Upgrade java.util.zip package

#J2ObjC_Android13_JRE_Upgrade_2022

PiperOrigin-RevId: 549022208

Author: Yuxi Sun

jre_emul/android/platform/libcore/dalvik/src/main/java/dalvik/system/ZipPathValidator.java

@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package dalvik.system;
+
+import libcore.util.NonNull;
+
+import java.util.Objects;
+import java.util.zip.ZipException;
+
+/**
+ * Enables validation of zip file entry paths to prevent exploitation of the path traversal
+ * vulnerability, e.g. zip path entries containing ".." or "/". For more details, read
+ * <a href="https://developer.android.com/topic/security/risks/zip-path-traversal">this</a>.
+ * <p>
+ * The default implementation accepts all zip file entry paths without raising any exceptions.
+ * <p>
+ * For custom validation rules, the core functionality should be implemented in a {@link Callback}
+ * interface and that instance should be set in {@link #setCallback(Callback)}.
+ * <p>
+ * Existing validation could be set to a default one by calling {@link #clearCallback()}.
+ */
+public final class ZipPathValidator {
+
+    /**
+     * Default implementation of the {@link Callback} interface which accepts all paths.
+     *
+     * @hide
+     */
+    public static final Callback DEFAULT = new Callback() {};
+
+    private static volatile Callback sInstance = DEFAULT;
+
+    /**
+     * Clears the current validation mechanism by setting the current callback instance to a default
+     * validation.
+     */
+    public static void clearCallback() {
+        sInstance = DEFAULT;
+    }
+
+    /**
+     * Sets the current callback implementation for zip paths.
+     * <p>
+     * The provided callback should not perform IO or any blocking operations, but only perform path
+     * validation. A typical implementation will validate String entries in a single pass and throw
+     * a {@link ZipException} if the path contains potentially hazardous components such as "..".
+     *
+     * @param callback An instance of {@link Callback}'s implementation.
+     */
+    public static void setCallback(@NonNull Callback callback) {
+        sInstance = Objects.requireNonNull(callback);
+    }
+
+    /**
+     * Retrieves the current validator set by {@link #setCallback(Callback)}.
+     *
+     * @return Current callback.
+     *
+     * @hide
+     */
+    public static @NonNull Callback getInstance() {
+        return sInstance;
+    }
+
+    /**
+     * Returns true if the current validator is the default implementation {@link DEFAULT},
+     * otherwise false.
+     *
+     * @hide
+     */
+    public static boolean isClear() {
+        return sInstance.equals(DEFAULT);
+    }
+
+    /**
+     * Interface that defines the core validation mechanism when accessing zip file entry paths.
+     */
+    public interface Callback {
+        /**
+         * Called to check the validity of the path of a zip entry. The default implementation
+         * accepts all paths without raising any exceptions.
+         * <p>
+         * This method will be called by {@link java.util.zip.ZipInputStream#getNextEntry} or
+         * {@link java.util.zip.ZipFile#ZipFile(String)}.
+         *
+         * @param path The name of the zip entry.
+         * @throws ZipException If the zip entry is invalid depending on the implementation.
+         */
+        default void onZipEntryAccess(@NonNull String path) throws ZipException {}
+    }
+
+    private ZipPathValidator() {}
+}

jre_emul/android/platform/libcore/ojluni/src/main/java/java/util/zip/CheckedInputStream.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,9 +35,9 @@
  *
  * @see         Checksum
  * @author      David Connelly
+ * @since 1.1
  */
-public
-class CheckedInputStream extends FilterInputStream {
+public class CheckedInputStream extends FilterInputStream {
     private Checksum cksum;
 
     /**
@@ -53,7 +53,7 @@ public CheckedInputStream(InputStream in, Checksum cksum) {
     /**
      * Reads a byte. Will block if no input is available.
      * @return the byte read, or -1 if the end of the stream is reached.
-     * @exception IOException if an I/O error has occurred
+     * @throws    IOException if an I/O error has occurred
      */
     public int read() throws IOException {
         int b = in.read();
@@ -64,19 +64,19 @@ public int read() throws IOException {
     }
 
     /**
-     * Reads into an array of bytes. If <code>len</code> is not zero, the method
+     * Reads into an array of bytes. If {@code len} is not zero, the method
      * blocks until some input is available; otherwise, no
-     * bytes are read and <code>0</code> is returned.
+     * bytes are read and {@code 0} is returned.
      * @param buf the buffer into which the data is read
-     * @param off the start offset in the destination array <code>b</code>
+     * @param off the start offset in the destination array {@code b}
      * @param len the maximum number of bytes read
      * @return    the actual number of bytes read, or -1 if the end
      *            of the stream is reached.
-     * @exception  NullPointerException If <code>buf</code> is <code>null</code>.
-     * @exception  IndexOutOfBoundsException If <code>off</code> is negative,
-     * <code>len</code> is negative, or <code>len</code> is greater than
-     * <code>buf.length - off</code>
-     * @exception IOException if an I/O error has occurred
+     * @throws     NullPointerException If {@code buf} is {@code null}.
+     * @throws     IndexOutOfBoundsException If {@code off} is negative,
+     * {@code len} is negative, or {@code len} is greater than
+     * {@code buf.length - off}
+     * @throws    IOException if an I/O error has occurred
      */
     public int read(byte[] buf, int off, int len) throws IOException {
         len = in.read(buf, off, len);
@@ -90,7 +90,7 @@ public int read(byte[] buf, int off, int len) throws IOException {
      * Skips specified number of bytes of input.
      * @param n the number of bytes to skip
      * @return the actual number of bytes skipped
-     * @exception IOException if an I/O error has occurred
+     * @throws    IOException if an I/O error has occurred
      */
     public long skip(long n) throws IOException {
         byte[] buf = new byte[512];
@@ -113,4 +113,4 @@ public long skip(long n) throws IOException {
     public Checksum getChecksum() {
         return cksum;
     }
-}
+}

jre_emul/android/platform/libcore/ojluni/src/main/java/java/util/zip/CheckedOutputStream.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 1999, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,9 +36,9 @@
  *
  * @see         Checksum
  * @author      David Connelly
+ * @since 1.1
  */
-public
-class CheckedOutputStream extends FilterOutputStream {
+public class CheckedOutputStream extends FilterOutputStream {
     private Checksum cksum;
 
