Mercurial > hg > release > icedtea7-forest-2.4 > jdk
changeset 7280:42e68c7fbe98
8030655: Regression: 14_01 Security fix 8024306 causes test failures
Reviewed-by: mullan, xuelei, ahgross
author | weijun |
---|---|
date | Wed, 15 Jan 2014 11:23:07 +0800 |
parents | 4e3fb3d5d4bf |
children | 6d918cec0812 |
files | src/share/classes/javax/security/auth/Subject.java |
diffstat | 1 files changed, 19 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/javax/security/auth/Subject.java Mon Dec 23 14:29:27 2013 +0100 +++ b/src/share/classes/javax/security/auth/Subject.java Wed Jan 15 11:23:07 2014 +0800 @@ -941,14 +941,30 @@ /** * Reads this object from a stream (i.e., deserializes it) */ + @SuppressWarnings("unchecked") private void readObject(java.io.ObjectInputStream s) throws java.io.IOException, ClassNotFoundException { - s.defaultReadObject(); + ObjectInputStream.GetField gf = s.readFields(); + + readOnly = gf.get("readOnly", false); + + Set<Principal> inputPrincs = (Set<Principal>)gf.get("principals", null); // Rewrap the principals into a SecureSet - principals = Collections.synchronizedSet(new SecureSet<Principal> - (this, PRINCIPAL_SET, principals)); + if (inputPrincs == null) { + throw new NullPointerException + (ResourcesMgr.getString("invalid.null.input.s.")); + } + try { + principals = Collections.synchronizedSet(new SecureSet<Principal> + (this, PRINCIPAL_SET, inputPrincs)); + } catch (NullPointerException npe) { + // Sometimes people deserialize the principals set only. + // Subject is not accessible, so just don't fail. + principals = Collections.synchronizedSet + (new SecureSet<Principal>(this, PRINCIPAL_SET)); + } // The Credential <code>Set</code> is not serialized, but we do not // want the default deserialization routine to set it to null.