packages/infinispan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2019-10174

Browse Source 
(cherry picked from commit b9f2292789fe88215197f18bdb7aa62680b4e228)
This commit is contained in:
starlet-dx 2024-05-27 14:41:26 +08:00 committed by openeuler-sync-bot
parent a12831e88f
commit 33fbbb22aa
3 changed files with 377 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
CVE-2019-10174-pre.patch Normal file
View File

@ -0,0 +1,166 @@
From b317b7e70de2621fb25806b611126bcaf8793beb Mon Sep 17 00:00:00 2001
From: Lin Gao <lgao@redhat.com>
Date: Thu, 2 Mar 2017 10:17:25 +0800
Subject: [PATCH] [ISPN-7535] Cache creation requires specific permissions when
using security manager
Move Util.getClassLoaders() and ReflectionUtil.invokeAccessibly() to doPrivileged() when security manager is enabled
---
.../commons/util/ReflectionUtil.java | 13 +---
.../commons/util/SecurityActions.java | 63 +++++++++++++++++++
.../org/infinispan/commons/util/Util.java | 30 ++-------
3 files changed, 68 insertions(+), 38 deletions(-)
diff --git a/commons/src/main/java/org/infinispan/commons/util/ReflectionUtil.java b/commons/src/main/java/org/infinispan/commons/util/ReflectionUtil.java
index df9526d83af0..9b70e1430c6f 100644
--- a/commons/src/main/java/org/infinispan/commons/util/ReflectionUtil.java
+++ b/commons/src/main/java/org/infinispan/commons/util/ReflectionUtil.java
@@ -6,7 +6,6 @@
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
-import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
@@ -163,17 +162,7 @@ private static Field findFieldRecursively(Class<?> c, String fieldName) {
* @param parameters parameters
*/
public static Object invokeAccessibly(Object instance, Method method, Object[] parameters) {
- try {
- method.setAccessible(true);
- return method.invoke(instance, parameters);
- } catch (InvocationTargetException e) {
- Throwable cause = e.getCause() != null ? e.getCause() : e;
- throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance.getClass().getSimpleName()) +
- (parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), cause);
- } catch (Exception e) {
- throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance.getClass().getSimpleName()) +
- (parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), e);
- }
+ return SecurityActions.invokeAccessibly(instance, method, parameters);
}
public static Method findGetterForField(Class<?> c, String fieldName) {
diff --git a/commons/src/main/java/org/infinispan/commons/util/SecurityActions.java b/commons/src/main/java/org/infinispan/commons/util/SecurityActions.java
index 91e58fbecd21..72d721349181 100644
--- a/commons/src/main/java/org/infinispan/commons/util/SecurityActions.java
+++ b/commons/src/main/java/org/infinispan/commons/util/SecurityActions.java
@@ -1,7 +1,12 @@
package org.infinispan.commons.util;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.util.Arrays;
+
+import org.infinispan.commons.CacheException;
/**
* Privileged actions for the package
@@ -70,4 +75,62 @@ static String getProperty(String name) {
return SysProps.PRIVILEGED.getProperty(name);
}
+
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ if (System.getSecurityManager() != null) {
+ return AccessController.doPrivileged(action);
+ } else {
+ return action.run();
+ }
+ }
+
+ static Object invokeAccessibly(Object instance, Method method, Object[] parameters) {
+ return doPrivileged((PrivilegedAction<Object>) () -> {
+ try {
+ method.setAccessible(true);
+ return method.invoke(instance, parameters);
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause() != null ? e.getCause() : e;
+ throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance.getClass().getSimpleName()) +
+ (parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), cause);
+ } catch (Exception e) {
+ throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance.getClass().getSimpleName()) +
+ (parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), e);
+ }
+ });
+ }
+
+ static ClassLoader[] getClassLoaders(ClassLoader appClassLoader) {
+ return doPrivileged((PrivilegedAction<ClassLoader[]>) () -> {
+ return new ClassLoader[] { appClassLoader, // User defined classes
+ Util.class.getClassLoader(), // Infinispan classes (not always on TCCL [modular env])
+ ClassLoader.getSystemClassLoader(), // Used when load time instrumentation is in effect
+ Thread.currentThread().getContextClassLoader() //Used by jboss-as stuff
+ };
+ });
+ }
+
+ private static ClassLoader getOSGiClassLoader() {
+ // Make loading class optional
+ try {
+ Class<?> osgiClassLoader = Class.forName("org.infinispan.commons.util.OsgiClassLoader");
+ return (ClassLoader) osgiClassLoader.getMethod("getInstance", null).invoke(null);
+ } catch (ClassNotFoundException e) {
+ // fall back option - it can't hurt if we scan ctx class loader 2 times.
