(SocketOptions.IP_MULTICAST_IF2);
-        if (ni.getIndex() == 0) {
+        if ((ni.getIndex() == 0) || (ni.getIndex() == -1)) {
             InetAddress[] addrs = new InetAddress[1];
             addrs[0] = InetAddress.anyLocalAddress();
             return new NetworkInterface(addrs[0].getHostName(), 0, addrs);
--- a/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java	Tue Oct 28 13:25:01 2014 -0700
@@ -941,16 +941,9 @@
 
             directories.clear();
 
-            File[] baseFolders;
-            if (useShellFolder) {
-                baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
-                    public File[] run() {
-                        return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
-                    }
-                });
-            } else {
-                baseFolders = fsv.getRoots();
-            }
+            File[] baseFolders = (useShellFolder)
+                    ? (File[]) ShellFolder.get("fileChooserComboBoxFolders")
+                    : fsv.getRoots();
             directories.addAll(Arrays.asList(baseFolders));
 
             // Get the canonical (full) path. This has the side
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Tue Oct 28 13:25:01 2014 -0700
@@ -315,6 +315,7 @@
     /* try auth without calling Authenticator. Used for transparent NTLM authentication */
     private boolean tryTransparentNTLMServer = true;
     private boolean tryTransparentNTLMProxy = true;
+    private boolean useProxyResponseCode = false;
 
     /* Used by Windows specific code */
     private Object authObj;
@@ -2032,6 +2033,14 @@
                         if (tryTransparentNTLMProxy) {
                             tryTransparentNTLMProxy =
                                     NTLMAuthenticationProxy.proxy.supportsTransparentAuth;
+                            /* If the platform supports transparent authentication
+                             * then normally it's ok to do transparent auth to a proxy
+                                         * because we generally trust proxies (chosen by the user)
+                                         * But not in the case of 305 response where the server
+                             * chose it. */
+                            if (tryTransparentNTLMProxy && useProxyResponseCode) {
+                                tryTransparentNTLMProxy = false;
+                            }
                         }
                         a = null;
                         if (tryTransparentNTLMProxy) {
@@ -2364,6 +2373,10 @@
             requests.set(0, method + " " + getRequestURI()+" "  +
                              httpVersion, null);
             connected = true;
+            // need to remember this in case NTLM proxy authentication gets
+            // used. We can't use transparent authentication when user
+            // doesn't know about proxy.
+            useProxyResponseCode = true;
         } else {
             // maintain previous headers, just change the name
             // of the file we're getting
--- a/src/share/classes/sun/rmi/transport/Transport.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/rmi/transport/Transport.java	Tue Oct 28 13:25:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,10 @@
 import java.rmi.server.RemoteServer;
 import java.rmi.server.ServerNotActiveException;
 import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permissions;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
 import sun.rmi.runtime.Log;
 import sun.rmi.server.Dispatcher;
 import sun.rmi.server.UnicastServerRef;
@@ -67,6 +71,15 @@
     /** ObjID for DGCImpl */
     private static final ObjID dgcID = new ObjID(ObjID.DGC_ID);
 
+    /** AccessControlContext for setting context ClassLoader */
+    private static final AccessControlContext SETCCL_ACC;
+    static {
+        Permissions perms = new Permissions();
+        perms.add(new RuntimePermission("setContextClassLoader"));
+        ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+        SETCCL_ACC = new AccessControlContext(pd);
+    }
+
     /**
      * Returns a <I>Channel</I> that generates connections to the
      * endpoint <I>ep</I>. A Channel is an object that creates and
@@ -116,6 +129,19 @@
     protected abstract void checkAcceptPermission(AccessControlContext acc);
 
     /**
+     * Sets the context class loader for the current thread.
+     */
+    private static void setContextClassLoader(final ClassLoader ccl) {
+        AccessController.doPrivileged(new PrivilegedAction<Void> () {
+                @Override
+                public Void run() {
+                    Thread.currentThread().setContextClassLoader(ccl);
+                    return null;
+                }
+            }, SETCCL_ACC);
+    }
+
+    /**
      * Service an incoming remote call. When a message arrives on the
      * connection indicating the beginning of a remote call, the
      * threads are required to call the <I>serviceCall</I> method of
@@ -163,11 +189,10 @@
                     target.getAccessControlContext();
                 ClassLoader ccl = target.getContextClassLoader();
 
-                Thread t = Thread.currentThread();
-                ClassLoader savedCcl = t.getContextClassLoader();
+                ClassLoader savedCcl = Thread.currentThread().getContextClassLoader();
 
                 try {
-                    t.setContextClassLoader(ccl);
+                    setContextClassLoader(ccl);
                     currentTransport.set(this);
                     try {
                         java.security.AccessController.doPrivileged(
@@ -182,7 +207,7 @@
                         throw (IOException) pae.getException();
                     }
                 } finally {
-                    t.setContextClassLoader(savedCcl);
+                    setContextClassLoader(savedCcl);
                     currentTransport.set(null);
                 }
 
--- a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java	Tue Oct 28 13:25:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,9 @@
 import java.rmi.server.UID;
 import java.security.AccessControlContext;
 import java.security.AccessController;
+import java.security.Permissions;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
 import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
@@ -122,6 +125,14 @@
     private static final ThreadLocal<ConnectionHandler>
         threadConnectionHandler = new ThreadLocal<>();
 
