Merge pull request #204 from ibmruntimes/openj9-staging

Merge jdk-17.0.7+7 and OpenJ9 changes to 0.38

Author: keithc-ca

closed/openjdk-tag.gmk

@@ -1 +1 @@
-OPENJDK_TAG := jdk-17.0.7+6
+OPENJDK_TAG := jdk-17.0.7+7

make/conf/version-numbers.conf

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2023, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -39,4 +39,4 @@ DEFAULT_VERSION_CLASSFILE_MINOR=0
 DEFAULT_VERSION_DOCS_API_SINCE=11
 DEFAULT_ACCEPTABLE_BOOT_VERSIONS="16 17"
 DEFAULT_JDK_SOURCE_TARGET_VERSION=17
-DEFAULT_PROMOTED_VERSION_PRE=ea
+DEFAULT_PROMOTED_VERSION_PRE=

src/java.base/share/classes/java/lang/ProcessBuilder.java

@@ -1100,8 +1100,8 @@ private Process start(Redirect[] redirects) throws IOException {
 
         String dir = directory == null ? null : directory.toString();
 
-        for (int i = 1; i < cmdarray.length; i++) {
-            if (cmdarray[i].indexOf('\u0000') >= 0) {
+        for (String s : cmdarray) {
+            if (s.indexOf('\u0000') >= 0) {
                 throw new IOException("invalid null character in command");
             }
         }

src/java.base/share/classes/java/net/InetAddress.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -930,6 +930,7 @@ private static final class PlatformNameService implements NameService {
         public InetAddress[] lookupAllHostAddr(String host)
             throws UnknownHostException
         {
+            validate(host);
             return impl.lookupAllHostAddr(host);
         }
 
@@ -1314,51 +1315,53 @@ private static InetAddress[] getAllByName(String host, InetAddress reqAddr)
             return ret;
         }
 
+        validate(host);
         boolean ipv6Expected = false;
         if (host.charAt(0) == '[') {
             // This is supposed to be an IPv6 literal
             if (host.length() > 2 && host.charAt(host.length()-1) == ']') {
                 host = host.substring(1, host.length() -1);
                 ipv6Expected = true;
             } else {
-                // This was supposed to be a IPv6 address, but it's not!
-                throw new UnknownHostException(host + ": invalid IPv6 address");
+                // This was supposed to be a IPv6 literal, but it's not
+                throw invalidIPv6LiteralException(host, false);
             }
         }
 
-        // if host is an IP address, we won't do further lookup
+        // Check and try to parse host string as an IP address literal
         if (IPAddressUtil.digit(host.charAt(0), 16) != -1
             || (host.charAt(0) == ':')) {
-            byte[] addr;
+            byte[] addr = null;
             int numericZone = -1;
             String ifname = null;
-            // see if it is IPv4 address
-            try {
-                addr = IPAddressUtil.validateNumericFormatV4(host);
-            } catch (IllegalArgumentException iae) {
-                var uhe = new UnknownHostException(host);
-                uhe.initCause(iae);
-                throw uhe;
+
+            if (!ipv6Expected) {
+                // check if it is IPv4 address only if host is not wrapped in '[]'
+                try {
+                    addr = IPAddressUtil.validateNumericFormatV4(host);
+                } catch (IllegalArgumentException iae) {
+                    var uhe = new UnknownHostException(host);
+                    uhe.initCause(iae);
+                    throw uhe;
+                }
             }
             if (addr == null) {
-                // This is supposed to be an IPv6 literal
-                // Check if a numeric or string zone id is present
+                // Try to parse host string as an IPv6 literal
+                // Check if a numeric or string zone id is present first
                 int pos;
-                if ((pos=host.indexOf ('%')) != -1) {
-                    numericZone = checkNumericZone (host);
+                if ((pos = host.indexOf('%')) != -1) {
+                    numericZone = checkNumericZone(host);
                     if (numericZone == -1) { /* remainder of string must be an ifname */
-                        ifname = host.substring (pos+1);
+                        ifname = host.substring(pos + 1);
                     }
                 }
-                if ((addr = IPAddressUtil.textToNumericFormatV6(host)) == null && host.contains(":")) {
-                    throw new UnknownHostException(host + ": invalid IPv6 address");
+                if ((addr = IPAddressUtil.textToNumericFormatV6(host)) == null &&
+                        (host.contains(":") || ipv6Expected)) {
+                    throw invalidIPv6LiteralException(host, ipv6Expected);
                 }
-            } else if (ipv6Expected) {
-                // Means an IPv4 literal between brackets!
-                throw new UnknownHostException("["+host+"]");
             }
-            InetAddress[] ret = new InetAddress[1];
             if(addr != null) {
+                InetAddress[] ret = new InetAddress[1];
                 if (addr.length == Inet4Address.INADDRSZ) {
                     if (numericZone != -1 || ifname != null) {
                         // IPv4-mapped address must not contain zone-id
@@ -1375,12 +1378,18 @@ private static InetAddress[] getAllByName(String host, InetAddress reqAddr)
                 return ret;
             }
         } else if (ipv6Expected) {
-            // We were expecting an IPv6 Literal, but got something else
-            throw new UnknownHostException("["+host+"]");
+            // We were expecting an IPv6 Literal since host string starts
+            // and ends with square brackets, but we got something else.
+            throw invalidIPv6LiteralException(host, true);
         }
         return getAllByName0(host, reqAddr, true, true);
     }
 
