Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6736390: File TOCTOU deserialization vulnerability
authoralanb
Wed, 25 Nov 2009 10:02:50 +0000
changeset 5172 3e3db347f963
parent 5171 63fef5b098e9
child 5173 36ad2c5fbb51
child 5176 748093002939
6736390: File TOCTOU deserialization vulnerability Reviewed-by: hawtin
jdk/src/share/classes/java/io/File.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/java/io/File.java	Mon Nov 23 12:40:46 2009 +0000
+++ b/jdk/src/share/classes/java/io/File.java	Wed Nov 25 10:02:50 2009 +0000
@@ -2064,11 +2064,12 @@
     private synchronized void readObject(java.io.ObjectInputStream s)
          throws IOException, ClassNotFoundException
     {
-        s.defaultReadObject();
+        ObjectInputStream.GetField fields = s.readFields();
+        String pathField = (String)fields.get("path", null);
         char sep = s.readChar(); // read the previous separator char
         if (sep != separatorChar)
-            this.path = this.path.replace(sep, separatorChar);
-        this.path = fs.normalize(this.path);
+            pathField = pathField.replace(sep, separatorChar);
+        this.path = fs.normalize(pathField);
         this.prefixLength = fs.prefixLength(this.path);
     }
jdk-sandbox