# HG changeset patch # User vinnie # Date 1475771637 -3600 # Node ID 64e3c222a4c6282117e32ce2db219d7cd11e558d # Parent 68a8e8658511093b322a46ed04b2a321e1da2a43 8158997: JNDI Protocols Switch Reviewed-by: dfuchs diff -r 68a8e8658511 -r 64e3c222a4c6 src/java.corba/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java --- a/src/java.corba/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java Thu Jan 12 23:41:16 2017 +0000 +++ b/src/java.corba/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java Thu Oct 06 17:33:57 2016 +0100 @@ -33,6 +33,8 @@ import org.omg.CosNaming.*; +import com.sun.jndi.toolkit.corba.CorbaUtils; + /** * Implements the JNDI NamingEnumeration interface for COS * Naming. Gets hold of a list of bindings from the COS Naming Server @@ -212,7 +214,10 @@ Name cname = CNNameParser.cosNameToName(bndg.binding_name); try { - obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env); + // Check whether object factory codebase is trusted + if (CorbaUtils.isObjectFactoryTrusted(obj)) { + obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env); + } } catch (NamingException e) { throw e; } catch (Exception e) { diff -r 68a8e8658511 -r 64e3c222a4c6 src/java.corba/share/classes/com/sun/jndi/cosnaming/CNCtx.java --- a/src/java.corba/share/classes/com/sun/jndi/cosnaming/CNCtx.java Thu Jan 12 23:41:16 2017 +0000 +++ b/src/java.corba/share/classes/com/sun/jndi/cosnaming/CNCtx.java Thu Oct 06 17:33:57 2016 +0100 @@ -36,6 +36,8 @@ import java.io.InputStreamReader; import java.io.BufferedReader; import java.io.IOException; +import java.security.AccessController; +import java.security.PrivilegedAction; import org.omg.CosNaming.*; import org.omg.CosNaming.NamingContextPackage.*; @@ -82,6 +84,19 @@ private static final String FED_PROP = "com.sun.jndi.cosnaming.federation"; boolean federation = false; + /** + * Determines whether classes may be loaded from an arbitrary URL code base. + */ + public static final boolean trustURLCodebase; + static { + // System property to control whether classes may be loaded from an + // arbitrary URL code base + PrivilegedAction act = () -> System.getProperty( + "com.sun.jndi.cosnaming.object.trustURLCodebase", "false"); + String trust = AccessController.doPrivileged(act); + trustURLCodebase = "true".equalsIgnoreCase(trust); + } + // Reference counter for tracking _orb references OrbReuseTracker orbTracker = null; int enumCount; @@ -534,12 +549,16 @@ if (name.size() == 0 ) return this; // %%% should clone() so that env can be changed NameComponent[] path = CNNameParser.nameToCosName(name); + java.lang.Object answer = null; try { - java.lang.Object answer = callResolve(path); - + answer = callResolve(path); try { - return NamingManager.getObjectInstance(answer, name, this, _env); + // Check whether object factory codebase is trusted + if (CorbaUtils.isObjectFactoryTrusted(answer)) { + answer = NamingManager.getObjectInstance( + answer, name, this, _env); + } } catch (NamingException e) { throw e; } catch (Exception e) { @@ -552,6 +571,7 @@ javax.naming.Context cctx = getContinuationContext(cpe); return cctx.lookup(cpe.getRemainingName()); } + return answer; } /** diff -r 68a8e8658511 -r 64e3c222a4c6 src/java.corba/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java --- a/src/java.corba/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java Thu Jan 12 23:41:16 2017 +0000 +++ b/src/java.corba/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java Thu Oct 06 17:33:57 2016 +0100 @@ -33,6 +33,8 @@ import org.omg.CosNaming.NamingContextPackage.*; import org.omg.CORBA.*; +import com.sun.jndi.toolkit.corba.CorbaUtils; + /** * A convenience class to map the COS Naming exceptions to the JNDI exceptions. * @author Raj Krishnamurthy @@ -202,10 +204,13 @@ // Not a context, use object factory to transform object. Name cname = CNNameParser.cosNameToName(resolvedName); - java.lang.Object resolvedObj2; + java.lang.Object resolvedObj2 = null; try { - resolvedObj2 = NamingManager.getObjectInstance(resolvedObj, - cname, ctx, ctx._env); + // Check whether object factory codebase is trusted + if (CorbaUtils.isObjectFactoryTrusted(resolvedObj)) { + resolvedObj2 = NamingManager.getObjectInstance(resolvedObj, + cname, ctx, ctx._env); + } } catch (NamingException ge) { throw ge; } catch (Exception ge) { diff -r 68a8e8658511 -r 64e3c222a4c6 src/java.corba/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java --- a/src/java.corba/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java Thu Jan 12 23:41:16 2017 +0000 +++ b/src/java.corba/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java Thu Oct 06 17:33:57 2016 +0100 @@ -36,11 +36,12 @@ import org.omg.CORBA.ORB; -import javax.naming.Context; -import javax.naming.ConfigurationException; +import javax.naming.*; import javax.rmi.CORBA.Stub; import javax.rmi.PortableRemoteObject; +import com.sun.jndi.cosnaming.CNCtx; + import java.io.UnsupportedEncodingException; import java.net.MalformedURLException; import java.net.URLDecoder; @@ -183,6 +184,32 @@ } /** + * Check whether object factory code base is trusted. + * Classes may only be loaded from an arbitrary URL code base when + * the system property com.sun.jndi.rmi.object.trustURLCodebase + * has been set to "true". + */ + public static boolean isObjectFactoryTrusted(Object obj) + throws NamingException { + + // Extract Reference, if possible + Reference ref = null; + if (obj instanceof Reference) { + ref = (Reference) obj; + } else if (obj instanceof Referenceable) { + ref = ((Referenceable)(obj)).getReference(); + } + + if (ref != null && ref.getFactoryClassLocation() != null && + !CNCtx.trustURLCodebase) { + throw new ConfigurationException( + "The object factory is untrusted. Set the system property" + + " 'com.sun.jndi.cosnaming.object.trustURLCodebase' to 'true'."); + } + return true; + } + + /** * Decode a URI string (according to RFC 2396). */ public static final String decode(String s) throws MalformedURLException {