Mercurial > hg > release > icedtea7-forest-2.0 > jdk
changeset 4575:2054526dd141 icedtea-2.0
7077466, CVE-2011-3556: RMI DGC server remote code execution
author | andrew |
---|---|
date | Fri, 14 Oct 2011 03:02:15 +0100 |
parents | 2d793ad2620f |
children | 52052ed420c5 |
files | src/share/classes/sun/rmi/server/UnicastServerRef.java |
diffstat | 1 files changed, 7 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/rmi/server/UnicastServerRef.java Fri Oct 14 01:09:35 2011 +0100 +++ b/src/share/classes/sun/rmi/server/UnicastServerRef.java Fri Oct 14 03:02:15 2011 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -390,6 +390,12 @@ ObjectInput in; try { in = call.getInputStream(); + try { + Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel"); + if (clazz.isAssignableFrom(skel.getClass())) { + ((MarshalInputStream)in).useCodebaseOnly(); + } + } catch (ClassNotFoundException ignore) { } hash = in.readLong(); } catch (Exception readEx) { throw new UnmarshalException("error unmarshalling call header",