changeset 3922:5c978a922711

6686215: Some mutables not defensively copied when deserializing java.security.CodeSource & Timestamp objects Reviewed-by: mullan
author vinnie
date Mon, 14 Mar 2011 17:50:52 +0000
parents fa9d7e241517
children 2e473067520f
files src/share/classes/java/security/CodeSource.java src/share/classes/java/security/Timestamp.java
diffstat 2 files changed, 6 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/security/CodeSource.java	Mon Mar 14 09:05:06 2011 -0700
+++ b/src/share/classes/java/security/CodeSource.java	Mon Mar 14 17:50:52 2011 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -578,7 +578,7 @@
 
         // Deserialize array of code signers (if any)
         try {
-            this.signers = (CodeSigner[])ois.readObject();
+            this.signers = ((CodeSigner[])ois.readObject()).clone();
         } catch (IOException ioe) {
             // no signers present
         }
--- a/src/share/classes/java/security/Timestamp.java	Mon Mar 14 09:05:06 2011 -0700
+++ b/src/share/classes/java/security/Timestamp.java	Mon Mar 14 17:50:52 2011 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -157,7 +157,8 @@
     // Explicitly reset hash code value to -1
     private void readObject(ObjectInputStream ois)
         throws IOException, ClassNotFoundException {
-     ois.defaultReadObject();
-     myhash = -1;
+        ois.defaultReadObject();
+        myhash = -1;
+        timestamp = new Date(timestamp.getTime());
     }
 }