+ return Thread.currentThread().getContextClassLoader();
+ } catch (Exception e) {
+ throw new RuntimeException("Unable to call getInstance on OsgiClassLoader", e);
+ }
+ }
+
+ static ClassLoader[] getOSGIContextClassLoaders(ClassLoader appClassLoader) {
+ return doPrivileged((PrivilegedAction<ClassLoader[]>) () -> {
+ return new ClassLoader[] { appClassLoader, // User defined classes
+ getOSGiClassLoader(), // OSGi bundle context needs to be on top of TCCL, system CL, etc.
+ Util.class.getClassLoader(), // Infinispan classes (not always on TCCL [modular env])
+ ClassLoader.getSystemClassLoader(), // Used when load time instrumentation is in effect
+ Thread.currentThread().getContextClassLoader() //Used by jboss-as stuff
+ };
+ });
+ }
}
diff --git a/commons/src/main/java/org/infinispan/commons/util/Util.java b/commons/src/main/java/org/infinispan/commons/util/Util.java
index 97078494be4b..3febe48e4fd5 100644
--- a/commons/src/main/java/org/infinispan/commons/util/Util.java
+++ b/commons/src/main/java/org/infinispan/commons/util/Util.java
@@ -115,33 +115,11 @@ public static boolean isOSGiContext() {
public static ClassLoader[] getClassLoaders(ClassLoader appClassLoader) {
if (isOSGiContext()) {
- return new ClassLoader[] { appClassLoader, // User defined classes
- getOSGiClassLoader(), // OSGi bundle context needs to be on top of TCCL, system CL, etc.
- Util.class.getClassLoader(), // Infinispan classes (not always on TCCL [modular env])
- ClassLoader.getSystemClassLoader(), // Used when load time instrumentation is in effect
- Thread.currentThread().getContextClassLoader() //Used by jboss-as stuff
- };
+ return SecurityActions.getOSGIContextClassLoaders(appClassLoader);
} else {
- return new ClassLoader[] { appClassLoader, // User defined classes
- Util.class.getClassLoader(), // Infinispan classes (not always on TCCL [modular env])
- ClassLoader.getSystemClassLoader(), // Used when load time instrumentation is in effect
- Thread.currentThread().getContextClassLoader() //Used by jboss-as stuff
- };
- }
- }
-
- private static ClassLoader getOSGiClassLoader() {
- // Make loading class optional
- try {
- Class<?> osgiClassLoader = Class.forName("org.infinispan.commons.util.OsgiClassLoader");
- return (ClassLoader) osgiClassLoader.getMethod("getInstance", null).invoke(null);
- } catch (ClassNotFoundException e) {
- // fall back option - it can't hurt if we scan ctx class loader 2 times.
- return Thread.currentThread().getContextClassLoader();
- } catch (Exception e) {
- throw new RuntimeException("Unable to call getInstance on OsgiClassLoader", e);
- }
- }
+ return SecurityActions.getClassLoaders(appClassLoader);
+ }
+ }
/**
* <p>

203
CVE-2019-10174.patch Normal file
View File

@ -0,0 +1,203 @@
From 5dbb05cfaca01a1a66732b82a0f5ba615ccbd214 Mon Sep 17 00:00:00 2001
From: Dan Berindei <dan@infinispan.org>
Date: Thu, 13 Jun 2019 12:11:52 +0300
Subject: [PATCH] ISPN-9600 ReflectionUtil.invokeAccessibly should not be
public
(cherry picked from commit 7bdc2822ccf79127a488130239c49a5e944e3ca2)
Conflicts:
commons/src/main/java/org/infinispan/commons/util/ReflectionUtil.java
commons/src/main/java/org/infinispan/commons/util/SecurityActions.java
core/src/main/java/org/infinispan/distribution/group/impl/GroupManagerImpl.java
core/src/main/java/org/infinispan/factories/impl/BasicComponentRegistryImpl.java
core/src/test/java/org/infinispan/test/TestingUtil.java
---
.../commons/util/ReflectionUtil.java | 17 ++++++++++++---
.../commons/util/SecurityActions.java | 21 -------------------
.../distribution/group/GroupManagerImpl.java | 12 ++++++-----
.../factories/AbstractComponentRegistry.java | 16 +++++++-------
.../infinispan/factories/SecurityActions.java | 8 +++++++
5 files changed, 37 insertions(+), 37 deletions(-)
diff --git a/commons/src/main/java/org/infinispan/commons/util/ReflectionUtil.java b/commons/src/main/java/org/infinispan/commons/util/ReflectionUtil.java
index 9b70e1430c6f..49ff83ac4dbe 100644
--- a/commons/src/main/java/org/infinispan/commons/util/ReflectionUtil.java
+++ b/commons/src/main/java/org/infinispan/commons/util/ReflectionUtil.java
@@ -6,6 +6,7 @@
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
@@ -161,8 +162,19 @@ private static Field findFieldRecursively(Class<?> c, String fieldName) {
* @param method method to execute
* @param parameters parameters
*/
- public static Object invokeAccessibly(Object instance, Method method, Object[] parameters) {
- return SecurityActions.invokeAccessibly(instance, method, parameters);
+ public static Object invokeMethod(Object instance, Method method, Object[] parameters) {