+    /** an AccessControlContext with no permissions */
+    private static final AccessControlContext NOPERMS_ACC;
+    static {
+        Permissions perms = new Permissions();
+        ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+        NOPERMS_ACC = new AccessControlContext(pd);
+    }
+
     /** endpoints for this transport */
     private final LinkedList<TCPEndpoint> epList;
     /** number of objects exported on this transport */
@@ -661,16 +672,22 @@
         }
 
         public void run() {
-            Thread t = Thread.currentThread();
-            String name = t.getName();
-            try {
-                t.setName("RMI TCP Connection(" +
-                          connectionCount.incrementAndGet() +
-                          ")-" + remoteHost);
-                run0();
-            } finally {
-                t.setName(name);
-            }
+            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                    @Override
+                    public Void run() {
+                        Thread t = Thread.currentThread();
+                        String name = t.getName();
+                        try {
+                            t.setName("RMI TCP Connection(" +
+                                      connectionCount.incrementAndGet() +
+                                      ")-" + remoteHost);
+                            run0();
+                        } finally {
+                            t.setName(name);
+                        }
+                        return null;
+                    }
+                }, NOPERMS_ACC);
         }
 
         private void run0() {
--- a/src/share/classes/sun/security/jgss/GSSHeader.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/jgss/GSSHeader.java	Tue Oct 28 13:25:01 2014 -0700
@@ -270,6 +270,9 @@
                 value <<= 8;
                 value += 0x0ff & in.read();
             }
+            if (value < 0) {
+                throw new IOException("Invalid length bytes");
+            }
         }
         return value;
     }
--- a/src/share/classes/sun/security/jgss/GSSNameImpl.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/jgss/GSSNameImpl.java	Tue Oct 28 13:25:01 2014 -0700
@@ -257,6 +257,10 @@
                               ((0xFF & bytes[pos++]) << 16) |
                               ((0xFF & bytes[pos++]) << 8) |
                               (0xFF & bytes[pos++]));
+        if (mechPortionLen < 0 || pos > bytes.length - mechPortionLen) {
+             throw new GSSExceptionImpl(GSSException.BAD_NAME,
+                     "Exported name mech name is corrupted!");
+         }
         byte[] mechPortion = new byte[mechPortionLen];
         System.arraycopy(bytes, pos, mechPortion, 0, mechPortionLen);
 
--- a/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Tue Oct 28 13:25:01 2014 -0700
@@ -233,6 +233,9 @@
                               ((0xFF & nameVal[pos++]) << 16) |
                               ((0xFF & nameVal[pos++]) << 8) |
                               (0xFF & nameVal[pos++]));
+        if (mechPortionLen < 0) {
+            throw new GSSException(GSSException.BAD_NAME);
+        }
         byte[] mechPortion = new byte[mechPortionLen];
         System.arraycopy(nameVal, pos, mechPortion, 0, mechPortionLen);
         return mechPortion;
--- a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java	Tue Oct 28 13:25:01 2014 -0700
@@ -123,7 +123,7 @@
         } else {
             type = read(4);
         }
-        length = read(4);
+        length = readLength4();
         String[] result = new String[length + 1];
         /*
          * DCE includes the principal's realm in the count; the new format
@@ -132,7 +132,7 @@
         if (version == KRB5_FCC_FVNO_1)
             length--;
         for (int i = 0; i <= length; i++) {
-            namelength = read(4);
+            namelength = readLength4();
             if (namelength > MAXNAMELENGTH) {
                 throw new IOException("Invalid name length in principal name.");
             }
@@ -182,7 +182,7 @@
         keyType = read(2);
         if (version == KRB5_FCC_FVNO_3)
             read(2); /* keytype recorded twice in fvno 3 */
-        keyLen = read(4);
+        keyLen = readLength4();
         byte[] bytes = new byte[keyLen];
         for (int i = 0; i < keyLen; i++) {
             bytes[i] = (byte)read();
@@ -208,12 +208,12 @@
 
     HostAddress[] readAddr() throws IOException, KrbApErrException {
         int numAddrs, addrType, addrLength;
-        numAddrs = read(4);
+        numAddrs = readLength4();
         if (numAddrs > 0) {
             HostAddress[] addrs = new HostAddress[numAddrs];
             for (int i = 0; i < numAddrs; i++) {
                 addrType = read(2);
-                addrLength = read(4);
+                addrLength = readLength4();
                 if (!(addrLength == 4 || addrLength == 16)) {
                     if (DEBUG) {
                         System.out.println("Incorrect address format.");
@@ -232,13 +232,13 @@
 
     AuthorizationDataEntry[] readAuth() throws IOException {
         int num, adtype, adlength;
-        num = read(4);
+        num = readLength4();
         if (num > 0) {
             AuthorizationDataEntry[] auData = new AuthorizationDataEntry[num];
             byte[] data = null;
             for (int i = 0; i < num; i++) {
                 adtype = read(2);
-                adlength = read(4);
+                adlength = readLength4();
                 data = new byte[adlength];
                 for (int j = 0; j < adlength; j++) {
                     data[j] = (byte)read();
@@ -252,7 +252,7 @@
 
     byte[] readData() throws IOException {
         int length;
-        length = read(4);
+        length = readLength4();
         if (length == 0) {
             return null;
         } else {
--- a/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java	Tue Oct 28 13:25:01 2014 -0700
@@ -154,44 +154,44 @@
         throws IOException, KrbException {
         primaryPrincipal = principal;
         primaryRealm = principal.getRealm();
-        CCacheOutputStream cos =
-            new CCacheOutputStream(new FileOutputStream(name));
-        version = KRB5_FCC_FVNO_3;
-        cos.writeHeader(primaryPrincipal, version);
-        cos.close();
+        try (FileOutputStream fos = new FileOutputStream(name);
+             CCacheOutputStream cos = new CCacheOutputStream(fos)) {
+            version = KRB5_FCC_FVNO_3;
+            cos.writeHeader(primaryPrincipal, version);
+        }
         load(name);
     }
 
