# HG changeset patch
# User alanb
# Date 1259143370 0
# Node ID 3e3db347f9632a851c21884242df3d6da5917a88
# Parent  63fef5b098e91c46c9b9653186d802f52250b0b7
6736390: File TOCTOU deserialization vulnerability
Reviewed-by: hawtin

diff -r 63fef5b098e9 -r 3e3db347f963 jdk/src/share/classes/java/io/File.java
--- a/jdk/src/share/classes/java/io/File.java	Mon Nov 23 12:40:46 2009 +0000
+++ b/jdk/src/share/classes/java/io/File.java	Wed Nov 25 10:02:50 2009 +0000
@@ -2064,11 +2064,12 @@
     private synchronized void readObject(java.io.ObjectInputStream s)
          throws IOException, ClassNotFoundException
     {
-        s.defaultReadObject();
+        ObjectInputStream.GetField fields = s.readFields();
+        String pathField = (String)fields.get("path", null);
         char sep = s.readChar(); // read the previous separator char
         if (sep != separatorChar)
-            this.path = this.path.replace(sep, separatorChar);
-        this.path = fs.normalize(this.path);
+            pathField = pathField.replace(sep, separatorChar);
+        this.path = fs.normalize(pathField);
         this.prefixLength = fs.prefixLength(this.path);
     }