changeset 8045:4103eb6b2137

8007607: security native code doesn't always use malloc, realloc, and calloc correctly Reviewed-by: chegar, dsamersoff, valeriep
author jzavgren
date Mon, 18 Mar 2013 14:21:13 -0400
parents e766da5575fa
children 2241a2d34085
files src/share/native/sun/security/jgss/wrapper/GSSLibStub.c src/share/native/sun/security/jgss/wrapper/NativeUtil.c src/solaris/native/com/sun/security/auth/module/Solaris.c src/solaris/native/com/sun/security/auth/module/Unix.c src/solaris/native/sun/security/smartcardio/pcsc_md.c
diffstat 5 files changed, 79 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c	Tue Mar 19 06:01:14 2013 -0400
+++ b/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c	Mon Mar 18 14:21:13 2013 -0400
@@ -27,8 +27,22 @@
 #include "NativeUtil.h"
 #include "NativeFunc.h"
 #include "jlong.h"
+#include <jni.h>
 
-/* Constants for indicating what type of info is needed for inqueries */
+/* Throws a Java Exception by name */
+
+void throwByName(JNIEnv *env, const char *name, const char *msg) {
+    jclass cls = (*env)->FindClass(env, name);
+
+    if (cls != 0) /* Otherwise an exception has already been thrown */
+        (*env)->ThrowNew(env, cls, msg);
+}
+
+void throwOutOfMemoryError(JNIEnv *env, const char *message) {
+    throwByName(env, "java/lang/OutOfMemoryError", message);
+}
+
+/* Constants for indicating what type of info is needed for inquiries */
 const int TYPE_CRED_NAME = 10;
 const int TYPE_CRED_TIME = 11;
 const int TYPE_CRED_USAGE = 12;
@@ -117,7 +131,14 @@
   if (jcb == NULL) {
     return GSS_C_NO_CHANNEL_BINDINGS;
   }
+
   cb = malloc(sizeof(struct gss_channel_bindings_struct));
+
+  if (cb == NULL) {
+    throwOutOfMemoryError(env,NULL);
+    return NULL;
+  }
+
   /* set up initiator address */
   jinetAddr =
     (*env)->CallObjectMethod(env, jcb,
@@ -301,12 +322,15 @@
   gss_buffer_desc nameVal;
   gss_OID nameType;
   gss_name_t nameHdl;
+  nameHdl = GSS_C_NO_NAME;
 
   debug(env, "[GSSLibStub_importName]");
 
   initGSSBuffer(env, jnameVal, &nameVal);
   nameType = newGSSOID(env, jnameType);
-  nameHdl = GSS_C_NO_NAME;
+  if ((*env)->ExceptionCheck(env)) {
+    return jlong_zero;
+  }
 
   /* gss_import_name(...) => GSS_S_BAD_NAMETYPE, GSS_S_BAD_NAME,
      GSS_S_BAD_MECH */
@@ -509,15 +533,18 @@
   gss_cred_usage_t credUsage;
   gss_name_t nameHdl;
   gss_cred_id_t credHdl;
+  credHdl = GSS_C_NO_CREDENTIAL;
 
   debug(env, "[GSSLibStub_acquireCred]");
 
 
   mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
   mechs = newGSSOIDSet(env, mech);
+  if ((*env)->ExceptionCheck(env)) {
+    return jlong_zero;
+  }
   credUsage = (gss_cred_usage_t) usage;
   nameHdl = (gss_name_t) jlong_to_ptr(pName);
-  credHdl = GSS_C_NO_CREDENTIAL;
 
   sprintf(debugBuf, "[GSSLibStub_acquireCred] pName=%ld, usage=%d",
     (long) pName, usage);
@@ -628,7 +655,7 @@
 
   /* return immediately if an exception has occurred */
   if ((*env)->ExceptionCheck(env)) {
-    return 0;
+    return jlong_zero;
   }
 
   sprintf(debugBuf, "[GSSLibStub_getCredName] pName=%ld", (long) nameHdl);
@@ -795,6 +822,10 @@
   time = getGSSTime((*env)->GetIntField(env, jcontextSpi,
                                         FID_NativeGSSContext_lifetime));
   cb = getGSSCB(env, jcb);
+  if ((*env)->ExceptionCheck(env)) {
+    return NULL;
+  }
+
   initGSSBuffer(env, jinToken, &inToken);
 
   sprintf(debugBuf,
@@ -895,6 +926,9 @@
   credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
   initGSSBuffer(env, jinToken, &inToken);
   cb = getGSSCB(env, jcb);
+  if ((*env)->ExceptionCheck(env)) {
+    return NULL;
+  }
   srcName = GSS_C_NO_NAME;
   delCred = GSS_C_NO_CREDENTIAL;
   setTarget = (credHdl == GSS_C_NO_CREDENTIAL);
@@ -1130,7 +1164,7 @@
   checkStatus(env, jobj, major, minor, "[GSSLibStub_inquireContextAll]");
   /* return immediately if an exception has occurred */
   if ((*env)->ExceptionCheck(env)) {
-    return ptr_to_jlong(NULL);
+    return jlong_zero;
   }
 
