FYI: InetAddress security fixes

public inbox for java-patches@gcc.gnu.org
 help / color / mirror / Atom feed

* FYI: InetAddress security fixes
@ 2006-09-01 10:09 Gary Benson
  0 siblings, 0 replies; only message in thread
From: Gary Benson @ 2006-09-01 10:09 UTC (permalink / raw)
  To: java-patches

[-- Attachment #1: Type: text/plain, Size: 146 bytes --]

Hi all,

This commit stops InetAddress.getByName() and getAllByName()
performing security checks when DNS lookups are not required.

Cheers,
Gary

[-- Attachment #2: patch --]
[-- Type: text/plain, Size: 2389 bytes --]

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 116620)
+++ ChangeLog	(working copy)
@@ -1,3 +1,8 @@
+2006-09-01  Gary Benson  <gbenson@redhat.com>
+
+	* java/net/InetAddress.java (getByName, getAllByName):
+	Only perform security check when DNS lookups are required.
+
 2006-08-31  Keith Seitz  <keiths@redhat.com>
 
 	* include/jvmti_md.h: New file.
Index: java/net/InetAddress.java
===================================================================
--- java/net/InetAddress.java	(revision 116620)
+++ java/net/InetAddress.java	(working copy)
@@ -592,14 +592,10 @@
     throws UnknownHostException
   {
     // If null or the empty string is supplied, the loopback address
-    // is returned. Note that this is permitted without a security check.
+    // is returned.
     if (hostname == null || hostname.length() == 0)
       return loopback;
 
-    SecurityManager s = System.getSecurityManager();
-    if (s != null)
-      s.checkConnect(hostname, -1);
-
     // Assume that the host string is an IP address
     byte[] address = aton(hostname);
     if (address != null)
@@ -623,6 +619,11 @@
           throw new UnknownHostException ("Address has invalid length");
       }
 
+    // Perform security check before resolving
+    SecurityManager s = System.getSecurityManager();
+    if (s != null)
+      s.checkConnect(hostname, -1);
+
     // Try to resolve the host by DNS
     InetAddress result = new InetAddress(null, null);
     lookup (hostname, result, false);
@@ -650,14 +651,10 @@
     throws UnknownHostException
   {
     // If null or the empty string is supplied, the loopback address
-    // is returned. Note that this is permitted without a security check.
+    // is returned.
     if (hostname == null || hostname.length() == 0)
       return new InetAddress[] {loopback};
 
-    SecurityManager s = System.getSecurityManager();
-    if (s != null)
-      s.checkConnect(hostname, -1);
-
     // Check if hostname is an IP address
     byte[] address = aton (hostname);
     if (address != null)
@@ -667,6 +664,11 @@
 	return result;
       }
 
+    // Perform security check before resolving
+    SecurityManager s = System.getSecurityManager();
+    if (s != null)
+      s.checkConnect(hostname, -1);
+
     // Try to resolve the hostname by DNS
     return lookup (hostname, null, true);
   }

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2006-09-01 10:09 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-09-01 10:09 FYI: InetAddress security fixes Gary Benson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).