Mercurial > hg > release > icedtea7-forest-2.2 > jdk
changeset 5275:a1dbbee035d2
8001322: Refactor deserialization
Reviewed-by: mchung, skoivu, smarks
author | dfuchs |
---|---|
date | Mon, 11 Mar 2013 15:07:19 +0100 |
parents | b3b230165c6e |
children | cd2f703eddd3 |
files | src/share/classes/java/io/ObjectInputStream.java |
diffstat | 1 files changed, 19 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/io/ObjectInputStream.java Wed Apr 10 23:02:46 2013 +0100 +++ b/src/share/classes/java/io/ObjectInputStream.java Mon Mar 11 15:07:19 2013 +0100 @@ -41,6 +41,7 @@ import java.util.concurrent.ConcurrentMap; import java.util.concurrent.atomic.AtomicBoolean; import static java.io.ObjectStreamClass.processQueue; +import sun.reflect.misc.ReflectUtil; /** * An ObjectInputStream deserializes primitive data and objects previously @@ -1519,6 +1520,12 @@ } } + private boolean isCustomSubclass() { + // Return true if this class is a custom subclass of ObjectInputStream + return getClass().getClassLoader() + != ObjectInputStream.class.getClassLoader(); + } + /** * Reads in and returns class descriptor for a dynamic proxy class. Sets * passHandle to proxy class descriptor's assigned handle. If proxy class @@ -1548,6 +1555,15 @@ try { if ((cl = resolveProxyClass(ifaces)) == null) { resolveEx = new ClassNotFoundException("null class"); + } else if (!Proxy.isProxyClass(cl)) { + throw new InvalidClassException("Not a proxy"); + } else { + // ReflectUtil.checkProxyPackageAccess makes a test + // equivalent to isCustomSubclass so there's no need + // to condition this call to isCustomSubclass == true here. + ReflectUtil.checkProxyPackageAccess( + getClass().getClassLoader(), + cl.getInterfaces()); } } catch (ClassNotFoundException ex) { resolveEx = ex; @@ -1589,9 +1605,12 @@ Class cl = null; ClassNotFoundException resolveEx = null; bin.setBlockDataMode(true); + final boolean checksRequired = isCustomSubclass(); try { if ((cl = resolveClass(readDesc)) == null) { resolveEx = new ClassNotFoundException("null class"); + } else if (checksRequired) { + ReflectUtil.checkPackageAccess(cl); } } catch (ClassNotFoundException ex) { resolveEx = ex;