     synchronized void load(String name) throws IOException, KrbException {
         PrincipalName p;
-        CCacheInputStream cis =
-            new CCacheInputStream(new FileInputStream(name));
-        version = cis.readVersion();
-        if (version == KRB5_FCC_FVNO_4) {
-            tag = cis.readTag();
-        } else {
-            tag = null;
-            if (version == KRB5_FCC_FVNO_1 || version == KRB5_FCC_FVNO_2) {
-                cis.setNativeByteOrder();
+        try (FileInputStream fis = new FileInputStream(name);
+             CCacheInputStream cis = new CCacheInputStream(fis)) {
+            version = cis.readVersion();
+            if (version == KRB5_FCC_FVNO_4) {
+                tag = cis.readTag();
+            } else {
+                tag = null;
+                if (version == KRB5_FCC_FVNO_1 || version == KRB5_FCC_FVNO_2) {
+                    cis.setNativeByteOrder();
+                }
+            }
+            p = cis.readPrincipal(version);
+
+            if (primaryPrincipal != null) {
+                if (!(primaryPrincipal.match(p))) {
+                    throw new IOException("Primary principals don't match.");
+                }
+            } else
+                primaryPrincipal = p;
+            primaryRealm = primaryPrincipal.getRealm();
+            credentialsList = new Vector<Credentials>();
+            while (cis.available() > 0) {
+                Credentials cred = cis.readCred(version);
+                if (cred != null) {
+                    credentialsList.addElement(cred);
+                }
             }
         }
-        p = cis.readPrincipal(version);
-
-        if (primaryPrincipal != null) {
-            if (!(primaryPrincipal.match(p))) {
-                throw new IOException("Primary principals don't match.");
-            }
-        } else
-            primaryPrincipal = p;
-        primaryRealm = primaryPrincipal.getRealm();
-        credentialsList = new Vector<Credentials> ();
-        while (cis.available() > 0) {
-            Credentials cred = cis.readCred(version);
-            if (cred != null) {
-                credentialsList.addElement(cred);
-            }
-        }
-        cis.close();
     }
 
 
@@ -250,16 +250,16 @@
      * Saves the credentials cache file to the disk.
      */
     public synchronized void save() throws IOException, Asn1Exception {
-        CCacheOutputStream cos
-            = new CCacheOutputStream(new FileOutputStream(cacheName));
-        cos.writeHeader(primaryPrincipal, version);
-        Credentials[] tmp = null;
-        if ((tmp = getCredsList()) != null) {
-            for (int i = 0; i < tmp.length; i++) {
-                cos.addCreds(tmp[i]);
+        try (FileOutputStream fos = new FileOutputStream(cacheName);
+             CCacheOutputStream cos = new CCacheOutputStream(fos)) {
+            cos.writeHeader(primaryPrincipal, version);
+            Credentials[] tmp = null;
+            if ((tmp = getCredsList()) != null) {
+                for (int i = 0; i < tmp.length; i++) {
+                    cos.addCreds(tmp[i]);
+                }
             }
         }
-        cos.close();
     }
 
     boolean match(String[] s1, String[] s2) {
--- a/src/share/classes/sun/security/krb5/internal/util/KrbDataInputStream.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/krb5/internal/util/KrbDataInputStream.java	Tue Oct 28 13:25:01 2014 -0700
@@ -56,15 +56,33 @@
     public KrbDataInputStream(InputStream is){
         super(is);
     }
+
+    /**
+     * Reads a length value which is represented in 4 bytes from
+     * this input stream. The value must be positive.
+     * @return the length value represented by this byte array.
+     * @throws IOException if there are not enough bytes or it represents
+     * a negative value
+     */
+    final public int readLength4() throws IOException {
+        int len = read(4);
+        if (len < 0) {
+            throw new IOException("Invalid encoding");
+        }
+        return len;
+    }
+
     /**
      * Reads up to the specific number of bytes from this input stream.
      * @param num the number of bytes to be read.
      * @return the int value of this byte array.
-     * @exception IOException.
+     * @throws IOException if there are not enough bytes
      */
-    public int read(int num) throws IOException{
+    public int read(int num) throws IOException {
         byte[] bytes = new byte[num];
-        read(bytes, 0, num);
+        if (read(bytes, 0, num) != num) {
+            throw new IOException("Premature end of stream reached");
+        }
         int result = 0;
         for (int i = 0; i < num; i++) {
             if (bigEndian) {
--- a/src/share/classes/sun/security/smartcardio/CardImpl.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/smartcardio/CardImpl.java	Tue Oct 28 13:25:01 2014 -0700
@@ -262,9 +262,6 @@
                     "sun.security.smartcardio.invertCardReset", "true")));
 
     public void disconnect(boolean reset) throws CardException {
-        if (invertReset) {
-            reset = !reset;
-        }
         if (reset) {
             checkSecurity("reset");
         }
@@ -272,6 +269,10 @@
             return;
         }
         checkExclusive();
+        // to preserve old behaviour, don't change flag until here
+        if (invertReset) {
+            reset = !reset;
+        }
         try {
             SCardDisconnect(cardId, (reset ? SCARD_RESET_CARD : SCARD_LEAVE_CARD));
         } catch (PCSCException e) {
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java	Tue Oct 28 13:25:01 2014 -0700
@@ -342,6 +342,13 @@
             break;
 
         case HandshakeMessage.ht_finished:
+            // A ChangeCipherSpec record must have been received prior to
+            // reception of the Finished message (RFC 5246, 7.4.9).
+            if (!receivedChangeCipherSpec()) {
+                fatalSE(Alerts.alert_handshake_failure,
+                        "Received Finished message before ChangeCipherSpec");
+            }
+
             this.serverFinished(
                 new Finished(protocolVersion, input, cipherSuite));
             break;
--- a/src/share/classes/sun/security/ssl/Handshaker.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/ssl/Handshaker.java	Tue Oct 28 13:25:01 2014 -0700
@@ -65,27 +65,27 @@
     ProtocolVersion protocolVersion;
 
