Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java
changeset 46160 c647e44ea1b9
parent 45989 e4f526fd8e09
equal deleted inserted replaced
46159:97256df3734f 46160:c647e44ea1b9 
    26 package sun.rmi.registry;
 
    26 package sun.rmi.registry;
 
    27 
    27 
    28 import java.io.ObjectInputFilter;
 
    28 import java.io.ObjectInputFilter;
 
    29 import java.nio.file.Path;
 
    29 import java.nio.file.Path;
 
    30 import java.nio.file.Paths;
 
    30 import java.nio.file.Paths;
 
    31 import java.rmi.server.LogStream;
 
       
    32 import java.security.PrivilegedAction;
 
    31 import java.security.PrivilegedAction;
 
    33 import java.security.Security;
 
    32 import java.security.Security;
 
    34 import java.util.ArrayList;
 
    33 import java.util.ArrayList;
 
    35 import java.util.Enumeration;
 
    34 import java.util.Enumeration;
 
    36 import java.util.Hashtable;
 
    35 import java.util.Hashtable;
 
    56 import java.security.PermissionCollection;
 
    55 import java.security.PermissionCollection;
 
    57 import java.security.Permissions;
 
    56 import java.security.Permissions;
 
    58 import java.security.ProtectionDomain;
 
    57 import java.security.ProtectionDomain;
 
    59 import java.text.MessageFormat;
 
    58 import java.text.MessageFormat;
 
    60 
    59 
       
    60 import jdk.internal.misc.SharedSecrets;
 
    61 import sun.rmi.runtime.Log;
 
    61 import sun.rmi.runtime.Log;
 
    62 import sun.rmi.server.UnicastRef;
 
    62 import sun.rmi.server.UnicastRef;
 
    63 import sun.rmi.server.UnicastServerRef;
 
    63 import sun.rmi.server.UnicastServerRef;
 
    64 import sun.rmi.server.UnicastServerRef2;
 
    64 import sun.rmi.server.UnicastServerRef2;
 
    65 import sun.rmi.transport.LiveRef;
 
    65 import sun.rmi.transport.LiveRef;
 
   107 
   107 
   108     /** Registry max depth of remote invocations. **/
 
   108     /** Registry max depth of remote invocations. **/
 
   109     private static final int REGISTRY_MAX_DEPTH = 20;
 
   109     private static final int REGISTRY_MAX_DEPTH = 20;
 
   110 
   110 
   111     /** Registry maximum array size in remote invocations. **/
 
   111     /** Registry maximum array size in remote invocations. **/
 
   112     private static final int REGISTRY_MAX_ARRAY_SIZE = 10000;
 
   112     private static final int REGISTRY_MAX_ARRAY_SIZE = 1_000_000;
 
   113 
   113 
   114     /**
 
   114     /**
 
   115      * The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"}
 
   115      * The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"}
 
   116      * property.
 
   116      * property.
 
   117      */
 
   117      */
 
   128         String props = System.getProperty(REGISTRY_FILTER_PROPNAME);
 
   128         String props = System.getProperty(REGISTRY_FILTER_PROPNAME);
 
   129         if (props == null) {
 
   129         if (props == null) {
 
   130             props = Security.getProperty(REGISTRY_FILTER_PROPNAME);
 
   130             props = Security.getProperty(REGISTRY_FILTER_PROPNAME);
 
   131         }
 
   131         }
 
   132         if (props != null) {
 
   132         if (props != null) {
 
   133             filter = ObjectInputFilter.Config.createFilter(props);
 
   133             filter = SharedSecrets.getJavaObjectInputFilterAccess().createFilter2(props);
 
   134             Log regLog = Log.getLog("sun.rmi.registry", "registry", -1);
 
   134             Log regLog = Log.getLog("sun.rmi.registry", "registry", -1);
 
   135             if (regLog.isLoggable(Log.BRIEF)) {
 
   135             if (regLog.isLoggable(Log.BRIEF)) {
 
   136                 regLog.log(Log.BRIEF, "registryFilter = " + filter);
 
   136                 regLog.log(Log.BRIEF, "registryFilter = " + filter);
 
   137             }
 
   137             }
 
   138         }
 
   138         }
 
   449             return ObjectInputFilter.Status.REJECTED;
 
   449             return ObjectInputFilter.Status.REJECTED;
 
   450         }
 
   450         }
 
   451         Class<?> clazz = filterInfo.serialClass();
 
   451         Class<?> clazz = filterInfo.serialClass();
 
   452         if (clazz != null) {
 
   452         if (clazz != null) {
 
   453             if (clazz.isArray()) {
 
   453             if (clazz.isArray()) {
 
   454                 if (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE) {
 
   454                 // Arrays are REJECTED only if they exceed the limit
 
   455                     return ObjectInputFilter.Status.REJECTED;
 
   455                 return (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE)
 
   456                 }
 
   456                     ? ObjectInputFilter.Status.REJECTED
 
   457                 do {
 
   457                     : ObjectInputFilter.Status.UNDECIDED;
 
   458                     // Arrays are allowed depending on the component type
 
       
   459                     clazz = clazz.getComponentType();
 
       
   460                 } while (clazz.isArray());
 
       
   461             }
 
       
   462             if (clazz.isPrimitive()) {
 
       
   463                 // Arrays of primitives are allowed
 
       
   464                 return ObjectInputFilter.Status.ALLOWED;
 
       
   465             }
 
   458             }
 
   466             if (String.class == clazz
 
   459             if (String.class == clazz
 
   467                     || java.lang.Number.class.isAssignableFrom(clazz)
 
   460                     || java.lang.Number.class.isAssignableFrom(clazz)
 
   468                     || Remote.class.isAssignableFrom(clazz)
 
   461                     || Remote.class.isAssignableFrom(clazz)
 
   469                     || java.lang.reflect.Proxy.class.isAssignableFrom(clazz)
 
   462                     || java.lang.reflect.Proxy.class.isAssignableFrom(clazz)
jdk-sandbox