equal
deleted
inserted
replaced
26 package sun.rmi.registry; |
26 package sun.rmi.registry; |
27 |
27 |
28 import java.io.ObjectInputFilter; |
28 import java.io.ObjectInputFilter; |
29 import java.nio.file.Path; |
29 import java.nio.file.Path; |
30 import java.nio.file.Paths; |
30 import java.nio.file.Paths; |
31 import java.rmi.server.LogStream; |
|
32 import java.security.PrivilegedAction; |
31 import java.security.PrivilegedAction; |
33 import java.security.Security; |
32 import java.security.Security; |
34 import java.util.ArrayList; |
33 import java.util.ArrayList; |
35 import java.util.Enumeration; |
34 import java.util.Enumeration; |
36 import java.util.Hashtable; |
35 import java.util.Hashtable; |
56 import java.security.PermissionCollection; |
55 import java.security.PermissionCollection; |
57 import java.security.Permissions; |
56 import java.security.Permissions; |
58 import java.security.ProtectionDomain; |
57 import java.security.ProtectionDomain; |
59 import java.text.MessageFormat; |
58 import java.text.MessageFormat; |
60 |
59 |
|
60 import jdk.internal.misc.SharedSecrets; |
61 import sun.rmi.runtime.Log; |
61 import sun.rmi.runtime.Log; |
62 import sun.rmi.server.UnicastRef; |
62 import sun.rmi.server.UnicastRef; |
63 import sun.rmi.server.UnicastServerRef; |
63 import sun.rmi.server.UnicastServerRef; |
64 import sun.rmi.server.UnicastServerRef2; |
64 import sun.rmi.server.UnicastServerRef2; |
65 import sun.rmi.transport.LiveRef; |
65 import sun.rmi.transport.LiveRef; |
107 |
107 |
108 /** Registry max depth of remote invocations. **/ |
108 /** Registry max depth of remote invocations. **/ |
109 private static final int REGISTRY_MAX_DEPTH = 20; |
109 private static final int REGISTRY_MAX_DEPTH = 20; |
110 |
110 |
111 /** Registry maximum array size in remote invocations. **/ |
111 /** Registry maximum array size in remote invocations. **/ |
112 private static final int REGISTRY_MAX_ARRAY_SIZE = 10000; |
112 private static final int REGISTRY_MAX_ARRAY_SIZE = 1_000_000; |
113 |
113 |
114 /** |
114 /** |
115 * The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"} |
115 * The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"} |
116 * property. |
116 * property. |
117 */ |
117 */ |
128 String props = System.getProperty(REGISTRY_FILTER_PROPNAME); |
128 String props = System.getProperty(REGISTRY_FILTER_PROPNAME); |
129 if (props == null) { |
129 if (props == null) { |
130 props = Security.getProperty(REGISTRY_FILTER_PROPNAME); |
130 props = Security.getProperty(REGISTRY_FILTER_PROPNAME); |
131 } |
131 } |
132 if (props != null) { |
132 if (props != null) { |
133 filter = ObjectInputFilter.Config.createFilter(props); |
133 filter = SharedSecrets.getJavaObjectInputFilterAccess().createFilter2(props); |
134 Log regLog = Log.getLog("sun.rmi.registry", "registry", -1); |
134 Log regLog = Log.getLog("sun.rmi.registry", "registry", -1); |
135 if (regLog.isLoggable(Log.BRIEF)) { |
135 if (regLog.isLoggable(Log.BRIEF)) { |
136 regLog.log(Log.BRIEF, "registryFilter = " + filter); |
136 regLog.log(Log.BRIEF, "registryFilter = " + filter); |
137 } |
137 } |
138 } |
138 } |
449 return ObjectInputFilter.Status.REJECTED; |
449 return ObjectInputFilter.Status.REJECTED; |
450 } |
450 } |
451 Class<?> clazz = filterInfo.serialClass(); |
451 Class<?> clazz = filterInfo.serialClass(); |
452 if (clazz != null) { |
452 if (clazz != null) { |
453 if (clazz.isArray()) { |
453 if (clazz.isArray()) { |
454 if (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE) { |
454 // Arrays are REJECTED only if they exceed the limit |
455 return ObjectInputFilter.Status.REJECTED; |
455 return (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE) |
456 } |
456 ? ObjectInputFilter.Status.REJECTED |
457 do { |
457 : ObjectInputFilter.Status.UNDECIDED; |
458 // Arrays are allowed depending on the component type |
|
459 clazz = clazz.getComponentType(); |
|
460 } while (clazz.isArray()); |
|
461 } |
|
462 if (clazz.isPrimitive()) { |
|
463 // Arrays of primitives are allowed |
|
464 return ObjectInputFilter.Status.ALLOWED; |
|
465 } |
458 } |
466 if (String.class == clazz |
459 if (String.class == clazz |
467 || java.lang.Number.class.isAssignableFrom(clazz) |
460 || java.lang.Number.class.isAssignableFrom(clazz) |
468 || Remote.class.isAssignableFrom(clazz) |
461 || Remote.class.isAssignableFrom(clazz) |
469 || java.lang.reflect.Proxy.class.isAssignableFrom(clazz) |
462 || java.lang.reflect.Proxy.class.isAssignableFrom(clazz) |