Merge pull request #248 from keithc-ca/v0.40.1

Merge latest changes from jdk-17.0.8.1+1

Author: pshipton

.jcheck/conf

@@ -1,7 +1,7 @@
 [general]
 project=jdk-updates
 jbs=JDK
-version=17.0.8
+version=17.0.8.1
 
 [checks]
 error=author,committer,reviewers,merge,issues,executable,symlink,message,hg-tag,whitespace,problemlists

closed/openjdk-tag.gmk

@@ -1 +1 @@
-OPENJDK_TAG := jdk-17.0.8+7
+OPENJDK_TAG := jdk-17.0.8.1+1

make/conf/version-numbers.conf

@@ -29,11 +29,11 @@
 DEFAULT_VERSION_FEATURE=17
 DEFAULT_VERSION_INTERIM=0
 DEFAULT_VERSION_UPDATE=8
-DEFAULT_VERSION_PATCH=0
+DEFAULT_VERSION_PATCH=1
 DEFAULT_VERSION_EXTRA1=0
 DEFAULT_VERSION_EXTRA2=0
 DEFAULT_VERSION_EXTRA3=0
-DEFAULT_VERSION_DATE=2023-07-18
+DEFAULT_VERSION_DATE=2023-08-24
 DEFAULT_VERSION_CLASSFILE_MAJOR=61  # "`$EXPR $DEFAULT_VERSION_FEATURE + 44`"
 DEFAULT_VERSION_CLASSFILE_MINOR=0
 DEFAULT_VERSION_DOCS_API_SINCE=11

src/java.base/share/classes/java/util/zip/ZipFile.java

@@ -69,7 +69,8 @@
 import jdk.internal.ref.CleanerFactory;
 import jdk.internal.vm.annotation.Stable;
 import sun.nio.cs.UTF_8;
-import sun.security.action.GetBooleanAction;
+import sun.nio.fs.DefaultFileSystemProvider;
+import sun.security.action.GetPropertyAction;
 import sun.security.util.SignatureFileVerifier;
 
 import static java.util.zip.ZipConstants64.*;
@@ -123,11 +124,12 @@ public class ZipFile implements ZipConstants, Closeable {
     public static final int OPEN_DELETE = 0x4;
 
     /**
-     * Flag which specifies whether the validation of the Zip64 extra
-     * fields should be disabled
+     * Flag to specify whether the Extra ZIP64 validation should be
+     * disabled.
      */
-    private static final boolean disableZip64ExtraFieldValidation =
-            GetBooleanAction.privilegedGetProperty("jdk.util.zip.disableZip64ExtraFieldValidation");
+    private static final boolean DISABLE_ZIP64_EXTRA_VALIDATION =
+            getDisableZip64ExtraFieldValidation();
+
     /**
      * Opens a zip file for reading.
      *
@@ -1086,6 +1088,21 @@ private int[] getMetaInfVersions() {
     }
 
     private static boolean isWindows;
+    /**
+     * Returns the value of the System property which indicates whether the
+     * Extra ZIP64 validation should be disabled.
+     */
+    static boolean getDisableZip64ExtraFieldValidation() {
+        boolean result;
+        String value = GetPropertyAction.privilegedGetProperty(
+                "jdk.util.zip.disableZip64ExtraFieldValidation");
+        if (value == null) {
+            result = false;
+        } else {
+            result = value.isEmpty() || value.equalsIgnoreCase("true");
+        }
+        return result;
+    }
 
     static {
         SharedSecrets.setJavaUtilZipFileAccess(
@@ -1204,7 +1221,7 @@ private int checkAndAddEntry(int pos, int index)
             }
 
             int elen = CENEXT(cen, pos);
-            if (elen > 0 && !disableZip64ExtraFieldValidation) {
+            if (elen > 0 && !DISABLE_ZIP64_EXTRA_VALIDATION) {
                 long extraStartingOffset = pos + CENHDR + nlen;
                 if ((int)extraStartingOffset != extraStartingOffset) {
                     zerror("invalid CEN header (bad extra offset)");
@@ -1248,25 +1265,32 @@ private void checkExtraFields(int cenPos, int startingOffset,
                 zerror("Invalid CEN header (extra data field size too long)");
             }
             int currentOffset = startingOffset;
-            while (currentOffset < extraEndOffset) {
+            // Walk through each Extra Header. Each Extra Header Must consist of:
+            //       Header ID - 2 bytes
+            //       Data Size - 2 bytes:
+            while (currentOffset + Integer.BYTES <= extraEndOffset) {
                 int tag = get16(cen, currentOffset);
                 currentOffset += Short.BYTES;
 
                 int tagBlockSize = get16(cen, currentOffset);
+                currentOffset += Short.BYTES;
                 int tagBlockEndingOffset = currentOffset + tagBlockSize;
 
