changeset 5562:7a56330dd261

7201070: Serialization to conform to protocol Reviewed-by: dmocek, ahgross, skoivu
author smarks
date Thu, 08 Nov 2012 15:21:44 -0800
parents c25d0c986fac
children b5103eeb377a
files src/share/classes/java/io/ObjectInputStream.java
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/io/ObjectInputStream.java	Tue Oct 30 17:18:43 2012 +0400
+++ b/src/share/classes/java/io/ObjectInputStream.java	Thu Nov 08 15:21:44 2012 -0800
@@ -1750,6 +1750,12 @@
         ObjectStreamClass desc = readClassDesc(false);
         desc.checkDeserialize();
 
+        Class<?> cl = desc.forClass();
+        if (cl == String.class || cl == Class.class
+                || cl == ObjectStreamClass.class) {
+            throw new InvalidClassException("invalid class descriptor");
+        }
+
         Object obj;
         try {
             obj = desc.isInstantiable() ? desc.newInstance() : null;