OpenJDK / jdk / hs
changeset 18238:d1ed51b53296
8012917: ObjectStreamClass and ObjectStreamField should be CallerSensitive aware
Reviewed-by: mchung
| author | chegar |
|---|---|
| date | Mon, 22 Apr 2013 11:08:27 +0100 |
| parents | 54af2a0e06da |
| children | 4af5dc2d5794 |
| files | jdk/src/share/classes/java/io/ObjectStreamClass.java jdk/src/share/classes/java/io/ObjectStreamField.java |
| diffstat | 2 files changed, 9 insertions(+), 22 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/share/classes/java/io/ObjectStreamClass.java Mon Apr 22 10:55:14 2013 +0100 +++ b/jdk/src/share/classes/java/io/ObjectStreamClass.java Mon Apr 22 11:08:27 2013 +0100 @@ -49,6 +49,8 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; import sun.misc.Unsafe; +import sun.reflect.CallerSensitive; +import sun.reflect.Reflection; import sun.reflect.ReflectionFactory; import sun.reflect.misc.ReflectUtil; @@ -259,12 +261,13 @@ * * @return the <code>Class</code> instance that this descriptor represents */ + @CallerSensitive public Class<?> forClass() { if (cl == null) { return null; } - ClassLoader ccl = ObjectStreamField.getCallerClassLoader(); - if (ReflectUtil.needsPackageAccessCheck(ccl, cl.getClassLoader())) { + Class<?> caller = Reflection.getCallerClass(); + if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) { ReflectUtil.checkPackageAccess(cl); } return cl;
--- a/jdk/src/share/classes/java/io/ObjectStreamField.java Mon Apr 22 10:55:14 2013 +0100 +++ b/jdk/src/share/classes/java/io/ObjectStreamField.java Mon Apr 22 11:08:27 2013 +0100 @@ -26,6 +26,7 @@ package java.io; import java.lang.reflect.Field; +import sun.reflect.CallerSensitive; import sun.reflect.Reflection; import sun.reflect.misc.ReflectUtil; @@ -159,32 +160,15 @@ * @return a <code>Class</code> object representing the type of the * serializable field */ + @CallerSensitive public Class<?> getType() { - ClassLoader ccl = getCallerClassLoader(); - if (ReflectUtil.needsPackageAccessCheck(ccl, type.getClassLoader())) { + Class<?> caller = Reflection.getCallerClass(); + if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), type.getClassLoader())) { ReflectUtil.checkPackageAccess(type); } return type; } - // Returns the invoker's class loader. - // This is package private because it is accessed from ObjectStreamClass. - // NOTE: This must always be invoked when there is exactly one intervening - // frame from the core libraries on the stack between this method's - // invocation and the desired invoker. The frame count of 3 is determined - // as follows: - // - // 0: Reflection.getCallerClass - // 1: getCallerClassLoader() - // 2: ObjectStreamField.getType() or ObjectStreamClass.forClass() - // 3: the caller we want to check - // - // NOTE: copied from java.lang.ClassLoader and modified. - static ClassLoader getCallerClassLoader() { - Class caller = Reflection.getCallerClass(3); - return caller.getClassLoader(); - } - /** * Returns character encoding of field type. The encoding is as follows: * <blockquote><pre>