                 //  The ending offset for this tag block should not go past the
                 //  offset for the end of the extra field
                 if (tagBlockEndingOffset > extraEndOffset) {
-                    zerror("Invalid CEN header (invalid zip64 extra data field size)");
+                    zerror(String.format(
+                            "Invalid CEN header (invalid extra data field size for " +
+                                    "tag: 0x%04x at %d)",
+                            tag, cenPos));
                 }
-                currentOffset += Short.BYTES;
 
                 if (tag == ZIP64_EXTID) {
                     // Get the compressed size;
                     long csize = CENSIZ(cen, cenPos);
                     // Get the uncompressed size;
                     long size = CENLEN(cen, cenPos);
+
                     checkZip64ExtraFieldValues(currentOffset, tagBlockSize,
                             csize, size);
                 }
@@ -1290,6 +1314,16 @@ private void checkZip64ExtraFieldValues(int off, int blockSize, long csize,
                                                 long size)
                 throws ZipException {
             byte[] cen = this.cen;
+            // if ZIP64_EXTID blocksize == 0, which may occur with some older
+            // versions of Apache Ant and Commons Compress, validate csize and size
+            // to make sure neither field == ZIP64_MAGICVAL
+            if (blockSize == 0) {
+                if (csize == ZIP64_MAGICVAL || size == ZIP64_MAGICVAL) {
+                    zerror("Invalid CEN header (invalid zip64 extra data field size)");
+                }
+                // Only validate the ZIP64_EXTID data if the block size > 0
+                return;
+            }
             // Validate the Zip64 Extended Information Extra Field (0x0001)
             // length.
             if (!isZip64ExtBlockSizeValid(blockSize)) {

src/jdk.zipfs/share/classes/jdk/nio/zipfs/ZipFileSystem.java

@@ -3078,10 +3078,22 @@ private void readExtra(ZipFileSystem zipfs) throws IOException {
                 int sz = SH(extra, pos + 2);
                 pos += 4;
                 if (pos + sz > elen) {        // invalid data
-                    throw new ZipException("Invalid CEN header (invalid zip64 extra data field size)");
+                    throw new ZipException(String.format(
+                            "Invalid CEN header (invalid extra data field size for " +
+                                    "tag: 0x%04x size: %d)",
+                            tag, sz));
                 }
                 switch (tag) {
                 case EXTID_ZIP64 :
+                    // if ZIP64_EXTID blocksize == 0, which may occur with some older
+                    // versions of Apache Ant and Commons Compress, validate csize
+                    // size, and locoff to make sure the fields != ZIP64_MAGICVAL
+                    if (sz == 0) {
+                        if (csize == ZIP64_MINVAL || size == ZIP64_MINVAL || locoff == ZIP64_MINVAL) {
+                            throw new ZipException("Invalid CEN header (invalid zip64 extra data field size)");
+                        }
+                        break;
+                    }
                     // Check to see if we have a valid block size
                     if (!isZip64ExtBlockSizeValid(sz)) {
                         throw new ZipException("Invalid CEN header (invalid zip64 extra data field size)");

test/jdk/java/util/zip/ZipFile/CorruptedZipFiles.java

@@ -22,7 +22,7 @@
  */
 
 /* @test
- * @bug 4770745 6218846 6218848 6237956
+ * @bug 4770745 6218846 6218848 6237956 8313765
  * @summary test for correct detection and reporting of corrupted zip files
  * @author Martin Buchholz
  */
@@ -113,8 +113,9 @@ public static void main(String[] args) throws Exception {
 
         err.println("corrupted CENEXT 1");
         bad = good.clone();
-        bad[cenpos+CENEXT]++;
-        checkZipException(bad, ".*invalid zip64 extra data field size.*");
+        bad[cenpos+CENEXT]   = (byte)0xff;
+        bad[cenpos+CENEXT+1] = (byte)0xff;
+        checkZipException(bad, ".*extra data field size too long.*");
 
         err.println("corrupted CENEXT 2");
         bad = good.clone();