changeset 2378:e943f6b0b0e9

6736390: File TOCTOU deserialization vulnerability Reviewed-by: hawtin
author alanb
date Wed, 25 Nov 2009 10:02:50 +0000
parents b1e8f41ed755
children ff9c2f53594e bc309e9233ce
files src/share/classes/java/io/File.java
diffstat 1 files changed, 4 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/io/File.java	Mon Nov 23 12:40:46 2009 +0000
+++ b/src/share/classes/java/io/File.java	Wed Nov 25 10:02:50 2009 +0000
@@ -2064,11 +2064,12 @@
     private synchronized void readObject(java.io.ObjectInputStream s)
          throws IOException, ClassNotFoundException
     {
-        s.defaultReadObject();
+        ObjectInputStream.GetField fields = s.readFields();
+        String pathField = (String)fields.get("path", null);
         char sep = s.readChar(); // read the previous separator char
         if (sep != separatorChar)
-            this.path = this.path.replace(sep, separatorChar);
-        this.path = fs.normalize(this.path);
+            pathField = pathField.replace(sep, separatorChar);
+        this.path = fs.normalize(pathField);
         this.prefixLength = fs.prefixLength(this.path);
     }