8000650: unpack200.exe should check gzip crc
authorkizune
Thu, 19 Jun 2014 18:07:02 +0400
changeset 25149 7df9d6b3ef17
parent 25148 1026dc322690
child 25150 14cc6eb021d5
8000650: unpack200.exe should check gzip crc Reviewed-by: ksrini
jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
jdk/test/tools/pack200/PackChecksum.java
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp	Thu Jun 19 16:57:14 2014 +0400
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp	Thu Jun 19 18:07:02 2014 +0400
@@ -62,6 +62,13 @@
     return unpacker::run(argc, argv);
 }
 
+// Dealing with big-endian arch
+#ifdef _BIG_ENDIAN
+#define SWAP_INT(a) (((a>>24)&0xff) | ((a<<8)&0xff0000) | ((a>>8)&0xff00) | ((a<<24)&0xff000000))
+#else
+#define SWAP_INT(a) (a)
+#endif
+
 // Single-threaded, implementation, not reentrant.
 // Includes a weak error check against MT access.
 #ifndef THREAD_SELF
@@ -385,6 +392,7 @@
       u.start();
     }
   } else {
+    u.gzcrc = 0;
     u.start(peek, sizeof(peek));
   }
 
@@ -425,7 +433,23 @@
     status = 1;
   }
 
-  if (u.infileptr != null) {
+  if (!u.aborting() && u.infileptr != null) {
+    if (u.gzcrc != 0) {
+      // Read the CRC information from the gzip container
+      fseek(u.infileptr, -8, SEEK_END);
+      uint filecrc;
+      fread(&filecrc, sizeof(filecrc), 1, u.infileptr);
+      if (u.gzcrc != SWAP_INT(filecrc)) { // CRC error
+        if (strcmp(destination_file, "-") != 0) {
+          // Output is not stdout, remove it, it's broken
+          if (u.jarout != null)
+            u.jarout->closeJarFile(false);
+          remove(destination_file);
+        }
+        // Print out the error and exit with return code != 0
+        u.abort("CRC error, invalid compressed data.");
+      }
+    }
     fclose(u.infileptr);
     u.infileptr = null;
   }
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h	Thu Jun 19 16:57:14 2014 +0400
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h	Thu Jun 19 18:07:02 2014 +0400
@@ -171,6 +171,7 @@
   bytes inbytes;    // direct
   gunzip* gzin;     // gunzip filter, if any
   jar*  jarout;     // output JAR file
+  uint  gzcrc;      // CRC gathered from gzip content
 
 #ifndef PRODUCT
   int   nowrite;
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp	Thu Jun 19 16:57:14 2014 +0400
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp	Thu Jun 19 18:07:02 2014 +0400
@@ -551,6 +551,7 @@
       break;
     }
     int nr = readlen - zs.avail_out;
+    u->gzcrc = crc32(u->gzcrc, (const unsigned char *)bufptr, nr);
     numread += nr;
     bufptr += nr;
     assert(numread <= maxlen);
@@ -589,6 +590,7 @@
   zstream = NEW(z_stream, 1);
   u->gzin = this;
   u->read_input_fn = read_input_via_gzip;
+  u->gzcrc = crc32(0L, Z_NULL, 0);
 }
 
 void gunzip::start(int magic) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/tools/pack200/PackChecksum.java	Thu Jun 19 18:07:02 2014 +0400
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.jar.JarEntry;
+import java.util.jar.JarOutputStream;
+
+/*
+ * @test
+ * @bug 8000650
+ * @summary unpack200.exe should check gzip crc
+ * @compile -XDignore.symbol.file Utils.java PackChecksum.java
+ * @run main PackChecksum
+ * @author kizune
+ */
+public class PackChecksum {
+
+    public static void main(String... args) throws Exception {
+        testChecksum();
+    }
+
+    static void testChecksum() throws Exception {
+
+        // Create a fresh .jar file
+        File testFile = new File("src_tools.jar");
+        File testPack = new File("src_tools.pack.gz");
+        generateJar(testFile);
+        List<String> cmdsList = new ArrayList<>();
+
+        // Create .pack file
+        cmdsList.add(Utils.getPack200Cmd());
+        cmdsList.add(testPack.getName());
+        cmdsList.add(testFile.getName());
+        Utils.runExec(cmdsList);
+
+        // Mess up with the checksum of the packed file
+        RandomAccessFile raf = new RandomAccessFile(testPack, "rw");
+        raf.seek(raf.length() - 8);
+        int val = raf.readInt();
+        val = Integer.MAX_VALUE - val;
+        raf.seek(raf.length() - 8);
+        raf.writeInt(val);
+        raf.close();
+
+        File dstFile = new File("dst_tools.jar");
+        cmdsList.clear();
+        cmdsList.add(Utils.getUnpack200Cmd());
+        cmdsList.add(testPack.getName());
+        cmdsList.add(dstFile.getName());
+
+        boolean passed = false;
+        try {
+            Utils.runExec(cmdsList);
+        } catch (RuntimeException re) {
+            // unpack200 should exit with non-zero exit code
+            passed = true;
+        }
+
+        // tidy up
+        if (testFile.exists()) testFile.delete();
+        if (testPack.exists()) testPack.delete();
+        if (dstFile.exists()) dstFile.delete();
+        if (!passed) {
+            throw new Exception("File with incorrect CRC unpacked without the error.");
+        }
+    }
+
+    static void generateJar(File result) throws IOException {
+        if (result.exists()) {
+            result.delete();
+        }
+
+        try (JarOutputStream output = new JarOutputStream(new FileOutputStream(result)); ) {
+            for (int i = 0 ; i < 100 ; i++) {
+                JarEntry e = new JarEntry("F-" + i + ".txt");
+                output.putNextEntry(e);
+            }
+            output.flush();
+            output.close();
+        }
+    }
+
+}