+    private static UnknownHostException invalidIPv6LiteralException(String host, boolean wrapInBrackets) {
+        String hostString = wrapInBrackets ? "[" + host + "]" : host;
+        return new UnknownHostException(hostString + ": invalid IPv6 address literal");
+    }
+
     /**
      * Returns the loopback address.
      * <p>
@@ -1802,6 +1811,12 @@ private void writeObject (ObjectOutputStream s) throws
         pf.put("family", holder().getFamily());
         s.writeFields();
     }
+
+    private static void validate(String host) throws UnknownHostException {
+        if (host.indexOf(0) != -1) {
+            throw new UnknownHostException("NUL character not allowed in hostname");
+        }
+    }
 }
 
 /*

src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java

@@ -2372,7 +2372,8 @@ private void setPreemptiveProxyAuthentication(MessageHeader requests) throws IOE
      * the connection.
      */
     @SuppressWarnings({"removal","fallthrough"})
-    private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr) {
+    private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr)
+        throws IOException {
 
         assert isLockHeldByCurrentThread();
 
@@ -2473,6 +2474,7 @@ public InetAddress run()
                                                 authenticator,
                                                 host, null, port, url.getProtocol(),
                                                 "", scheme, url, RequestorType.PROXY);
+                            validateNTLMCredentials(a);
                         }
                         /* If we are not trying transparent authentication then
                          * we need to have a PasswordAuthentication instance. For
@@ -2540,7 +2542,8 @@ public InetAddress run()
      * preferred.
      */
     @SuppressWarnings("fallthrough")
-    private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr) {
+    private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr)
+        throws IOException {
 
         // Only called from getInputStream0
         assert isLockHeldByCurrentThread();
@@ -2652,6 +2655,7 @@ private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr)
                                 authenticator,
                                 url.getHost(), addr, port, url.getProtocol(),
                                 "", scheme, url, RequestorType.SERVER);
+                            validateNTLMCredentials(a);
                         }
 
                         /* If we are not trying transparent authentication then
@@ -4003,6 +4007,27 @@ public void close() throws IOException {
             }
         }
     }
+
+    // ensure there are no null characters in username or password
+    private static void validateNTLMCredentials(PasswordAuthentication pw)
+        throws IOException {
+
+        if (pw == null) {
+            return;
+        }
+        char[] password = pw.getPassword();
+        if (password != null) {
+            for (int i=0; i<password.length; i++) {
+                if (password[i] == 0) {
+                    throw new IOException("NUL character not allowed in NTLM password");
+                }
+            }
+        }
+        String username = pw.getUserName();
+        if (username != null && username.indexOf(0) != -1) {
+            throw new IOException("NUL character not allowed in NTLM username or domain");
+        }
+    }
 }
 
 /** An input stream that just returns EOF.  This is for

src/java.base/share/classes/sun/security/provider/certpath/AdjacencyList.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -87,7 +87,7 @@ public class AdjacencyList {
     // the actual set of steps the AdjacencyList represents
     private ArrayList<BuildStep> mStepList;
 
-    // the original list, just for the toString method
+    // the original list
     private List<List<Vertex>> mOrigList;
 
     /**
@@ -114,6 +114,13 @@ public Iterator<BuildStep> iterator() {
         return Collections.unmodifiableList(mStepList).iterator();
     }
 
+    /**
+     * Returns the number of attempted paths (useful for debugging).
+     */
+    public int numAttemptedPaths() {
+        return mOrigList.size();
+    }
+
     /**
      * Recursive, private method which actually builds the step list from
      * the given adjacency list. <code>Follow</code> is the parent BuildStep

src/java.base/share/classes/sun/security/provider/certpath/Builder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -412,8 +412,7 @@ Set<String> getMatchingPolicies() {
 
     /**
      * Search the specified CertStores and add all certificates matching
-     * selector to resultCerts. Self-signed certs are not useful here
-     * and therefore ignored.
+     * selector to resultCerts.
      *
      * If the targetCert criterion of the selector is set, only that cert
      * is examined and the CertStores are not searched.
@@ -432,8 +431,7 @@ boolean addMatchingCerts(X509CertSelector selector,
         X509Certificate targetCert = selector.getCertificate();
         if (targetCert != null) {
             // no need to search CertStores
-            if (selector.match(targetCert) && !X509CertImpl.isSelfSigned
-                (targetCert, buildParams.sigProvider())) {
+            if (selector.match(targetCert)) {
                 if (debug != null) {
                     debug.println("Builder.addMatchingCerts: " +
                         "adding target cert" +
@@ -452,11 +450,8 @@ boolean addMatchingCerts(X509CertSelector selector,
                 Collection<? extends Certificate> certs =
                                         store.getCertificates(selector);
                 for (Certificate cert : certs) {
-                    if (!X509CertImpl.isSelfSigned
-                        ((X509Certificate)cert, buildParams.sigProvider())) {
-                        if (resultCerts.add((X509Certificate)cert)) {
-                            add = true;
-                        }
+                    if (resultCerts.add((X509Certificate)cert)) {
+                        add = true;
                     }
                 }
                 if (!checkAll && add) {