Mercurial > hg > release > icedtea7-forest-2.1 > jdk
changeset 4916:c4a8017b0818
8008615: Improve robustness of JMX internal APIs
Reviewed-by: dfuchs, skoivu, dholmes
author | sjiang |
---|---|
date | Thu, 21 Mar 2013 18:27:25 +0100 |
parents | 0fe7dd24c5bb |
children | 5fc193fbdff4 |
files | src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java src/share/classes/javax/management/MBeanServerFactory.java src/share/classes/javax/management/remote/rmi/RMIConnector.java |
diffstat | 3 files changed, 8 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java Thu Mar 21 13:56:28 2013 +0100 +++ b/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java Thu Mar 21 18:27:25 2013 +0100 @@ -30,7 +30,7 @@ import java.io.InputStream; import java.io.ObjectInputStream; import java.io.ObjectStreamClass; -import java.io.StreamCorruptedException; +import sun.reflect.misc.ReflectUtil; /** * This class deserializes an object in the context of a specific class loader. @@ -61,6 +61,7 @@ return super.resolveClass(aClass); } else { String name = aClass.getName(); + ReflectUtil.checkPackageAccess(name); // Query the class loader ... return Class.forName(name, false, loader); }
--- a/src/share/classes/javax/management/MBeanServerFactory.java Thu Mar 21 13:56:28 2013 +0100 +++ b/src/share/classes/javax/management/MBeanServerFactory.java Thu Mar 21 18:27:25 2013 +0100 @@ -34,6 +34,7 @@ import java.util.ArrayList; import java.util.logging.Level; import javax.management.loading.ClassLoaderRepository; +import sun.reflect.misc.ReflectUtil; /** @@ -446,7 +447,7 @@ } // No context class loader? Try with Class.forName() - return Class.forName(builderClassName); + return ReflectUtil.forName(builderClassName); } /**
--- a/src/share/classes/javax/management/remote/rmi/RMIConnector.java Thu Mar 21 13:56:28 2013 +0100 +++ b/src/share/classes/javax/management/remote/rmi/RMIConnector.java Thu Mar 21 18:27:25 2013 +0100 @@ -103,6 +103,7 @@ import javax.naming.NamingException; import javax.rmi.ssl.SslRMIClientSocketFactory; import javax.security.auth.Subject; +import sun.reflect.misc.ReflectUtil; import sun.rmi.server.UnicastRef2; import sun.rmi.transport.LiveRef; @@ -1991,7 +1992,9 @@ @Override protected Class<?> resolveClass(ObjectStreamClass classDesc) throws IOException, ClassNotFoundException { - return Class.forName(classDesc.getName(), false, loader); + String name = classDesc.getName(); + ReflectUtil.checkPackageAccess(name); + return Class.forName(name, false, loader); } private final ClassLoader loader;