archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-20 11:04:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8208691: Tighten up jdk.includeInExceptions security property

Browse source 
Add stronger warning on usage and add test to check that property is not set

Reviewed-by: alanb, rriggs
This commit is contained in:
Sean Mullan 2018-08-07 10:29:01 -04:00
parent 0919d6d626
commit ac3d4a6722
2 changed files with 28 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/java.base/share/conf/security/java.security
View file

@ -1070,6 +1070,11 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep
# case-insensitive. Leading and trailing whitespaces, surrounding each value, # case-insensitive. Leading and trailing whitespaces, surrounding each value,
# are ignored. Unknown values are ignored. # are ignored. Unknown values are ignored.
# #
# NOTE: Use caution before setting this property. Setting this property
# exposes sensitive information in Exceptions, which could, for example,
# propagate to untrusted code or be emitted in stack traces that are
# inadvertently disclosed and made accessible over a public network.
#
# The categories are: # The categories are:
# #
# hostInfo - IOExceptions thrown by java.net.Socket and the socket types in the # hostInfo - IOExceptions thrown by java.net.Socket and the socket types in the

18
test/jdk/java/net/Socket/ExceptionText.java
View file

@ -25,10 +25,12 @@
* @test * @test
* @library /test/lib * @library /test/lib
* @build jdk.test.lib.Utils * @build jdk.test.lib.Utils
* @bug 8204233 8207846 * @bug 8204233 8207846 8208691
* @summary Add configurable option for enhanced socket IOException messages * @summary Add configurable option for enhanced socket IOException messages
* @run main/othervm * @run main/othervm
* ExceptionText * ExceptionText
* @run main/othervm
* ExceptionText
* WITHOUT_Enhanced_Text * WITHOUT_Enhanced_Text
* @run main/othervm * @run main/othervm
* -Djdk.includeInExceptions= * -Djdk.includeInExceptions=
@ -62,6 +64,7 @@ import java.net.Socket;
import java.nio.channels.AsynchronousSocketChannel; import java.nio.channels.AsynchronousSocketChannel;
import java.nio.channels.ClosedChannelException; import java.nio.channels.ClosedChannelException;
import java.nio.channels.SocketChannel; import java.nio.channels.SocketChannel;
import java.security.Security;
import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutionException;
import jdk.test.lib.Utils; import jdk.test.lib.Utils;
@ -70,6 +73,9 @@ public class ExceptionText {
enum TestTarget {SOCKET, CHANNEL, ASYNC_CHANNEL}; enum TestTarget {SOCKET, CHANNEL, ASYNC_CHANNEL};
public static void main(String args[]) throws Exception { public static void main(String args[]) throws Exception {
if (args.length == 0) {
testSecProp();
} else {
String passOrFail = args[0]; String passOrFail = args[0];
boolean expectEnhancedText; boolean expectEnhancedText;
if (passOrFail.equals("expectEnhancedText")) { if (passOrFail.equals("expectEnhancedText")) {
@ -79,11 +85,21 @@ public class ExceptionText {
} }
test(expectEnhancedText); test(expectEnhancedText);
} }
}
static final InetSocketAddress dest = Utils.refusingEndpoint(); static final InetSocketAddress dest = Utils.refusingEndpoint();
static final String PORT = ":" + Integer.toString(dest.getPort()); static final String PORT = ":" + Integer.toString(dest.getPort());
static final String HOST = dest.getHostString(); static final String HOST = dest.getHostString();
static void testSecProp() {
String incInExc = Security.getProperty("jdk.includeInExceptions");
if (incInExc != null) {
throw new RuntimeException("Test failed: default value of " +
"jdk.includeInExceptions security property is not null: " +
incInExc);
}
}
static void test(boolean withProperty) { static void test(boolean withProperty) {
// Socket // Socket
IOException e = getException(TestTarget.SOCKET); IOException e = getException(TestTarget.SOCKET);