archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 23:04:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8158297: Lack of proper checking of non-well formed elements in CONSTANT_Utf8_info's structure

Browse source 
Disallow // in class file names during parsing and throw ClassNotFoundException

Reviewed-by: sspitsyn, rehn, gtriantafill
This commit is contained in:
Coleen Phillimore 2016-06-07 15:34:22 -04:00
parent abbd13bc13
commit 47309c3715
6 changed files with 432 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
hotspot/src/share/vm/classfile/classFileParser.cpp
View file

@ -4673,6 +4673,7 @@ void ClassFileParser::verify_legal_utf8(const unsigned char* buffer,
}
// Unqualified names may not contain the characters '.', ';', '[', or '/'.
// In class names, '/' separates unqualified names. This is verified in this function also.
// Method names also may not contain the characters '<' or '>', unless <init>
// or <clinit>. Note that method names may not be <init> or <clinit> in this
// method. Because these names have been checked as special cases before
@ -4698,8 +4699,16 @@ bool ClassFileParser::verify_unqualified_name(const char* name,
if (ch == ';' || ch == '[' ) {
return false; // do not permit '.', ';', or '['
}
if (type != ClassFileParser::LegalClass && ch == '/') {
return false; // do not permit '/' unless it's class name
if (ch == '/') {
// check for '//' or leading or trailing '/' which are not legal
// unqualified name must not be empty
if (type == ClassFileParser::LegalClass) {
if (p == name || p+1 >= name+length || *(p+1) == '/') {
return false;
}
} else {
return false; // do not permit '/' unless it's class name
}
}
if (type == ClassFileParser::LegalMethod && (ch == '<' || ch == '>')) {
return false; // do not permit '<' or '>' in method names