1 /*
2 * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 #include <assert.h>
27 #include <limits.h>
28 #include <setjmp.h>
29 #include <stdlib.h>
30 #include <string.h>
31
32 #include "jni.h"
33 #include "jvm.h"
34 #include "check_classname.h"
35
36 typedef unsigned short unicode;
37
38 static char *
39 skip_over_fieldname(char *name, jboolean slash_okay,
40 unsigned int len);
41 static char *
42 skip_over_field_signature(char *name, jboolean void_okay,
43 unsigned int len);
44
45 /*
46 * Return non-zero if the character is a valid in JVM class name, zero
47 * otherwise. The only characters currently disallowed from JVM class
48 * names are given in the table below:
49 *
50 * Character Hex Decimal
51 * '.' 0x2e 46
52 * '/' 0x2f 47
53 * ';' 0x3b 59
54 * '[' 0x5b 91
55 *
56 * (Method names have further restrictions dealing with the '<' and
57 * '>' characters.)
58 */
59 static int isJvmIdentifier(unicode ch) {
60 if( ch > 91 || ch < 46 )
61 return 1; /* Lowercase ASCII letters are > 91 */
62 else { /* 46 <= ch <= 91 */
63 if (ch <= 90 && ch >= 60) {
64 return 1; /* Uppercase ASCII recognized here */
65 } else { /* ch == 91 || 46 <= ch <= 59 */
66 if (ch == 91 || ch == 59 || ch <= 47)
67 return 0;
68 else
69 return 1;
70 }
71 }
72 }
73
74 static unicode
75 next_utf2unicode(char **utfstring_ptr, int * valid)
76 {
77 unsigned char *ptr = (unsigned char *)(*utfstring_ptr);
78 unsigned char ch, ch2, ch3;
79 int length = 1; /* default length */
80 unicode result = 0x80; /* default bad result; */
81 *valid = 1;
82 switch ((ch = ptr[0]) >> 4) {
83 default:
84 result = ch;
85 break;
86
87 case 0x8: case 0x9: case 0xA: case 0xB: case 0xF:
88 /* Shouldn't happen. */
89 *valid = 0;
90 break;
91
92 case 0xC: case 0xD:
93 /* 110xxxxx 10xxxxxx */
94 if (((ch2 = ptr[1]) & 0xC0) == 0x80) {
95 unsigned char high_five = ch & 0x1F;
96 unsigned char low_six = ch2 & 0x3F;
97 result = (high_five << 6) + low_six;
98 length = 2;
99 }
100 break;
101
102 case 0xE:
103 /* 1110xxxx 10xxxxxx 10xxxxxx */
104 if (((ch2 = ptr[1]) & 0xC0) == 0x80) {
105 if (((ch3 = ptr[2]) & 0xC0) == 0x80) {
106 unsigned char high_four = ch & 0x0f;
107 unsigned char mid_six = ch2 & 0x3f;
108 unsigned char low_six = ch3 & 0x3f;
109 result = (((high_four << 6) + mid_six) << 6) + low_six;
110 length = 3;
111 } else {
112 length = 2;
113 }
114 }
115 break;
116 } /* end of switch */
117
118 *utfstring_ptr = (char *)(ptr + length);
119 return result;
120 }
121
122 /* Take pointer to a string. Skip over the longest part of the string that
123 * could be taken as a fieldname. Allow '/' if slash_okay is JNI_TRUE.
124 *
125 * Return a pointer to just past the fieldname. Return NULL if no fieldname
126 * at all was found, or in the case of slash_okay being true, we saw
127 * consecutive slashes (meaning we were looking for a qualified path but
128 * found something that was badly-formed).
129 */
130 static char *
131 skip_over_fieldname(char *name, jboolean slash_okay,
132 unsigned int length)
133 {
134 char *p;
135 unicode ch;
136 unicode last_ch = 0;
137 int valid = 1;
138 /* last_ch == 0 implies we are looking at the first char. */
139 for (p = name; p != name + length; last_ch = ch) {
140 char *old_p = p;
141 ch = *p;
142 if (ch < 128) {
143 p++;
144 if (isJvmIdentifier(ch)) {
145 continue;
146 }
147 } else {
148 char *tmp_p = p;
149 ch = next_utf2unicode(&tmp_p, &valid);
150 if (valid == 0)
151 return 0;
152 p = tmp_p;
153 if (isJvmIdentifier(ch)) {
154 continue;
155 }
156 }
157
158 if (slash_okay && ch == '/' && last_ch) {
159 if (last_ch == '/') {
160 return 0; /* Don't permit consecutive slashes */
161 }
162 } else if (ch == '_' || ch == '$') {
163 } else {
164 return last_ch ? old_p : 0;
165 }
166 }
167 return last_ch ? p : 0;
168 }
169
170 /* Take pointer to a string. Skip over the longest part of the string that
171 * could be taken as a field signature. Allow "void" if void_okay.
