Mercurial > hg > release > icedtea7-forest-2.0 > jdk

changeset 4575:2054526dd141 icedtea-2.0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
7077466, CVE-2011-3556: RMI DGC server remote code execution
author andrew
date Fri, 14 Oct 2011 03:02:15 +0100
parents 2d793ad2620f
children 52052ed420c5
files src/share/classes/sun/rmi/server/UnicastServerRef.java
diffstat 1 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/rmi/server/UnicastServerRef.java	Fri Oct 14 01:09:35 2011 +0100
+++ b/src/share/classes/sun/rmi/server/UnicastServerRef.java	Fri Oct 14 03:02:15 2011 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -390,6 +390,12 @@
             ObjectInput in;
             try {
                 in = call.getInputStream();
+                try {
+                    Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel");
+                    if (clazz.isAssignableFrom(skel.getClass())) {
+                        ((MarshalInputStream)in).useCodebaseOnly();
+                    }
+                } catch (ClassNotFoundException ignore) { }
                 hash = in.readLong();
             } catch (Exception readEx) {
                 throw new UnmarshalException("error unmarshalling call header",