Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java
changeset 46160 c647e44ea1b9
parent 45989 e4f526fd8e09 
--- a/jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java	Wed Aug 16 13:15:45 2017 -0700
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java	Wed Aug 16 16:46:51 2017 -0400
@@ -28,7 +28,6 @@
 import java.io.ObjectInputFilter;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.rmi.server.LogStream;
 import java.security.PrivilegedAction;
 import java.security.Security;
 import java.util.ArrayList;
@@ -58,6 +57,7 @@
 import java.security.ProtectionDomain;
 import java.text.MessageFormat;
 
+import jdk.internal.misc.SharedSecrets;
 import sun.rmi.runtime.Log;
 import sun.rmi.server.UnicastRef;
 import sun.rmi.server.UnicastServerRef;
@@ -109,7 +109,7 @@
     private static final int REGISTRY_MAX_DEPTH = 20;
 
     /** Registry maximum array size in remote invocations. **/
-    private static final int REGISTRY_MAX_ARRAY_SIZE = 10000;
+    private static final int REGISTRY_MAX_ARRAY_SIZE = 1_000_000;
 
     /**
      * The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"}
@@ -130,7 +130,7 @@
             props = Security.getProperty(REGISTRY_FILTER_PROPNAME);
         }
         if (props != null) {
-            filter = ObjectInputFilter.Config.createFilter(props);
+            filter = SharedSecrets.getJavaObjectInputFilterAccess().createFilter2(props);
             Log regLog = Log.getLog("sun.rmi.registry", "registry", -1);
             if (regLog.isLoggable(Log.BRIEF)) {
                 regLog.log(Log.BRIEF, "registryFilter = " + filter);
@@ -451,17 +451,10 @@
         Class<?> clazz = filterInfo.serialClass();
         if (clazz != null) {
             if (clazz.isArray()) {
-                if (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE) {
-                    return ObjectInputFilter.Status.REJECTED;
-                }
-                do {
-                    // Arrays are allowed depending on the component type
-                    clazz = clazz.getComponentType();
-                } while (clazz.isArray());
-            }
-            if (clazz.isPrimitive()) {
-                // Arrays of primitives are allowed
-                return ObjectInputFilter.Status.ALLOWED;
+                // Arrays are REJECTED only if they exceed the limit
+                return (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE)
+                    ? ObjectInputFilter.Status.REJECTED
+                    : ObjectInputFilter.Status.UNDECIDED;
             }
             if (String.class == clazz
                     || java.lang.Number.class.isAssignableFrom(clazz)
jdk-sandbox