1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8230946: Clarify security manager behaviour of a connected DatagramSocket and DatagramChannel

Browse Source 
Update to API, to clarify that packets are dropped in the receive method of non-connected sockets if they fail the security manager checks

Reviewed-by: alanb, chegar, dfuchs
This commit is contained in:
Patrick Concannon 2019-10-08 14:56:46 +01:00
parent 3e8d409cee
commit ee87f2a7a4
2 changed files with 22 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/java.base/share/classes/java/net/DatagramSocket.java
View File

@ -434,14 +434,15 @@ class DatagramSocket implements java.io.Closeable {
* verify that datagrams are permitted to be sent and received * verify that datagrams are permitted to be sent and received
* respectively. * respectively.
* *
* <p> When a socket is connected, {@link #receive receive} and * <p> Care should be taken to ensure that a connected datagram socket
* {@link #send send} <b>will not perform any security checks</b> * is not shared with untrusted code. When a socket is connected,
* on incoming and outgoing packets, other than matching the packet's * {@link #receive receive} and {@link #send send} <b>will not perform
* and the socket's address and port. On a send operation, if the * any security checks</b> on incoming and outgoing packets, other than
* packet's address is set and the packet's address and the socket's * matching the packet's and the socket's address and port. On a send
* address do not match, an {@code IllegalArgumentException} will be * operation, if the packet's address is set and the packet's address
* thrown. A socket connected to a multicast address may only be used * and the socket's address do not match, an {@code IllegalArgumentException}
* to send packets. * will be thrown. A socket connected to a multicast address may only
* be used to send packets.
* *
* @param address the remote address for the socket * @param address the remote address for the socket
* *
@ -708,9 +709,11 @@ class DatagramSocket implements java.io.Closeable {
* the length of the received message. If the message is longer than * the length of the received message. If the message is longer than
* the packet's length, the message is truncated. * the packet's length, the message is truncated.
* <p> * <p>
* If there is a security manager, a packet cannot be received if the * If there is a security manager, and the socket is not currently
* security manager's {@code checkAccept} method * connected to a remote address, a packet cannot be received if the
* does not allow it. * security manager's {@code checkAccept} method does not allow it.
* Datagrams that are not permitted by the security manager are silently
* discarded.
* *
* @param p the {@code DatagramPacket} into which to place * @param p the {@code DatagramPacket} into which to place
* the incoming data. * the incoming data.

17
src/java.base/share/classes/java/nio/channels/DatagramChannel.java
View File

@ -265,7 +265,10 @@ public abstract class DatagramChannel
* java.lang.SecurityManager#checkAccept checkAccept} and {@link * java.lang.SecurityManager#checkAccept checkAccept} and {@link
* java.lang.SecurityManager#checkConnect checkConnect} methods permit * java.lang.SecurityManager#checkConnect checkConnect} methods permit
* datagrams to be received from and sent to, respectively, the given * datagrams to be received from and sent to, respectively, the given
* remote address. * remote address. Once connected, no further security checks are performed
* for datagrams received from, or sent to, the given remote address. Care
* should be taken to ensure that a connected datagram channel is not shared
* with untrusted code.
* *
* <p> This method may be invoked at any time. It will not have any effect * <p> This method may be invoked at any time. It will not have any effect
* on read or write operations that are already in progress at the moment * on read or write operations that are already in progress at the moment
@ -369,9 +372,10 @@ public abstract class DatagramChannel
* to a specific remote address and a security manager has been installed * to a specific remote address and a security manager has been installed
* then for each datagram received this method verifies that the source's * then for each datagram received this method verifies that the source's
* address and port number are permitted by the security manager's {@link * address and port number are permitted by the security manager's {@link
* java.lang.SecurityManager#checkAccept checkAccept} method. The overhead * java.lang.SecurityManager#checkAccept checkAccept} method. Datagrams
* of this security check can be avoided by first connecting the socket via * that are not permitted by the security manager are silently discarded.
* the {@link #connect connect} method. * The overhead of this security check can be avoided by first connecting
* the socket via the {@link #connect connect} method.
* *
* <p> This method may be invoked at any time. If another thread has * <p> This method may be invoked at any time. If another thread has
* already initiated a read operation upon this channel, however, then an * already initiated a read operation upon this channel, however, then an
@ -401,11 +405,6 @@ public abstract class DatagramChannel
* closing the channel and setting the current thread's * closing the channel and setting the current thread's
* interrupt status * interrupt status
* *
* @throws SecurityException
* If a security manager has been installed
* and it does not permit datagrams to be accepted
* from the datagram's sender
*
* @throws IOException * @throws IOException
* If some other I/O error occurs * If some other I/O error occurs
*/ */