Mercurial > hg > release > icedtea7-forest-2.1 > corba

changeset 330:4d9e4fb8af09

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
7055902, CVE-2011-3521: IIOP deserialization code execution
author andrew
date Fri, 14 Oct 2011 00:55:29 +0100
parents 953de8c7bccb
children 78cd4b4fcb75
files src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java
diffstat 1 files changed, 9 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java	Wed Sep 28 23:12:47 2011 +0100
+++ b/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java	Fri Oct 14 00:55:29 2011 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -2243,6 +2243,10 @@
                 }
 
                 try {
+                    Class fieldCl = fields[i].getClazz();
+                    if (objectValue != null && !fieldCl.isInstance(objectValue)) {
+                        throw new IllegalArgumentException();
+                    }
                     bridge.putObject( o, fields[i].getFieldID(), objectValue ) ;
                     // reflective code: fields[i].getField().set( o, objectValue ) ;
                 } catch (IllegalArgumentException e) {
@@ -2553,6 +2557,10 @@
     {
         try {
             Field fld = c.getDeclaredField( fieldName ) ;
+            Class fieldCl = fld.getType();
+            if(v != null && !fieldCl.isInstance(v)) {
+                throw new Exception();
+            }
             long key = bridge.objectFieldOffset( fld ) ;
             bridge.putObject( o, key, v ) ;
         } catch (Exception e) {