Security Fix for DoS caused by very small subnormal double, found by Konstantin Preisser

at http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/. Fix from https://bugs.openjdk.java.net/show_bug.cgi?id=100119. Ok kurt@ (maintainer), ok & comments sthen@, ok naddy@, aja@.
2011-02-05 23:11:17 +00:00 · 2011-02-05 23:11:17 +00:00 · 5eb3a84fc6
commit 5eb3a84fc6
parent 84c285a372
6 changed files with 57 additions and 7 deletions
--- a/devel/jdk/1.5/Makefile
+++ b/devel/jdk/1.5/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.65 2010/11/27 11:54:53 espie Exp $
+# $OpenBSD: Makefile,v 1.66 2011/02/05 23:11:17 ian Exp $

 SHARED_ONLY=		Yes
 ONLY_FOR_ARCHS= 	amd64 i386
@ -8,9 +8,9 @@ COMMENT-jre=		Java2(TM) Standard Edition Runtime Environment v${V}
 V=			1.5.0.16
 PKGNAME=		jdk-${V}
 PKGNAME-main=		jdk-${V}
-REVISION-main =		3
+REVISION-main =		4
 PKGNAME-jre=		jre-${V}
-REVISION-jre =		3
+REVISION-jre =		4

 CATEGORIES=		devel devel/jdk java

--- a/devel/jdk/1.5/patches/patch-j2se_src_share_classes_sun_misc_FloatingDecimal_java
+++ b/devel/jdk/1.5/patches/patch-j2se_src_share_classes_sun_misc_FloatingDecimal_java
@ -0,0 +1,16 @@
+$OpenBSD: patch-j2se_src_share_classes_sun_misc_FloatingDecimal_java,v 1.1 2011/02/05 23:11:18 ian Exp $
+
+# Fix for DoS caused by very small subnormal double, original fix at 
+# https://bugs.openjdk.java.net/show_bug.cgi?id=100119
+
+--- j2se/src/share/classes/sun/misc/FloatingDecimal.java.orig	Sat Feb  5 09:34:49 2011
+++ j2se/src/share/classes/sun/misc/FloatingDecimal.java	Sat Feb  5 09:36:11 2011
+@@ -1529,7 +1529,7 @@ public class FloatingDecimal{
+ 		if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){
+ 		    overvalue = true; // our candidate is too big.
+ 		    diff = bigB.sub( bigD );
+-		    if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){
+		    if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){
+ 			// candidate is a normalized exact power of 2 and
+ 			// is too big. We will be subtracting.
+ 			// For our purposes, ulp is the ulp of the
--- a/devel/jdk/1.6/Makefile
+++ b/devel/jdk/1.6/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.20 2010/11/27 11:54:53 espie Exp $
+# $OpenBSD: Makefile,v 1.21 2011/02/05 23:11:18 ian Exp $

 SHARED_ONLY=		Yes
 ONLY_FOR_ARCHS= 	amd64 i386
@ -8,9 +8,9 @@ COMMENT-jre=		Java2(TM) Standard Edition Runtime Environment v${V}
 V=			1.6.0.03
 PKGNAME=		jdk-${V}
 PKGNAME-main=		jdk-${V}
-REVISION-main =		11
+REVISION-main =		12
 PKGNAME-jre=		jre-${V}
-REVISION-jre =		11
+REVISION-jre =		12

 CATEGORIES=		devel/jdk java

--- a/devel/jdk/1.6/patches/patch-j2se_src_share_classes_sun_misc_FloatingDecimal_java
+++ b/devel/jdk/1.6/patches/patch-j2se_src_share_classes_sun_misc_FloatingDecimal_java
@ -0,0 +1,16 @@
+$OpenBSD: patch-j2se_src_share_classes_sun_misc_FloatingDecimal_java,v 1.1 2011/02/05 23:11:18 ian Exp $
+
+# Fix for DoS caused by very small subnormal double, original fix at 
+# https://bugs.openjdk.java.net/show_bug.cgi?id=100119
+
+--- j2se/src/share/classes/sun/misc/FloatingDecimal.java.orig	Sat Feb  5 08:25:48 2011
+++ j2se/src/share/classes/sun/misc/FloatingDecimal.java	Sat Feb  5 08:31:10 2011
+@@ -1529,7 +1529,7 @@ public class FloatingDecimal{
+ 		if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){
+ 		    overvalue = true; // our candidate is too big.
+ 		    diff = bigB.sub( bigD );
+-		    if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){
+		    if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){
+ 			// candidate is a normalized exact power of 2 and
+ 			// is too big. We will be subtracting.
+ 			// For our purposes, ulp is the ulp of the
--- a/devel/jdk/1.7/Makefile
+++ b/devel/jdk/1.7/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.41 2011/01/13 22:35:52 kurt Exp $
+# $OpenBSD: Makefile,v 1.42 2011/02/05 23:11:18 ian Exp $

 SHARED_ONLY=	Yes
 ONLY_FOR_ARCHS=	i386 amd64
@ -9,7 +9,9 @@ V=		1.7.0.00
 B=		b122
 PKGNAME=	jdk-${V}
 PKGNAME-main=	jdk-${V}${B:S/b/beta/}
+REVISION-main =	0
 PKGNAME-jre=	jre-${V}${B:S/b/beta/}
+REVISION-jre =	0
 EPOCH=		0

 # see openjdk/jaxp/jaxp.properties & openjdk/jaxws/jaxws.properties 
--- a/devel/jdk/1.7/patches/patch-jdk_src_share_classes_sun_misc_FloatingDecimal_java
+++ b/devel/jdk/1.7/patches/patch-jdk_src_share_classes_sun_misc_FloatingDecimal_java
@ -0,0 +1,16 @@
+$OpenBSD: patch-jdk_src_share_classes_sun_misc_FloatingDecimal_java,v 1.1 2011/02/05 23:11:18 ian Exp $
+
+# Fix for DoS caused by very small subnormal double, original fix at 
+# https://bugs.openjdk.java.net/show_bug.cgi?id=100119
+
+--- jdk/src/share/classes/sun/misc/FloatingDecimal.java.orig	Sat Feb  5 08:45:51 2011
+++ jdk/src/share/classes/sun/misc/FloatingDecimal.java	Sat Feb  5 08:44:59 2011
+@@ -1547,7 +1547,7 @@ public class FloatingDecimal{
+                 if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){
+                     overvalue = true; // our candidate is too big.
+                     diff = bigB.sub( bigD );
+-                    if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){
+                    if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){
+                         // candidate is a normalized exact power of 2 and
+                         // is too big. We will be subtracting.
+                         // For our purposes, ulp is the ulp of the