Skip to content

Commit

Permalink
8296878: Document Filter attached to JPasswordField and setText("") i…
Browse files Browse the repository at this point in the history 
…s not cleared instead inserted characters replaced with unicode null characters

Reviewed-by: prr, aivanov
  • Loading branch information
@mrserb
mrserb committed Nov 30, 2022
1 parent 9ced2ea commit 87f00f4
Show file tree
Hide file tree
Showing 2 changed files with 92 additions and 15 deletions.
38 changes: 23 additions & 15 deletions src/java.desktop/share/classes/javax/swing/JPasswordField.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -36,8 +36,10 @@
import javax.accessibility.AccessibleRole;
import javax.accessibility.AccessibleText;
import javax.accessibility.AccessibleTextSequence;
import javax.swing.text.AbstractDocument;
import javax.swing.text.BadLocationException;
import javax.swing.text.Document;
import javax.swing.text.DocumentFilter;
import javax.swing.text.Segment;

/**
Expand Down Expand Up @@ -300,21 +302,27 @@ public String getText(int offs, int len) throws BadLocationException {
public void setText(String t) {
// overwrite the old data first
Document doc = getDocument();
int nleft = doc.getLength();
Segment text = new Segment();
// we would like to get direct data array access, not a copy of it
text.setPartialReturn(true);
int offs = 0;
try {
while (nleft > 0) {
doc.getText(offs, nleft, text);
Arrays.fill(text.array, text.offset,
text.count + text.offset, '\u0000');
nleft -= text.count;
offs += text.count;
DocumentFilter filter = null;
if (doc instanceof AbstractDocument adoc) {
filter = adoc.getDocumentFilter();
}
if (filter == null) {
int nleft = doc.getLength();
Segment text = new Segment();
// we would like to get direct data array access, not a copy of it
text.setPartialReturn(true);
int offs = 0;
try {
while (nleft > 0) {
doc.getText(offs, nleft, text);
Arrays.fill(text.array, text.offset,
text.count + text.offset, '\u0000');
nleft -= text.count;
offs += text.count;
}
} catch (BadLocationException ignored) {
// we tried
}
} catch (BadLocationException ignored) {
// we tried
}
super.setText(t);
}
Expand Down
69 changes: 69 additions & 0 deletions test/jdk/javax/swing/JPasswordField/OldPasswordInDocumentFilter.java
View file
@@ -0,0 +1,69 @@
/*
* Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

import java.awt.EventQueue;
import java.util.Arrays;

import javax.swing.JPasswordField;
import javax.swing.text.AttributeSet;
import javax.swing.text.BadLocationException;
import javax.swing.text.Document;
import javax.swing.text.DocumentFilter;
import javax.swing.text.PlainDocument;

/**
* @test
* @bug 8296878
* @summary can the old password be accessed in the DocumentFilter
*/
public final class OldPasswordInDocumentFilter {

public static void main(String[] args) throws Exception {
EventQueue.invokeAndWait(OldPasswordInDocumentFilter::test);
}

private static void test() {
JPasswordField test = new JPasswordField();
PlainDocument document = (PlainDocument) test.getDocument();
document.setDocumentFilter(new DocumentFilter() {
@Override
public void replace(FilterBypass fb, int offset,
int length, String text, AttributeSet attrs)
throws BadLocationException
{
Document doc = fb.getDocument();
String string = doc.getText(0, doc.getLength()) + text;
if (string.length() <= 6 && string.matches("[0-9]+")) {
super.replace(fb, offset, length, text, attrs);
}
}
});
test.setText("123456");
test.setText("");

char[] password = test.getPassword();
if (password.length != 0) {
throw new RuntimeException(Arrays.toString(password));
}
}
}

7 comments on commit 87f00f4

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

@mrserb
Copy link
Member Author

@mrserb mrserb commented on 87f00f4 Dec 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk19u

@openjdk
Copy link

@openjdk openjdk bot commented on 87f00f4 Dec 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mrserb the backport was successfully created on the branch mrserb-backport-87f00f4a in my personal fork of openjdk/jdk19u. To create a pull request with this backport targeting openjdk/jdk19u:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit 87f00f4a from the openjdk/jdk repository.

The commit being backported was authored by Sergey Bylokhov on 30 Nov 2022 and was reviewed by Phil Race and Alexey Ivanov.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk19u:

$ git fetch https://github.com/openjdk-bots/jdk19u mrserb-backport-87f00f4a:mrserb-backport-87f00f4a
$ git checkout mrserb-backport-87f00f4a
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk19u mrserb-backport-87f00f4a

@mrserb
Copy link
Member Author

@mrserb mrserb commented on 87f00f4 Dec 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk17u-dev

@openjdk
Copy link

@openjdk openjdk bot commented on 87f00f4 Dec 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mrserb the backport was successfully created on the branch mrserb-backport-87f00f4a in my personal fork of openjdk/jdk17u-dev. To create a pull request with this backport targeting openjdk/jdk17u-dev:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit 87f00f4a from the openjdk/jdk repository.

The commit being backported was authored by Sergey Bylokhov on 30 Nov 2022 and was reviewed by Phil Race and Alexey Ivanov.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk17u-dev:

$ git fetch https://github.com/openjdk-bots/jdk17u-dev mrserb-backport-87f00f4a:mrserb-backport-87f00f4a
$ git checkout mrserb-backport-87f00f4a
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk17u-dev mrserb-backport-87f00f4a

@mrserb
Copy link
Member Author

@mrserb mrserb commented on 87f00f4 Dec 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk11u-dev

@openjdk
Copy link

@openjdk openjdk bot commented on 87f00f4 Dec 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mrserb Could not automatically backport 87f00f4a to openjdk/jdk11u-dev due to conflicts in the following files:

  • src/java.desktop/share/classes/javax/swing/JPasswordField.java

Please fetch the appropriate branch/commit and manually resolve these conflicts by using the following commands in your personal fork of openjdk/jdk11u-dev. Note: these commands are just some suggestions and you can use other equivalent commands you know.

# Fetch the up-to-date version of the target branch
$ git fetch --no-tags https://git.openjdk.org/jdk11u-dev master:master

# Check out the target branch and create your own branch to backport
$ git checkout master
$ git checkout -b mrserb-backport-87f00f4a

# Fetch the commit you want to backport
$ git fetch --no-tags https://git.openjdk.org/jdk 87f00f4a1bfb392be0684edcdfa0254caec4ca03

# Backport the commit
$ git cherry-pick --no-commit 87f00f4a1bfb392be0684edcdfa0254caec4ca03
# Resolve conflicts now

# Commit the files you have modified
$ git add files/with/resolved/conflicts
$ git commit -m 'Backport 87f00f4a1bfb392be0684edcdfa0254caec4ca03'

Once you have resolved the conflicts as explained above continue with creating a pull request towards the openjdk/jdk11u-dev with the title Backport 87f00f4a1bfb392be0684edcdfa0254caec4ca03.

Please sign in to comment.