# HG changeset patch
# User sjiang
# Date 1364283136 -3600
# Node ID 136373d8d80513ee5fddde2d195eb19a93aeedbf
# Parent  17a6d802d24ae28d0c57681e362171d9ca452753
8008615: Improve robustness of JMX internal APIs
Reviewed-by: dfuchs, skoivu, dholmes

diff -r 17a6d802d24a -r 136373d8d805 jdk/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java	Tue Mar 26 09:12:18 2013 +0100
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java	Tue Mar 26 08:32:16 2013 +0100
@@ -30,7 +30,7 @@
 import java.io.InputStream;
 import java.io.ObjectInputStream;
 import java.io.ObjectStreamClass;
-import java.io.StreamCorruptedException;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * This class deserializes an object in the context of a specific class loader.
@@ -61,6 +61,7 @@
             return super.resolveClass(aClass);
         } else {
             String name = aClass.getName();
+            ReflectUtil.checkPackageAccess(name);
             // Query the class loader ...
             return Class.forName(name, false, loader);
         }
diff -r 17a6d802d24a -r 136373d8d805 jdk/src/share/classes/javax/management/MBeanServerFactory.java
--- a/jdk/src/share/classes/javax/management/MBeanServerFactory.java	Tue Mar 26 09:12:18 2013 +0100
+++ b/jdk/src/share/classes/javax/management/MBeanServerFactory.java	Tue Mar 26 08:32:16 2013 +0100
@@ -34,6 +34,7 @@
 import java.util.ArrayList;
 import java.util.logging.Level;
 import javax.management.loading.ClassLoaderRepository;
+import sun.reflect.misc.ReflectUtil;
 
 
 /**
@@ -446,7 +447,7 @@
         }
 
         // No context class loader? Try with Class.forName()
-        return Class.forName(builderClassName);
+        return ReflectUtil.forName(builderClassName);
     }
 
     /**
diff -r 17a6d802d24a -r 136373d8d805 jdk/src/share/classes/javax/management/remote/rmi/RMIConnector.java
--- a/jdk/src/share/classes/javax/management/remote/rmi/RMIConnector.java	Tue Mar 26 09:12:18 2013 +0100
+++ b/jdk/src/share/classes/javax/management/remote/rmi/RMIConnector.java	Tue Mar 26 08:32:16 2013 +0100
@@ -103,6 +103,7 @@
 import javax.naming.NamingException;
 import javax.rmi.ssl.SslRMIClientSocketFactory;
 import javax.security.auth.Subject;
+import sun.reflect.misc.ReflectUtil;
 import sun.rmi.server.UnicastRef2;
 import sun.rmi.transport.LiveRef;
 
@@ -2002,7 +2003,9 @@
         @Override
         protected Class<?> resolveClass(ObjectStreamClass classDesc)
                 throws IOException, ClassNotFoundException {
-            return Class.forName(classDesc.getName(), false, loader);
+            String name = classDesc.getName();
+            ReflectUtil.checkPackageAccess(name);
+            return Class.forName(name, false, loader);
         }
 
         private final ClassLoader loader;