     // the currently active protocol version during a renegotiation
-    ProtocolVersion     activeProtocolVersion;
+    ProtocolVersion activeProtocolVersion;
 
     // security parameters for secure renegotiation.
-    boolean             secureRenegotiation;
-    byte[]              clientVerifyData;
-    byte[]              serverVerifyData;
+    boolean secureRenegotiation;
+    byte[] clientVerifyData;
+    byte[] serverVerifyData;
 
     // Is it an initial negotiation  or a renegotiation?
-    boolean                     isInitialHandshake;
+    boolean isInitialHandshake;
 
     // List of enabled protocols
-    private ProtocolList        enabledProtocols;
+    private ProtocolList enabledProtocols;
 
     // List of enabled CipherSuites
-    private CipherSuiteList     enabledCipherSuites;
+    private CipherSuiteList enabledCipherSuites;
 
     // The endpoint identification protocol
-    String              identificationProtocol;
+    String identificationProtocol;
 
     // The cryptographic algorithm constraints
-    private AlgorithmConstraints    algorithmConstraints = null;
+    private AlgorithmConstraints algorithmConstraints = null;
 
     // Local supported signature and algorithms
     Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
@@ -94,15 +94,13 @@
     Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs;
 
     /*
-
-    /*
      * List of active protocols
      *
      * Active protocols is a subset of enabled protocols, and will
      * contain only those protocols that have vaild cipher suites
      * enabled.
      */
-    private ProtocolList       activeProtocols;
+    private ProtocolList activeProtocols;
 
     /*
      * List of active cipher suites
@@ -110,33 +108,37 @@
      * Active cipher suites is a subset of enabled cipher suites, and will
      * contain only those cipher suites available for the active protocols.
      */
-    private CipherSuiteList    activeCipherSuites;
+    private CipherSuiteList activeCipherSuites;
 
-    private boolean             isClient;
-    private boolean             needCertVerify;
+    private boolean isClient;
+    private boolean needCertVerify;
 
-    SSLSocketImpl               conn = null;
-    SSLEngineImpl               engine = null;
+    SSLSocketImpl conn = null;
+    SSLEngineImpl engine = null;
 
-    HandshakeHash               handshakeHash;
-    HandshakeInStream           input;
-    HandshakeOutStream          output;
-    int                         state;
-    SSLContextImpl              sslContext;
-    RandomCookie                clnt_random, svr_random;
-    SSLSessionImpl              session;
+    HandshakeHash handshakeHash;
+    HandshakeInStream input;
+    HandshakeOutStream output;
+    int state;
+    SSLContextImpl sslContext;
+    RandomCookie clnt_random, svr_random;
+    SSLSessionImpl session;
 
     // current CipherSuite. Never null, initially SSL_NULL_WITH_NULL_NULL
-    CipherSuite         cipherSuite;
+    CipherSuite cipherSuite;
 
     // current key exchange. Never null, initially K_NULL
-    KeyExchange         keyExchange;
+    KeyExchange keyExchange;
 
-    /* True if this session is being resumed (fast handshake) */
-    boolean             resumingSession;
+    // True if this session is being resumed (fast handshake)
+    boolean resumingSession;
 
-    /* True if it's OK to start a new SSL session */
-    boolean             enableNewSession;
+    // True if it's OK to start a new SSL session
+    boolean enableNewSession;
+
+    // True if session keys have been calculated and the caller may receive
+    // and process a ChangeCipherSpec message
+    private boolean sessKeysCalculated;
 
     // Temporary storage for the individual keys. Set by
     // calculateConnectionKeys() and cleared once the ciphers are
@@ -161,7 +163,7 @@
     // here instead of using this lock.  Consider changing.
     private Object thrownLock = new Object();
 
-    /* Class and subclass dynamic debugging support */
+    // Class and subclass dynamic debugging support
     static final Debug debug = Debug.getInstance("ssl");
 
     // By default, disable the unsafe legacy session renegotiation
@@ -228,6 +230,7 @@
         this.serverVerifyData = serverVerifyData;
         enableNewSession = true;
         invalidated = false;
+        sessKeysCalculated = false;
 
         setCipherSuite(CipherSuite.C_NULL);
         setEnabledProtocols(enabledProtocols);
@@ -348,6 +351,14 @@
         }
     }
 
+    final boolean receivedChangeCipherSpec() {
+        if (conn != null) {
+            return conn.receivedChangeCipherSpec();
+        } else {
+            return engine.receivedChangeCipherSpec();
+        }
+    }
+
     String getEndpointIdentificationAlgorithmSE() {
         SSLParameters paras;
         if (conn != null) {
@@ -1152,6 +1163,10 @@
             throw new ProviderException(e);
         }
 