     /**
@@ -54,7 +54,7 @@ public CheckedOutputStream(OutputStream out, Checksum cksum) {
     /**
      * Writes a byte. Will block until the byte is actually written.
      * @param b the byte to be written
-     * @exception IOException if an I/O error has occurred
+     * @throws    IOException if an I/O error has occurred
      */
     public void write(int b) throws IOException {
         out.write(b);
@@ -67,7 +67,7 @@ public void write(int b) throws IOException {
      * @param b the data to be written
      * @param off the start offset of the data
      * @param len the number of bytes to be written
-     * @exception IOException if an I/O error has occurred
+     * @throws    IOException if an I/O error has occurred
      */
     public void write(byte[] b, int off, int len) throws IOException {
         out.write(b, off, len);
@@ -81,4 +81,4 @@ public void write(byte[] b, int off, int len) throws IOException {
     public Checksum getChecksum() {
         return cksum;
     }
-}
+}

jre_emul/android/platform/libcore/ojluni/src/main/java/java/util/zip/Checksum.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 1999, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,16 +22,18 @@
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */
-
 package java.util.zip;
 
+import java.nio.ByteBuffer;
+
 /**
  * An interface representing a data checksum.
  *
- * @author      David Connelly
+ * @author David Connelly
+ * @since 1.1
  */
-public
-interface Checksum {
+public interface Checksum {
+
     /**
      * Updates the current checksum with the specified byte.
      *
@@ -41,14 +43,89 @@ interface Checksum {
 
     /**
      * Updates the current checksum with the specified array of bytes.
+     *
+     * @implSpec This default implementation is equal to calling
+     * {@code update(b, 0, b.length)}.
+     *
+     * @param b the array of bytes to update the checksum with
+     *
+     * @throws NullPointerException
+     *         if {@code b} is {@code null}
+     *
+     * @since 9
+     */
+    default public void update(byte[] b) {
+        update(b, 0, b.length);
+    }
+
+    /**
+     * Updates the current checksum with the specified array of bytes.
+     *
      * @param b the byte array to update the checksum with
      * @param off the start offset of the data
      * @param len the number of bytes to use for the update
      */
     public void update(byte[] b, int off, int len);
 
+    /**
+     * Updates the current checksum with the bytes from the specified buffer.
+     *
+     * The checksum is updated with the remaining bytes in the buffer, starting
+     * at the buffer's position. Upon return, the buffer's position will be
+     * updated to its limit; its limit will not have been changed.
+     *
+     * @apiNote For best performance with DirectByteBuffer and other ByteBuffer
+     * implementations without a backing array implementers of this interface
+     * should override this method.
+     *
+     * @implSpec The default implementation has the following behavior.<br>
+     * For ByteBuffers backed by an accessible byte array.
+     * <pre>{@code
+     * update(buffer.array(),
+     *        buffer.position() + buffer.arrayOffset(),
+     *        buffer.remaining());
+     * }</pre>
+     * For ByteBuffers not backed by an accessible byte array.
+     * <pre>{@code
+     * byte[] b = new byte[Math.min(buffer.remaining(), 4096)];
+     * while (buffer.hasRemaining()) {
+     *     int length = Math.min(buffer.remaining(), b.length);
+     *     buffer.get(b, 0, length);
+     *     update(b, 0, length);
+     * }
+     * }</pre>
+     *
+     * @param buffer the ByteBuffer to update the checksum with
+     *
+     * @throws NullPointerException
+     *         if {@code buffer} is {@code null}
+     *
+     * @since 9
+     */
+    default public void update(ByteBuffer buffer) {
+        int pos = buffer.position();
+        int limit = buffer.limit();
+        assert (pos <= limit);
+        int rem = limit - pos;
+        if (rem <= 0) {
+            return;
+        }
+        if (buffer.hasArray()) {
+            update(buffer.array(), pos + buffer.arrayOffset(), rem);
+        } else {
+            byte[] b = new byte[Math.min(buffer.remaining(), 4096)];
+            while (buffer.hasRemaining()) {
+                int length = Math.min(buffer.remaining(), b.length);
+                buffer.get(b, 0, length);
+                update(b, 0, length);
+            }
+        }
+        buffer.position(limit);
+    }
+
     /**
      * Returns the current checksum value.
+     *
      * @return the current checksum value
      */
     public long getValue();
@@ -57,4 +134,4 @@ interface Checksum {
      * Resets the checksum to its initial value.
      */
     public void reset();
-}
+}

jre_emul/android/platform/libcore/ojluni/src/main/java/java/util/zip/DataFormatException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,9 +29,10 @@
  * Signals that a data format error has occurred.
  *
  * @author      David Connelly
+ * @since 1.1
  */
-public
-class DataFormatException extends Exception {
+public class DataFormatException extends Exception {
+    @java.io.Serial
     private static final long serialVersionUID = 2219632870893641452L;
 
     /**
@@ -49,4 +50,4 @@ public DataFormatException() {
     public DataFormatException(String s) {
         super(s);
     }
-}
+}