8230946: Clarify security manager behaviour of a connected DatagramSocket and DatagramChannel

Update to API, to clarify that packets are dropped in the receive method of non-connected sockets if they fail the security manager checks Reviewed-by: alanb, chegar, dfuchs
2025-08-27 06:45:07 +02:00 · 2019-10-08 14:56:46 +01:00 · 2019-10-08 14:56:46 +01:00 · ee87f2a7a4
commit ee87f2a7a4
parent 3e8d409cee
2 changed files with 22 additions and 20 deletions
--- a/src/java.base/share/classes/java/net/DatagramSocket.java
+++ b/src/java.base/share/classes/java/net/DatagramSocket.java
@ -434,14 +434,15 @@ class DatagramSocket implements java.io.Closeable {
     * verify that datagrams are permitted to be sent and received
     * respectively.
     *
-     * <p> When a socket is connected, {@link #receive receive} and
-     * {@link #send send} <b>will not perform any security checks</b>
-     * on incoming and outgoing packets, other than matching the packet's
-     * and the socket's address and port. On a send operation, if the
-     * packet's address is set and the packet's address and the socket's
-     * address do not match, an {@code IllegalArgumentException} will be
-     * thrown. A socket connected to a multicast address may only be used
-     * to send packets.
+     * <p> Care should be taken to ensure that a connected datagram socket
+     * is not shared with untrusted code. When a socket is connected,
+     * {@link #receive receive} and {@link #send send} <b>will not perform
+     * any security checks</b> on incoming and outgoing packets, other than
+     * matching the packet's and the socket's address and port. On a send
+     * operation, if the packet's address is set and the packet's address
+     * and the socket's address do not match, an {@code IllegalArgumentException}
+     * will be thrown. A socket connected to a multicast address may only
+     * be used to send packets.
     *
     * @param address the remote address for the socket
     *
@ -708,9 +709,11 @@ class DatagramSocket implements java.io.Closeable {
     * the length of the received message. If the message is longer than
     * the packet's length, the message is truncated.
     * <p>
-     * If there is a security manager, a packet cannot be received if the
-     * security manager's {@code checkAccept} method
-     * does not allow it.
+     * If there is a security manager, and the socket is not currently
+     * connected to a remote address, a packet cannot be received if the
+     * security manager's {@code checkAccept} method does not allow it.
+     * Datagrams that are not permitted by the security manager are silently
+     * discarded.
     *
     * @param      p   the {@code DatagramPacket} into which to place
     *                 the incoming data.