+        // Mark a flag that allows outside entities (like SSLSocket/SSLEngine)
+        // determine if a ChangeCipherSpec message could be processed.
+        sessKeysCalculated = true;
+
         //
         // Dump the connection keys as they're generated.
         //
@@ -1202,6 +1217,15 @@
         }
     }
 
+    /**
+     * Return whether or not the Handshaker has derived session keys for
+     * this handshake.  This is used for determining readiness to process
+     * an incoming ChangeCipherSpec message.
+     */
+    boolean sessionKeysCalculated() {
+        return sessKeysCalculated;
+    }
+
     private static void printHex(HexDumpEncoder dump, byte[] bytes) {
         if (bytes == null) {
             System.out.println("(key bytes not available)");
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java	Tue Oct 28 13:25:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -215,6 +215,11 @@
     static final byte           clauth_required = 2;
 
     /*
+     * Flag indicating that the engine has received a ChangeCipherSpec message.
+     */
+    private boolean             receivedCCS;
+
+    /*
      * Flag indicating if the next record we receive MUST be a Finished
      * message. Temporarily set during the handshake to ensure that
      * a change cipher spec message is followed by a finished message.
@@ -363,6 +368,7 @@
          */
         roleIsServer = true;
         connectionState = cs_START;
+        receivedCCS = false;
 
         /*
          * default read and write side cipher and MAC support
@@ -1006,6 +1012,7 @@
 
                     if (handshaker.invalidated) {
                         handshaker = null;
+                        receivedCCS = false;
                         // if state is cs_RENEGOTIATE, revert it to cs_DATA
                         if (connectionState == cs_RENEGOTIATE) {
                             connectionState = cs_DATA;
@@ -1024,6 +1031,7 @@
                         }
                         handshaker = null;
                         connectionState = cs_DATA;
+                        receivedCCS = false;
 
                         // No handshakeListeners here.  That's a
                         // SSLSocket thing.
@@ -1063,13 +1071,25 @@
                 case Record.ct_change_cipher_spec:
                     if ((connectionState != cs_HANDSHAKE
                                 && connectionState != cs_RENEGOTIATE)
-                            || inputRecord.available() != 1
+                            || !handshaker.sessionKeysCalculated()
+                            || receivedCCS) {
+                        // For the CCS message arriving in the wrong state
+                        fatal(Alerts.alert_unexpected_message,
+                                "illegal change cipher spec msg, conn state = "
+                                + connectionState + ", handshake state = "
+                                + handshaker.state);
+                    } else if (inputRecord.available() != 1
                             || inputRecord.read() != 1) {
+                        // For structural/content issues with the CCS
                         fatal(Alerts.alert_unexpected_message,
-                            "illegal change cipher spec msg, state = "
-                            + connectionState);
+                                "Malformed change cipher spec msg");
                     }
 
+                    // Once we've received CCS, update the flag.
+                    // If the remote endpoint sends it again in this handshake
+                    // we won't process it.
+                    receivedCCS = true;
+
                     //
                     // The first message after a change_cipher_spec
                     // record MUST be a "Finished" handshake record,
@@ -2065,6 +2085,14 @@
         return Thread.currentThread().getName();
     }
 
+    /*
+     * Returns a boolean indicating whether the ChangeCipherSpec message
+     * has been received for this handshake.
+     */
+    boolean receivedChangeCipherSpec() {
+        return receivedCCS;
+    }
+
     /**
      * Returns a printable representation of this end of the connection.
      */
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Tue Oct 28 13:25:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -175,6 +175,12 @@
     private volatile int        connectionState;
 
     /*
+     * Flag indicating that the engine's handshaker has done the necessary
+     * steps so the engine may process a ChangeCipherSpec message.
+     */
+    private boolean             receivedCCS;
+
+    /*
      * Flag indicating if the next record we receive MUST be a Finished
      * message. Temporarily set during the handshake to ensure that
      * a change cipher spec message is followed by a finished message.
@@ -557,6 +563,7 @@
          */
         roleIsServer = isServer;
         connectionState = cs_START;
+        receivedCCS = false;
 
         /*
          * default read and write side cipher and MAC support
@@ -1018,6 +1025,7 @@
 
                     if (handshaker.invalidated) {
                         handshaker = null;
+                        receivedCCS = false;
                         // if state is cs_RENEGOTIATE, revert it to cs_DATA
                         if (connectionState == cs_RENEGOTIATE) {
                             connectionState = cs_DATA;
@@ -1033,6 +1041,7 @@
                         handshakeSession = null;
                         handshaker = null;
                         connectionState = cs_DATA;
+                        receivedCCS = false;
 
                         //
                         // Tell folk about handshake completion, but do
@@ -1080,13 +1089,24 @@
                 case Record.ct_change_cipher_spec:
                     if ((connectionState != cs_HANDSHAKE
                                 && connectionState != cs_RENEGOTIATE)
-                            || r.available() != 1
-                            || r.read() != 1) {
+                            || !handshaker.sessionKeysCalculated()
+                            || receivedCCS) {
+                        // For the CCS message arriving in the wrong state
                         fatal(Alerts.alert_unexpected_message,
-                            "illegal change cipher spec msg, state = "
-                            + connectionState);
+                                "illegal change cipher spec msg, conn state = "
+                                + connectionState + ", handshake state = "
+                                + handshaker.state);
+                    } else if (r.available() != 1 || r.read() != 1) {
+                        // For structural/content issues with the CCS
+                        fatal(Alerts.alert_unexpected_message,
+                                "Malformed change cipher spec msg");
                     }
 