+ try {
+ return method.invoke(instance, parameters);
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause() != null ? e.getCause() : e;
+ throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance
+ .getClass().getSimpleName()) +
+ (parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), cause);
+ } catch (Exception e) {
+ throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance
+ .getClass().getSimpleName()) +
+ (parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), e);
+ }
}
public static Method findGetterForField(Class<?> c, String fieldName) {
@@ -260,7 +272,6 @@ public static Object getValue(Object instance, String fieldName) {
* @param ann annotation to search for. Must be a class-level annotation.
* @return the annotation instance, or null
*/
- @SuppressWarnings("unchecked")
public static <T extends Annotation> T getAnnotation(Class<?> clazz, Class<T> ann) {
while (true) {
// first check class
diff --git a/commons/src/main/java/org/infinispan/commons/util/SecurityActions.java b/commons/src/main/java/org/infinispan/commons/util/SecurityActions.java
index 72d721349181..6ca2151e0bae 100644
--- a/commons/src/main/java/org/infinispan/commons/util/SecurityActions.java
+++ b/commons/src/main/java/org/infinispan/commons/util/SecurityActions.java
@@ -1,12 +1,7 @@
package org.infinispan.commons.util;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.util.Arrays;
-
-import org.infinispan.commons.CacheException;
/**
* Privileged actions for the package
@@ -84,22 +79,6 @@ private static <T> T doPrivileged(PrivilegedAction<T> action) {
}
}
- static Object invokeAccessibly(Object instance, Method method, Object[] parameters) {
- return doPrivileged((PrivilegedAction<Object>) () -> {
- try {
- method.setAccessible(true);
- return method.invoke(instance, parameters);
- } catch (InvocationTargetException e) {
- Throwable cause = e.getCause() != null ? e.getCause() : e;
- throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance.getClass().getSimpleName()) +
- (parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), cause);
- } catch (Exception e) {
- throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance.getClass().getSimpleName()) +
- (parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), e);
- }
- });
- }
-
static ClassLoader[] getClassLoaders(ClassLoader appClassLoader) {
return doPrivileged((PrivilegedAction<ClassLoader[]>) () -> {
return new ClassLoader[] { appClassLoader, // User defined classes
diff --git a/core/src/main/java/org/infinispan/distribution/group/GroupManagerImpl.java b/core/src/main/java/org/infinispan/distribution/group/GroupManagerImpl.java
index 566c8a7746f5..369537aa7319 100644
--- a/core/src/main/java/org/infinispan/distribution/group/GroupManagerImpl.java
+++ b/core/src/main/java/org/infinispan/distribution/group/GroupManagerImpl.java
@@ -1,6 +1,6 @@
package org.infinispan.distribution.group;
-import static org.infinispan.commons.util.ReflectionUtil.invokeAccessibly;
+import static org.infinispan.commons.util.ReflectionUtil.invokeMethod;
import org.infinispan.commons.util.CollectionFactory;
import org.infinispan.commons.util.ReflectionUtil;
@@ -50,13 +50,15 @@ public GroupMetadataImpl(Method method) {
@Override
public String getGroup(Object instance) {
- Object object;
if (System.getSecurityManager() == null) {
- object = invokeAccessibly(instance, method, Util.EMPTY_OBJECT_ARRAY);
+ method.setAccessible(true);
} else {
- object = AccessController.doPrivileged((PrivilegedAction<Object>) () -> invokeAccessibly(instance, method, Util.EMPTY_OBJECT_ARRAY));
+ AccessController.doPrivileged((PrivilegedAction<List<Method>>) () -> {
+ method.setAccessible(true);
+ return null;
+ });
}
- return String.class.cast(object);
+ return String.class.cast(invokeMethod(instance, method, Util.EMPTY_OBJECT_ARRAY));
}
}
diff --git a/core/src/main/java/org/infinispan/factories/AbstractComponentRegistry.java b/core/src/main/java/org/infinispan/factories/AbstractComponentRegistry.java
index 468dd4b266b2..367ae6709343 100644
--- a/core/src/main/java/org/infinispan/factories/AbstractComponentRegistry.java
+++ b/core/src/main/java/org/infinispan/factories/AbstractComponentRegistry.java
@@ -21,7 +21,6 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
@@ -35,8 +34,6 @@
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.TimeUnit;
-import static org.infinispan.commons.util.ReflectionUtil.invokeAccessibly;
-
/**
* A registry where components which have been created are stored. Components are stored as singletons, registered
* under a specific name.
