diff options
author | mbalao <unknown> | 2019-11-14 15:06:11 -0800 |
---|---|---|
committer | bell-sw <liberica@bell-sw.com> | 2020-04-20 20:49:12 +0300 |
commit | 31a03ebbb2cf8690340dc3de0c9812a7e12ff45d (patch) | |
tree | 0675376bb23e0db4f064149f796cc9a74d840466 | |
parent | 005cff218a92fee650f11b31864fccaff812a0fd (diff) | |
download | jdk8u_jdk-31a03ebbb2cf8690340dc3de0c9812a7e12ff45d.tar.gz |
8227542: Manifest improved jar headers
Reviewed-by: andrew
-rw-r--r-- | src/share/classes/java/lang/instrument/package.html | 7 | ||||
-rw-r--r-- | src/share/instrument/InvocationAdapter.c | 22 |
2 files changed, 29 insertions, 0 deletions
diff --git a/src/share/classes/java/lang/instrument/package.html b/src/share/classes/java/lang/instrument/package.html index e6839e52f9..c0d9bbbb8c 100644 --- a/src/share/classes/java/lang/instrument/package.html +++ b/src/share/classes/java/lang/instrument/package.html @@ -38,6 +38,13 @@ Provides services that allow Java programming language agents to instrument programs running on the JVM. The mechanism for instrumentation is modification of the byte-codes of methods. +<P> +Note: developers/admininstrators are responsible for verifying the trustworthiness of +content and structure of the Java Agents they deploy, since those are able to arbitrarily +transform the bytecode from other JAR files. Since that happens after the Jars containing +the bytecode have been verified as trusted, the trustworthiness of a Java Agent can determine +the trust towards the entire program. + <h2>Package Specification</h2> <P> diff --git a/src/share/instrument/InvocationAdapter.c b/src/share/instrument/InvocationAdapter.c index f1923d7cc3..7ea4ed3772 100644 --- a/src/share/instrument/InvocationAdapter.c +++ b/src/share/instrument/InvocationAdapter.c @@ -203,6 +203,17 @@ Agent_OnLoad(JavaVM *vm, char *tail, void * reserved) { */ oldLen = (int)strlen(premainClass); newLen = modifiedUtf8LengthOfUtf8(premainClass, oldLen); + /* + * According to JVMS class name is represented as CONSTANT_Utf8_info, + * so its length is u2 (i.e. must be <= 0xFFFF). + */ + if (newLen > 0xFFFF) { + fprintf(stderr, "-javaagent: Premain-Class value is too big\n"); + free(jarfile); + if (options != NULL) free(options); + freeAttributes(attributes); + return JNI_ERR; + } if (newLen == oldLen) { premainClass = strdup(premainClass); } else { @@ -362,6 +373,17 @@ Agent_OnAttach(JavaVM* vm, char *args, void * reserved) { */ oldLen = strlen(agentClass); newLen = modifiedUtf8LengthOfUtf8(agentClass, oldLen); + /* + * According to JVMS class name is represented as CONSTANT_Utf8_info, + * so its length is u2 (i.e. must be <= 0xFFFF). + */ + if (newLen > 0xFFFF) { + fprintf(stderr, "Agent-Class value is too big\n"); + free(jarfile); + if (options != NULL) free(options); + freeAttributes(attributes); + return AGENT_ERROR_BADJAR; + } if (newLen == oldLen) { agentClass = strdup(agentClass); } else { |