+                    // Once we've received CCS, update the flag.
+                    // If the remote endpoint sends it again in this handshake
+                    // we won't process it.
+                    receivedCCS = true;
+
                     //
                     // The first message after a change_cipher_spec
                     // record MUST be a "Finished" handshake record,
@@ -2478,6 +2498,14 @@
         }
     }
 
+    /*
+     * Returns a boolean indicating whether the ChangeCipherSpec message
+     * has been received for this handshake.
+     */
+    boolean receivedChangeCipherSpec() {
+        return receivedCCS;
+    }
+
     //
     // We allocate a separate thread to deliver handshake completion
     // events.  This ensures that the notifications don't block the
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java	Tue Oct 28 13:25:01 2014 -0700
@@ -240,6 +240,13 @@
                 break;
 
             case HandshakeMessage.ht_finished:
+                // A ChangeCipherSpec record must have been received prior to
+                // reception of the Finished message (RFC 5246, 7.4.9).
+                if (!receivedChangeCipherSpec()) {
+                    fatalSE(Alerts.alert_handshake_failure,
+                        "Received Finished message before ChangeCipherSpec");
+                }
+
                 this.clientFinished(
                     new Finished(protocolVersion, input, cipherSuite));
                 break;
--- a/src/share/classes/sun/security/util/DerIndefLenConverter.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/util/DerIndefLenConverter.java	Tue Oct 28 13:25:01 2014 -0700
@@ -156,12 +156,18 @@
         }
         if (isLongForm(lenByte)) {
             lenByte &= LEN_MASK;
-            if (lenByte > 4)
+            if (lenByte > 4) {
                 throw new IOException("Too much data");
-            if ((dataSize - dataPos) < (lenByte + 1))
+            }
+            if ((dataSize - dataPos) < (lenByte + 1)) {
                 throw new IOException("Too little data");
-            for (int i = 0; i < lenByte; i++)
+            }
+            for (int i = 0; i < lenByte; i++) {
                 curLen = (curLen << 8) + (data[dataPos++] & 0xff);
+            }
+            if (curLen < 0) {
+                throw new IOException("Invalid length bytes");
+            }
         } else {
            curLen = (lenByte & LEN_MASK);
         }
@@ -188,10 +194,15 @@
         }
         if (isLongForm(lenByte)) {
             lenByte &= LEN_MASK;
-            for (int i = 0; i < lenByte; i++)
+            for (int i = 0; i < lenByte; i++) {
                 curLen = (curLen << 8) + (data[dataPos++] & 0xff);
-        } else
+            }
+            if (curLen < 0) {
+                throw new IOException("Invalid length bytes");
+            }
+        } else {
             curLen = (lenByte & LEN_MASK);
+        }
         writeLength(curLen);
         writeValue(curLen);
     }
--- a/src/share/classes/sun/security/util/DerInputStream.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/security/util/DerInputStream.java	Tue Oct 28 13:25:01 2014 -0700
@@ -566,6 +566,10 @@
                 value <<= 8;
                 value += 0x0ff & in.read();
             }
+            if (value < 0) {
+                throw new IOException("DerInputStream.getLength(): "
+                        + "Invalid length bytes");
+            }
         }
         return value;
     }
--- a/src/share/classes/sun/swing/WindowsPlacesBar.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/swing/WindowsPlacesBar.java	Tue Oct 28 13:25:01 2014 -0700
@@ -81,11 +81,7 @@
         setBackground(bgColor);
         FileSystemView fsv = fc.getFileSystemView();
 
-        files = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
-            public File[] run() {
-                return (File[]) ShellFolder.get("fileChooserShortcutPanelFolders");
-            }
-        });
+        files = (File[]) ShellFolder.get("fileChooserShortcutPanelFolders");
 
         buttons = new JToggleButton[files.length];
         buttonGroup = new ButtonGroup();
--- a/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java	Tue Oct 28 13:25:01 2014 -0700
@@ -771,16 +771,9 @@
                 fireIntervalRemoved(this, 0, oldSize);
             }
 
-            File[] baseFolders;
-            if (useShellFolder) {
-                baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
-                    public File[] run() {
-                        return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
-                    }
-                });
-            } else {
-                baseFolders = fsv.getRoots();
-            }
+            File[] baseFolders = (useShellFolder)
+                    ? (File[]) ShellFolder.get("fileChooserComboBoxFolders")
+                    : fsv.getRoots();
             directories.addAll(Arrays.asList(baseFolders));
 
             // Get the canonical (full) path. This has the side
--- a/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/native/sun/font/layout/ContextualSubstSubtables.cpp	Tue Oct 28 13:25:01 2014 -0700
@@ -583,6 +583,8 @@
                 LEReferenceTo<ChainSubClassRuleTable>
                      chainSubClassRuleTable(chainSubClassSetTable, success, chainSubClassRuleTableOffset);
                 le_uint16 backtrackGlyphCount = SWAPW(chainSubClassRuleTable->backtrackGlyphCount);
+                LEReferenceToArrayOf<le_uint16>   backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount);
+                if( LE_FAILURE(success) ) { return 0; }
                 le_uint16 inputGlyphCount = SWAPW(chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount]) - 1;
                 LEReferenceToArrayOf<le_uint16>   inputClassArray(base, success, &chainSubClassRuleTable->backtrackClassArray[backtrackGlyphCount + 1],inputGlyphCount+2); // +2 for the lookaheadGlyphCount count
                 le_uint16 lookaheadGlyphCount = SWAPW(inputClassArray.getObject(inputGlyphCount, success));
@@ -599,8 +601,6 @@
                 }
 
                 tempIterator.prev();
-                LEReferenceToArrayOf<le_uint16>   backtrackClassArray(base, success, chainSubClassRuleTable->backtrackClassArray, backtrackGlyphCount);
-                if( LE_FAILURE(success) ) { return 0; }
                 if (! matchGlyphClasses(backtrackClassArray, backtrackGlyphCount,
                                         &tempIterator, backtrackClassDefinitionTable, success, TRUE)) {
                     continue;
--- a/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/native/sun/font/layout/CursiveAttachmentSubtables.cpp	Tue Oct 28 13:25:01 2014 -0700
@@ -45,6 +45,9 @@
     le_int32  coverageIndex = getGlyphCoverage(base, glyphID, success);
     le_uint16 eeCount       = SWAPW(entryExitCount);
 
