aboutsummaryrefslogtreecommitdiff
path: root/src/share/classes/sun/rmi
diff options
context:
space:
mode:
Diffstat (limited to 'src/share/classes/sun/rmi')
-rw-r--r--src/share/classes/sun/rmi/registry/RegistryImpl_Skel.java26
-rw-r--r--src/share/classes/sun/rmi/server/UnicastRef.java5
-rw-r--r--src/share/classes/sun/rmi/transport/tcp/TCPEndpoint.java6
3 files changed, 26 insertions, 11 deletions
diff --git a/src/share/classes/sun/rmi/registry/RegistryImpl_Skel.java b/src/share/classes/sun/rmi/registry/RegistryImpl_Skel.java
index c0a06f1f01..2d9102f1a6 100644
--- a/src/share/classes/sun/rmi/registry/RegistryImpl_Skel.java
+++ b/src/share/classes/sun/rmi/registry/RegistryImpl_Skel.java
@@ -27,7 +27,9 @@
package sun.rmi.registry;
import java.io.IOException;
+import java.io.ObjectInputStream;
+import sun.misc.SharedSecrets;
import sun.rmi.transport.StreamRemoteCall;
/**
@@ -83,8 +85,9 @@ public final class RegistryImpl_Skel
java.lang.String $param_String_1;
java.rmi.Remote $param_Remote_2;
try {
- java.io.ObjectInput in = call.getInputStream();
- $param_String_1 = (java.lang.String) in.readObject();
+ ObjectInputStream in = (ObjectInputStream)call.getInputStream();
+ $param_String_1 =
+ SharedSecrets.getJavaObjectInputStreamReadString().readString(in);
$param_Remote_2 = (java.rmi.Remote) in.readObject();
} catch (ClassCastException | IOException | ClassNotFoundException e) {
call.discardPendingRefs();
@@ -118,9 +121,10 @@ public final class RegistryImpl_Skel
{
java.lang.String $param_String_1;
try {
- java.io.ObjectInput in = call.getInputStream();
- $param_String_1 = (java.lang.String) in.readObject();
- } catch (ClassCastException | IOException | ClassNotFoundException e) {
+ ObjectInputStream in = (ObjectInputStream)call.getInputStream();
+ $param_String_1 =
+ SharedSecrets.getJavaObjectInputStreamReadString().readString(in);
+ } catch (ClassCastException | IOException e) {
call.discardPendingRefs();
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
@@ -144,8 +148,9 @@ public final class RegistryImpl_Skel
java.lang.String $param_String_1;
java.rmi.Remote $param_Remote_2;
try {
- java.io.ObjectInput in = call.getInputStream();
- $param_String_1 = (java.lang.String) in.readObject();
+ ObjectInputStream in = (ObjectInputStream)call.getInputStream();
+ $param_String_1 =
+ SharedSecrets.getJavaObjectInputStreamReadString().readString(in);
$param_Remote_2 = (java.rmi.Remote) in.readObject();
} catch (ClassCastException | IOException | java.lang.ClassNotFoundException e) {
call.discardPendingRefs();
@@ -169,9 +174,10 @@ public final class RegistryImpl_Skel
java.lang.String $param_String_1;
try {
- java.io.ObjectInput in = call.getInputStream();
- $param_String_1 = (java.lang.String) in.readObject();
- } catch (ClassCastException | IOException | ClassNotFoundException e) {
+ ObjectInputStream in = (ObjectInputStream)call.getInputStream();
+ $param_String_1 =
+ SharedSecrets.getJavaObjectInputStreamReadString().readString(in);
+ } catch (ClassCastException | IOException e) {
call.discardPendingRefs();
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
diff --git a/src/share/classes/sun/rmi/server/UnicastRef.java b/src/share/classes/sun/rmi/server/UnicastRef.java
index 831c41bd9e..b01a2b87ec 100644
--- a/src/share/classes/sun/rmi/server/UnicastRef.java
+++ b/src/share/classes/sun/rmi/server/UnicastRef.java
@@ -27,6 +27,7 @@ package sun.rmi.server;
import java.io.IOException;
import java.io.ObjectInput;
+import java.io.ObjectInputStream;
import java.io.ObjectOutput;
import java.lang.reflect.Method;
import java.rmi.MarshalException;
@@ -38,6 +39,8 @@ import java.rmi.server.RemoteCall;
import java.rmi.server.RemoteObject;
import java.rmi.server.RemoteRef;
import java.security.AccessController;
+
+import sun.misc.SharedSecrets;
import sun.rmi.runtime.Log;
import sun.rmi.transport.Connection;
import sun.rmi.transport.LiveRef;
@@ -318,6 +321,8 @@ public class UnicastRef implements RemoteRef {
} else {
throw new Error("Unrecognized primitive type: " + type);
}
+ } else if (type == String.class && in instanceof ObjectInputStream) {
+ return SharedSecrets.getJavaObjectInputStreamReadString().readString((ObjectInputStream)in);
} else {
return in.readObject();
}
diff --git a/src/share/classes/sun/rmi/transport/tcp/TCPEndpoint.java b/src/share/classes/sun/rmi/transport/tcp/TCPEndpoint.java
index d7338219ac..0d849ed7f2 100644
--- a/src/share/classes/sun/rmi/transport/tcp/TCPEndpoint.java
+++ b/src/share/classes/sun/rmi/transport/tcp/TCPEndpoint.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@ import java.io.DataOutput;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
+import java.lang.reflect.Proxy;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
@@ -553,6 +554,9 @@ public class TCPEndpoint implements Endpoint {
host = in.readUTF();
port = in.readInt();
csf = (RMIClientSocketFactory) in.readObject();
+ if (Proxy.isProxyClass(csf.getClass())) {
+ throw new IOException("Invalid SocketFactory");
+ }
break;
default:
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 16:08:01 +0000