@@ -245,11 +242,7 @@ private void invokeInjectionMethod(Object o, ComponentMetadata.InjectMetadata in
boolean nameIsFQCN = !injectMetadata.isParameterNameSet(i);
params[i] = getOrCreateComponent(dependencies[i], name, nameIsFQCN);
}
- if (System.getSecurityManager() == null) {
- invokeAccessibly(o, injectMetadata.getMethod(), params);
- } else {
- AccessController.doPrivileged((PrivilegedAction<Object>) () -> invokeAccessibly(o, injectMetadata.getMethod(), params));
- }
+ invokeAccessibly(o, injectMetadata.getMethod(), params);
}
}
@@ -465,6 +458,13 @@ public void rewire() {
}
}
+ private static Object invokeAccessibly(Object instance, Method method, Object[] parameters) {
+ return SecurityActions.doPrivileged(() -> {
+ method.setAccessible(true);
+ return ReflectionUtil.invokeMethod(instance, method, parameters);
+ });
+ }
+
/**
* Scans each registered component for lifecycle methods, and adds them to the appropriate lists, and then sorts them
* by priority.
diff --git a/core/src/main/java/org/infinispan/factories/SecurityActions.java b/core/src/main/java/org/infinispan/factories/SecurityActions.java
index 43f12152fe53..9a4ab8f1bc97 100644
--- a/core/src/main/java/org/infinispan/factories/SecurityActions.java
+++ b/core/src/main/java/org/infinispan/factories/SecurityActions.java
@@ -21,6 +21,14 @@
final class SecurityActions {
private static final Log log = LogFactory.getLog(SecurityActions.class);
+ static <T> T doPrivileged(PrivilegedAction<T> action) {
+ if (System.getSecurityManager() != null) {
+ return AccessController.doPrivileged(action);
+ } else {
+ return action.run();
+ }
+ }
+
private static Field findFieldRecursively(Class<?> c, String fieldName) {
Field f = null;
try {

9
infinispan.spec
View File

@ -1,6 +1,6 @@
Name: infinispan
Version: 8.2.4
Release: 12
Release: 13
Summary: Data grid platform
License: ASL 2.0 and LGPLv2+ and Public Domain
URL: http://infinispan.org/
@ -12,6 +12,10 @@ Patch1: implement-abstract-functions-extended-from-class-Directory.patch
Patch2: CVE-2016-0750.patch
Patch3: CVE-2017-15089-1.patch
Patch4: CVE-2017-15089-2.patch
# https://github.com/infinispan/infinispan/commit/b317b7e70de2621fb25806b611126bcaf8793beb
Patch5: CVE-2019-10174-pre.patch
# https://github.com/infinispan/infinispan/commit/5dbb05cfaca01a1a66732b82a0f5ba615ccbd214
Patch6: CVE-2019-10174.patch
BuildRequires: maven-local mvn(com.clearspring.analytics:stream) mvn(com.mchange:c3p0)
BuildRequires: mvn(commons-logging:commons-logging) mvn(commons-pool:commons-pool)
@ -223,6 +227,9 @@ export JAVA_TOOL_OPTIONS="-Xmx4096m"
%license LICENSE.txt
%changelog
* Mon May 27 2024 yaoxin <yao_xin001@hoperun.com> - 8.2.4-13
- Fix CVE-2019-10174
* Sat Apr 13 2024 Dingli Zhang <dingli@iscas.ac.cn> - 8.2.4-12
- Add -Xmx4096m for riscv64