+    LEReferenceToArrayOf<EntryExitRecord>
+        entryExitRecordsArrayRef(base, success, entryExitRecords, coverageIndex);
+
     if (coverageIndex < 0 || coverageIndex >= eeCount || LE_FAILURE(success)) {
         glyphIterator->setCursiveGlyph();
         return 0;
--- a/src/share/native/sun/font/layout/Features.cpp	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/native/sun/font/layout/Features.cpp	Tue Oct 28 13:25:01 2014 -0700
@@ -40,6 +40,9 @@
 
 LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const
 {
+    LEReferenceToArrayOf<FeatureRecord>
+        featureRecordArrayRef(base, success, featureRecordArray, featureIndex);
+
   if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) {
     return LEReferenceTo<FeatureTable>();
   }
--- a/src/share/native/sun/font/layout/LETableReference.h	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/native/sun/font/layout/LETableReference.h	Tue Oct 28 13:25:01 2014 -0700
@@ -471,7 +471,12 @@
 #endif
 
   const T& getObject(le_uint32 i, LEErrorCode &success) const {
-    return *getAlias(i,success);
+      const T *ret = getAlias(i, success);
+      if (LE_FAILURE(success) || ret==NULL) {
+          return *(new T(0));
+      } else {
+          return *ret;
+     }
   }
 
   /**
--- a/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/native/sun/font/layout/LigatureSubstSubtables.cpp	Tue Oct 28 13:25:01 2014 -0700
@@ -64,6 +64,9 @@
             LEReferenceTo<LigatureTable>   ligTable(ligSetTable, success, ligTableOffset);
             if(LE_FAILURE(success)) { return 0; }
             le_uint16 compCount = SWAPW(ligTable->compCount) - 1;
+            LEReferenceToArrayOf<TTGlyphID>
+                componentArrayRef(base, success, ligTable->componentArray, compCount);
+            if (LE_FAILURE(success)) { return 0; }
             le_int32 startPosition = glyphIterator->getCurrStreamPosition();
             TTGlyphID ligGlyph = SWAPW(ligTable->ligGlyph);
             le_uint16 comp;
--- a/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/share/native/sun/font/layout/MultipleSubstSubtables.cpp	Tue Oct 28 13:25:01 2014 -0700
@@ -61,6 +61,8 @@
 
     le_int32 coverageIndex = getGlyphCoverage(base, glyph, success);
     le_uint16 seqCount = SWAPW(sequenceCount);
+    LEReferenceToArrayOf<Offset>
+        sequenceTableOffsetArrayRef(base, success, sequenceTableOffsetArray, seqCount);
 
     if (LE_FAILURE(success)) {
         return 0;
--- a/src/solaris/native/java/net/NetworkInterface.c	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/solaris/native/java/net/NetworkInterface.c	Tue Oct 28 13:25:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -530,9 +530,14 @@
     jboolean isCopy;
     int ret = -1;
     int sock;
-    const char* name_utf;
+    const char* name_utf = NULL;
 
-    name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
+    if (name != NULL) {
+        name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
+    } else {
+        JNU_ThrowNullPointerException(env, "network interface name is NULL");
+        return ret;
+    }
 
     if ((sock =openSocketWithFallback(env, name_utf)) < 0) {
        (*env)->ReleaseStringUTFChars(env, name, name_utf);
@@ -555,7 +560,12 @@
     const char* name_utf;
     int flags = 0;
 
-    name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
+    if (name != NULL) {
+        name_utf = (*env)->GetStringUTFChars(env, name, &isCopy);
+    } else {
+        JNU_ThrowNullPointerException(env, "network interface name is NULL");
+        return -1;
+    }
 
     if ((sock = openSocketWithFallback(env, name_utf)) < 0) {
         (*env)->ReleaseStringUTFChars(env, name, name_utf);
@@ -1026,6 +1036,7 @@
  */
 
 #ifdef AF_INET6
+// unused arg ifname and struct if2
 static int openSocketWithFallback(JNIEnv *env, const char *ifname){
     int sock;
     struct ifreq if2;
@@ -1261,9 +1272,14 @@
 
 static int getMTU(JNIEnv *env, int sock,  const char *ifname) {
     struct ifreq if2;
+    memset((char *) &if2, 0, sizeof(if2));
 