   sprintf(debugBuf, "[GSSLibStub_getContextName] pName=%ld", (long) nameHdl);
--- a/src/share/native/sun/security/jgss/wrapper/NativeUtil.c	Tue Mar 19 06:01:14 2013 -0400
+++ b/src/share/native/sun/security/jgss/wrapper/NativeUtil.c	Mon Mar 18 14:21:13 2013 -0400
@@ -26,6 +26,9 @@
 #include "NativeUtil.h"
 #include "NativeFunc.h"
 #include "jlong.h"
+#include <jni.h>
+
+extern void throwOutOfMemoryError(JNIEnv *env, const char *message);
 
 const int JAVA_DUPLICATE_TOKEN_CODE = 19; /* DUPLICATE_TOKEN */
 const int JAVA_OLD_TOKEN_CODE = 20; /* OLD_TOKEN */
@@ -615,8 +618,17 @@
       (*env)->Throw(env, gssEx);
     }
     cOid = malloc(sizeof(struct gss_OID_desc_struct));
+    if (cOid == NULL) {
+      throwOutOfMemoryError(env,NULL);
+      return GSS_C_NO_OID;
+    }
     cOid->length = (*env)->GetArrayLength(env, jbytes) - 2;
     cOid->elements = malloc(cOid->length);
+    if (cOid->elements == NULL) {
+      throwOutOfMemoryError(env,NULL);
+      free(cOid);
+      return GSS_C_NO_OID;
+    }
     (*env)->GetByteArrayRegion(env, jbytes, 2, cOid->length,
                                cOid->elements);
     (*env)->DeleteLocalRef(env, jbytes);
--- a/src/solaris/native/com/sun/security/auth/module/Solaris.c	Tue Mar 19 06:01:14 2013 -0400
+++ b/src/solaris/native/com/sun/security/auth/module/Solaris.c	Mon Mar 18 14:21:13 2013 -0400
@@ -31,6 +31,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <pwd.h>
+
 JNIEXPORT void JNICALL
 Java_com_sun_security_auth_module_SolarisSystem_getSolarisInfo
                                                 (JNIEnv *env, jobject obj) {
@@ -39,13 +40,23 @@
     char pwd_buf[1024];
     struct passwd pwd;
     jsize numSuppGroups = getgroups(0, NULL);
-    gid_t *groups = (gid_t *)calloc(numSuppGroups, sizeof(gid_t));
-
     jfieldID fid;
     jstring jstr;
     jlongArray jgroups;
     jlong *jgroupsAsArray;
-    jclass cls = (*env)->GetObjectClass(env, obj);
+    gid_t *groups;
+    jclass cls;
+
+    groups = (gid_t *)calloc(numSuppGroups, sizeof(gid_t));
+
+    if (groups == NULL) {
+        jclass cls = (*env)->FindClass(env,"java/lang/OutOfMemoryError");
+        if(cls != 0)
+            (*env)->ThrowNew(env, cls, NULL);
+        return;
+    }
+
+    cls = (*env)->GetObjectClass(env, obj);
 
     memset(pwd_buf, 0, sizeof(pwd_buf));
     if (getpwuid_r(getuid(), &pwd, pwd_buf, sizeof(pwd_buf)) != NULL &&
--- a/src/solaris/native/com/sun/security/auth/module/Unix.c	Tue Mar 19 06:01:14 2013 -0400
+++ b/src/solaris/native/com/sun/security/auth/module/Unix.c	Mon Mar 18 14:21:13 2013 -0400
@@ -44,9 +44,6 @@
     char pwd_buf[1024];
     struct passwd *pwd;
     struct passwd resbuf;
-    jsize numSuppGroups = getgroups(0, NULL);
-    gid_t *groups = (gid_t *)calloc(numSuppGroups, sizeof(gid_t));
-
     jfieldID userNameID;
     jfieldID userID;
     jfieldID groupID;
@@ -55,7 +52,20 @@
     jstring jstr;
     jlongArray jgroups;
     jlong *jgroupsAsArray;
-    jclass cls = (*env)->GetObjectClass(env, obj);
+    jsize numSuppGroups;
+    gid_t *groups;
+    jclass cls;
+
+    numSuppGroups = getgroups(0, NULL);
+    groups = (gid_t *)calloc(numSuppGroups, sizeof(gid_t));
+    if (groups == NULL) {
+        jclass cls = (*env)->FindClass(env,"java/lang/OutOfMemoryError");
+        if(cls != 0)
+            (*env)->ThrowNew(env, cls, NULL);
+        return;
+    }
+
+    cls = (*env)->GetObjectClass(env, obj);
 
     memset(pwd_buf, 0, sizeof(pwd_buf));
 
--- a/src/solaris/native/sun/security/smartcardio/pcsc_md.c	Tue Mar 19 06:01:14 2013 -0400
+++ b/src/solaris/native/sun/security/smartcardio/pcsc_md.c	Mon Mar 18 14:21:13 2013 -0400
@@ -32,8 +32,6 @@
 
 #include <winscard.h>
 
-#include <jni_util.h>
-
 #include "sun_security_smartcardio_PlatformPCSC.h"
 
 #include "pcsc_md.h"
@@ -77,7 +75,6 @@
     throwByName(env, "java/io/IOException", msg);
 }
 
-
 void *findFunction(JNIEnv *env, void *hModule, char *functionName) {
     void *fAddress = dlsym(hModule, functionName);
     if (fAddress == NULL) {