Mercurial > hg > release > icedtea7-forest-2.1 > jdk

changeset 4916:c4a8017b0818

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8008615: Improve robustness of JMX internal APIs Reviewed-by: dfuchs, skoivu, dholmes
author sjiang
date Thu, 21 Mar 2013 18:27:25 +0100
parents 0fe7dd24c5bb
children 5fc193fbdff4
files src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java src/share/classes/javax/management/MBeanServerFactory.java src/share/classes/javax/management/remote/rmi/RMIConnector.java
diffstat 3 files changed, 8 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java	Thu Mar 21 13:56:28 2013 +0100
+++ b/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java	Thu Mar 21 18:27:25 2013 +0100
@@ -30,7 +30,7 @@
 import java.io.InputStream;
 import java.io.ObjectInputStream;
 import java.io.ObjectStreamClass;
-import java.io.StreamCorruptedException;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * This class deserializes an object in the context of a specific class loader.
@@ -61,6 +61,7 @@
             return super.resolveClass(aClass);
         } else {
             String name = aClass.getName();
+            ReflectUtil.checkPackageAccess(name);
             // Query the class loader ...
             return Class.forName(name, false, loader);
         }
--- a/src/share/classes/javax/management/MBeanServerFactory.java	Thu Mar 21 13:56:28 2013 +0100
+++ b/src/share/classes/javax/management/MBeanServerFactory.java	Thu Mar 21 18:27:25 2013 +0100
@@ -34,6 +34,7 @@
 import java.util.ArrayList;
 import java.util.logging.Level;
 import javax.management.loading.ClassLoaderRepository;
+import sun.reflect.misc.ReflectUtil;
 
 
 /**
@@ -446,7 +447,7 @@
         }
 
         // No context class loader? Try with Class.forName()
-        return Class.forName(builderClassName);
+        return ReflectUtil.forName(builderClassName);
     }
 
     /**
--- a/src/share/classes/javax/management/remote/rmi/RMIConnector.java	Thu Mar 21 13:56:28 2013 +0100
+++ b/src/share/classes/javax/management/remote/rmi/RMIConnector.java	Thu Mar 21 18:27:25 2013 +0100
@@ -103,6 +103,7 @@
 import javax.naming.NamingException;
 import javax.rmi.ssl.SslRMIClientSocketFactory;
 import javax.security.auth.Subject;
+import sun.reflect.misc.ReflectUtil;
 import sun.rmi.server.UnicastRef2;
 import sun.rmi.transport.LiveRef;
 
@@ -1991,7 +1992,9 @@
         @Override
         protected Class<?> resolveClass(ObjectStreamClass classDesc)
                 throws IOException, ClassNotFoundException {
-            return Class.forName(classDesc.getName(), false, loader);
+            String name = classDesc.getName();
+            ReflectUtil.checkPackageAccess(name);
+            return Class.forName(name, false, loader);
         }
 
         private final ClassLoader loader;