-    memset((char *) &if2, 0, sizeof(if2));
-    strcpy(if2.ifr_name, ifname);
+    if (ifname != NULL) {
+        strcpy(if2.ifr_name, ifname);
+    } else {
+        JNU_ThrowNullPointerException(env, "network interface name is NULL");
+        return -1;
+    }
 
     if (ioctl(sock, SIOCGIFMTU, (char *)&if2) < 0) {
         NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException", "IOCTL SIOCGIFMTU failed");
--- a/src/solaris/native/java/net/PlainDatagramSocketImpl.c	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/solaris/native/java/net/PlainDatagramSocketImpl.c	Tue Oct 28 13:25:01 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1625,10 +1625,12 @@
         static jmethodID ni_ctrID;
         static jfieldID ni_indexID;
         static jfieldID ni_addrsID;
+        static jfieldID ni_nameID;
 
         jobjectArray addrArray;
         jobject addr;
         jobject ni;
+        jobject ni_name;
 
         struct in_addr in;
         struct in_addr *inP = &in;
@@ -1691,6 +1693,8 @@
             ni_addrsID = (*env)->GetFieldID(env, c, "addrs",
                                             "[Ljava/net/InetAddress;");
             CHECK_NULL_RETURN(ni_addrsID, NULL);
+            ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;");
+            CHECK_NULL_RETURN(ni_nameID, NULL);
             ni_class = (*env)->NewGlobalRef(env, c);
             CHECK_NULL_RETURN(ni_class, NULL);
         }
@@ -1712,6 +1716,9 @@
         CHECK_NULL_RETURN(addrArray, NULL);
         (*env)->SetObjectArrayElement(env, addrArray, 0, addr);
         (*env)->SetObjectField(env, ni, ni_addrsID, addrArray);
+        if (ni_name != NULL) {
+            (*env)->SetObjectField(env, ni, ni_nameID, ni_name);
+        }
         return ni;
     }
 
@@ -1728,14 +1735,16 @@
         static jfieldID ni_indexID;
         static jfieldID ni_addrsID;
         static jclass ia_class;
+        static jfieldID ni_nameID;
         static jmethodID ia_anyLocalAddressID;
 
-        int index;
+        int index = 0;
         int len = sizeof(index);
 
         jobjectArray addrArray;
         jobject addr;
         jobject ni;
+        jobject ni_name;
 
 #ifdef __linux__
         /*
@@ -1775,6 +1784,8 @@
                                                              "anyLocalAddress",
                                                              "()Ljava/net/InetAddress;");
             CHECK_NULL_RETURN(ia_anyLocalAddressID, NULL);
+            ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;");
+            CHECK_NULL_RETURN(ni_nameID, NULL);
             ni_class = (*env)->NewGlobalRef(env, c);
             CHECK_NULL_RETURN(ni_class, NULL);
         }
@@ -1835,6 +1846,10 @@
         CHECK_NULL_RETURN(addrArray, NULL);
         (*env)->SetObjectArrayElement(env, addrArray, 0, addr);
         (*env)->SetObjectField(env, ni, ni_addrsID, addrArray);
+        ni_name = (*env)->NewStringUTF(env, "");
+        if (ni_name != NULL) {
+            (*env)->SetObjectField(env, ni, ni_nameID, ni_name);
+        }
         return ni;
     }
 #endif
--- a/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java	Wed Oct 15 10:06:55 2014 -0700
+++ b/src/windows/classes/sun/awt/shell/Win32ShellFolderManager2.java	Tue Oct 28 13:25:01 2014 -0700
@@ -253,7 +253,7 @@
             if (file == null) {
                 file = getDesktop();
             }
-            return file;
+            return checkFile(file);
         } else if (key.equals("roots")) {
             // Should be "History" and "Desktop" ?
             if (roots == null) {
@@ -264,11 +264,11 @@
                     roots = (File[])super.get(key);
                 }
             }
-            return roots;
+            return checkFiles(roots);
         } else if (key.equals("fileChooserComboBoxFolders")) {
             Win32ShellFolder2 desktop = getDesktop();
 
-            if (desktop != null) {
+            if (desktop != null && checkFile(desktop) != null) {
                 ArrayList<File> folders = new ArrayList<File>();
                 Win32ShellFolder2 drives = getDrives();
 
@@ -297,7 +297,7 @@
                         }
                     }
                 }
-                return folders.toArray(new File[folders.size()]);
+                return checkFiles(folders);
             } else {
                 return super.get(key);
             }
@@ -334,7 +334,7 @@
                     }
                 }
             }
-            return folders.toArray(new File[folders.size()]);
+            return checkFiles(folders);
         } else if (key.startsWith("fileChooserIcon ")) {
             String name = key.substring(key.indexOf(" ") + 1);
 
@@ -380,6 +380,47 @@
         return null;
     }
 
+    private File checkFile(File file) {
+        SecurityManager sm = System.getSecurityManager();
+        return (sm == null || file == null) ? file : checkFile(file, sm);
+    }
+
+    private File checkFile(File file, SecurityManager sm) {
+        try {
+            sm.checkRead(file.getPath());
+            return file;
+        } catch (SecurityException se) {
+            return null;
+        }
+    }
+
+    private File[] checkFiles(File[] files) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null || files == null || files.length == 0) {
+            return files;
+        }
+        return checkFiles(Arrays.asList(files), sm);
+    }
+
+    private File[] checkFiles(List<File> files) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null || files.isEmpty()) {
+            return files.toArray(new File[files.size()]);
+        }
+        return checkFiles(files, sm);
+    }
+
+    private File[] checkFiles(List<File> files, SecurityManager sm) {
+        List<File> checkedFiles = new ArrayList<File>(files.size());
+        for (File file: files) {
+            if(checkFile(file, sm) != null){
+                checkedFiles.add(file);
+            }
+        }
+
+        return checkedFiles.toArray(new File[checkedFiles.size()]);
+    }
+
     /**
      * Does <code>dir</code> represent a "computer" such as a node on the network, or
      * "My Computer" on the desktop.