172 *
173 * Return a pointer to just past the signature. Return NULL if no legal
174 * signature is found.
175 */
176
177 static char *
178 skip_over_field_signature(char *name, jboolean void_okay,
179 unsigned int length)
180 {
181 unsigned int array_dim = 0;
182 for (;length > 0;) {
183 switch (name[0]) {
184 case JVM_SIGNATURE_VOID:
185 if (!void_okay) return 0;
186 /* FALL THROUGH */
187 case JVM_SIGNATURE_BOOLEAN:
188 case JVM_SIGNATURE_BYTE:
189 case JVM_SIGNATURE_CHAR:
190 case JVM_SIGNATURE_SHORT:
191 case JVM_SIGNATURE_INT:
192 case JVM_SIGNATURE_FLOAT:
193 case JVM_SIGNATURE_LONG:
194 case JVM_SIGNATURE_DOUBLE:
195 return name + 1;
196
197 case JVM_SIGNATURE_CLASS: {
198 /* Skip over the classname, if one is there. */
199 char *p =
200 skip_over_fieldname(name + 1, JNI_TRUE, --length);
201 /* The next character better be a semicolon. */
202 if (p && p - name - 1 > 0 && p[0] == ';')
203 return p + 1;
204 return 0;
205 }
206
207 case JVM_SIGNATURE_ARRAY:
208 array_dim++;
209 /* JVMS 2nd ed. 4.10 */
210 /* The number of dimensions in an array is limited to 255 ... */
211 if (array_dim > 255) {
212 return 0;
213 }
214 /* The rest of what's there better be a legal signature. */
215 name++;
216 length--;
217 void_okay = JNI_FALSE;
218 break;
219
220 default:
221 return 0;
222 }
223 }
224 return 0;
225 }
226
227 /* Determine if the specified name is legal
228 * UTF name for a classname.
229 *
230 * Note that this routine expects the internal form of qualified classes:
231 * the dots should have been replaced by slashes.
232 */
233 jboolean verifyClassname(char *name, jboolean allowArrayClass)
234 {
235 size_t s = strlen(name);
236 assert(s <= UINT_MAX);
237 unsigned int length = (unsigned int)s;
238 char *p;
239
240 if (length > 0 && name[0] == JVM_SIGNATURE_ARRAY) {
241 if (!allowArrayClass) {
242 return JNI_FALSE;
243 } else {
244 /* Everything that's left better be a field signature */
245 p = skip_over_field_signature(name, JNI_FALSE, length);
246 }
247 } else {
248 /* skip over the fieldname. Slashes are okay */
249 p = skip_over_fieldname(name, JNI_TRUE, length);
250 }
251 return (p != 0 && p - name == (ptrdiff_t)length);
252 }
253
254 /*
255 * Translates '.' to '/'. Returns JNI_TRUE if any / were present.
256 */
257 jboolean verifyFixClassname(char *name)
258 {
259 char *p = name;
260 jboolean slashesFound = JNI_FALSE;
261 int valid = 1;
262
263 while (valid != 0 && *p != '\0') {
264 if (*p == '/') {
265 slashesFound = JNI_TRUE;
266 p++;
267 } else if (*p == '.') {
268 *p++ = '/';
269 } else {
270 next_utf2unicode(&p, &valid);
271 }
272 }
273
274 return slashesFound && valid != 0;
275 }
276
277 /*
278 * Translates '.' to '/'.
279 */
280 void fixClassname(char *name)
281 {
282 char *p = name;
283 int valid = 1;
284
285 while (valid != 0 && *p != '\0') {
286 if (*p == '.') {
287 *p++ = '/';
288 } else {
289 next_utf2unicode(&p, &valid);
290 }
291 }
292 }