Mercurial > hg > openjdk > jdk6 > corba
changeset 62:23f471142a03 jdk6-b24
7055902: Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability
Reviewed-by: coffeys
| author | mbankal |
|---|---|
| date | Tue, 09 Aug 2011 06:57:03 -0700 |
| parents | 82557c6d8d45 |
| children | a976cb99adbb c971de26dc9c |
| files | src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java |
| diffstat | 1 files changed, 9 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java Wed Jul 06 17:22:32 2011 -0700 +++ b/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java Tue Aug 09 06:57:03 2011 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -2239,6 +2239,10 @@ } try { + Class fieldCl = fields[i].getClazz(); + if (objectValue != null && !fieldCl.isInstance(objectValue)) { + throw new IllegalArgumentException(); + } bridge.putObject( o, fields[i].getFieldID(), objectValue ) ; // reflective code: fields[i].getField().set( o, objectValue ) ; } catch (IllegalArgumentException e) { @@ -2549,6 +2553,10 @@ { try { Field fld = c.getDeclaredField( fieldName ) ; + Class fieldCl = fld.getType(); + if(v != null && !fieldCl.isInstance(v)) { + throw new Exception(); + } long key = bridge.objectFieldOffset( fld ) ; bridge.putObject( o, key, v ) ; } catch (Exception e) {