changeset 5905:6c99bbdc35ff

Merge
author dfuchs
date Thu, 14 Mar 2013 21:17:42 +0000
parents 8dd8266a2f4b 1d14cb00aa71
children 25ebac17c3cb
files
diffstat 2 files changed, 32 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/io/ObjectInputStream.java	Thu Mar 14 13:54:32 2013 -0700
+++ b/src/share/classes/java/io/ObjectInputStream.java	Thu Mar 14 21:17:42 2013 +0000
@@ -41,6 +41,7 @@
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.atomic.AtomicBoolean;
 import static java.io.ObjectStreamClass.processQueue;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * An ObjectInputStream deserializes primitive data and objects previously
@@ -1519,6 +1520,12 @@
         }
     }
 
+    private boolean isCustomSubclass() {
+        // Return true if this class is a custom subclass of ObjectInputStream
+        return getClass().getClassLoader()
+                    != ObjectInputStream.class.getClassLoader();
+    }
+
     /**
      * Reads in and returns class descriptor for a dynamic proxy class.  Sets
      * passHandle to proxy class descriptor's assigned handle.  If proxy class
@@ -1548,6 +1555,15 @@
         try {
             if ((cl = resolveProxyClass(ifaces)) == null) {
                 resolveEx = new ClassNotFoundException("null class");
+            } else if (!Proxy.isProxyClass(cl)) {
+                throw new InvalidClassException("Not a proxy");
+            } else {
+                // ReflectUtil.checkProxyPackageAccess makes a test
+                // equivalent to isCustomSubclass so there's no need
+                // to condition this call to isCustomSubclass == true here.
+                ReflectUtil.checkProxyPackageAccess(
+                        getClass().getClassLoader(),
+                        cl.getInterfaces());
             }
         } catch (ClassNotFoundException ex) {
             resolveEx = ex;
@@ -1589,9 +1605,12 @@
         Class cl = null;
         ClassNotFoundException resolveEx = null;
         bin.setBlockDataMode(true);
+        final boolean checksRequired = isCustomSubclass();
         try {
             if ((cl = resolveClass(readDesc)) == null) {
                 resolveEx = new ClassNotFoundException("null class");
+            } else if (checksRequired) {
+                ReflectUtil.checkPackageAccess(cl);
             }
         } catch (ClassNotFoundException ex) {
             resolveEx = ex;
--- a/src/share/classes/sun/awt/datatransfer/TransferableProxy.java	Thu Mar 14 13:54:32 2013 -0700
+++ b/src/share/classes/sun/awt/datatransfer/TransferableProxy.java	Thu Mar 14 21:17:42 2013 +0000
@@ -102,11 +102,11 @@
     protected final boolean isLocal;
 }
 
-class ClassLoaderObjectOutputStream extends ObjectOutputStream {
+final class ClassLoaderObjectOutputStream extends ObjectOutputStream {
     private final Map<Set<String>, ClassLoader> map =
         new HashMap<Set<String>, ClassLoader>();
 
-    public ClassLoaderObjectOutputStream(OutputStream os) throws IOException {
+    ClassLoaderObjectOutputStream(OutputStream os) throws IOException {
         super(os);
     }
 
@@ -140,15 +140,15 @@
         map.put(s, classLoader);
     }
 
-    public Map<Set<String>, ClassLoader> getClassLoaderMap() {
+    Map<Set<String>, ClassLoader> getClassLoaderMap() {
         return new HashMap(map);
     }
 }
 
-class ClassLoaderObjectInputStream extends ObjectInputStream {
+final class ClassLoaderObjectInputStream extends ObjectInputStream {
     private final Map<Set<String>, ClassLoader> map;
 
-    public ClassLoaderObjectInputStream(InputStream is,
+    ClassLoaderObjectInputStream(InputStream is,
                                         Map<Set<String>, ClassLoader> map)
       throws IOException {
         super(is);
@@ -166,8 +166,11 @@
         s.add(className);
 
         ClassLoader classLoader = map.get(s);
-
-        return Class.forName(className, false, classLoader);
+        if (classLoader != null) {
+            return Class.forName(className, false, classLoader);
+        } else {
+            return super.resolveClass(classDesc);
+        }
     }
 
     protected Class<?> resolveProxyClass(String[] interfaces)
@@ -179,6 +182,9 @@
         }
 
         ClassLoader classLoader = map.get(s);
+        if (classLoader == null) {
+            return super.resolveProxyClass(interfaces);
+        }
 
         // The code below is mostly copied from the superclass.
         ClassLoader nonPublicLoader = null;