8217997: Better socket support

Reviewed-by: alanb, ahgross, chegar, igerasim
2025-08-27 14:54:52 +02:00 · 2019-03-25 17:15:27 +00:00 · 2019-03-25 17:15:27 +00:00 · e4553cb2fa
commit e4553cb2fa
parent 67a0aa7960
4 changed files with 45 additions and 1 deletions
--- a/src/java.base/share/classes/java/net/NetPermission.java
+++ b/src/java.base/share/classes/java/net/NetPermission.java
@ -145,6 +145,15 @@ import java.util.StringTokenizer;
 *   </tr>
 *
 * <tr>
+ *   <th scope="row">setSocketImpl</th>
+ *   <td>The ability to create a sub-class of Socket or ServerSocket with a
+ *   user specified SocketImpl.</td>
+ *   <td>Malicious user-defined SocketImpls can change the behavior of
+ *   Socket and ServerSocket in surprising ways, by virtue of their
+ *   ability to access the protected fields of SocketImpl.</td>
+ *   </tr>
+ *
+ * <tr>
 *   <th scope="row">specifyStreamHandler</th>
 *   <td>The ability
 *   to specify a stream handler when constructing a URL</td>
--- a/src/java.base/share/classes/java/net/ServerSocket.java
+++ b/src/java.base/share/classes/java/net/ServerSocket.java
@ -32,6 +32,7 @@ import java.util.Objects;
 import java.util.Set;
 import java.util.Collections;

+import sun.security.util.SecurityConstants;
 import sun.net.PlatformSocketImpl;

 /**
@ -73,13 +74,25 @@ class ServerSocket implements java.io.Closeable {
     *
     * @throws     NullPointerException if impl is {@code null}.
     *
+     * @throws     SecurityException if a security manager is set and
+     *             its {@code checkPermission} method doesn't allow
+     *             {@code NetPermission("setSocketImpl")}.
     * @since 12
     */
    protected ServerSocket(SocketImpl impl) {
        Objects.requireNonNull(impl);
+        checkPermission();
        this.impl = impl;
    }

+    private static Void checkPermission() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(SecurityConstants.SET_SOCKETIMPL_PERMISSION);
+        }
+        return null;
+    }
+
    /**
     * Creates an unbound server socket.
     *
--- a/src/java.base/share/classes/java/net/Socket.java
+++ b/src/java.base/share/classes/java/net/Socket.java
@ -25,6 +25,8 @@

 package java.net;

+import sun.security.util.SecurityConstants;
+
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.IOException;
@ -182,12 +184,28 @@ class Socket implements java.io.Closeable {
     *
     * @throws    SocketException if there is an error in the underlying protocol,
     * such as a TCP error.
+     *
+     * @throws SecurityException if {@code impl} is non-null and a security manager is set
+     * and its {@code checkPermission} method doesn't allow {@code NetPermission("setSocketImpl")}.
+     *
     * @since   1.1
     */
    protected Socket(SocketImpl impl) throws SocketException {
+        checkPermission(impl);
        this.impl = impl;
    }

+    private static Void checkPermission(SocketImpl impl) {
+        if (impl == null) {
+            return null;
+        }
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(SecurityConstants.SET_SOCKETIMPL_PERMISSION);
+        }
+        return null;
+    }
+
    /**
     * Creates a stream socket and connects it to the specified port
     * number on the named host.