Merge
authorlana
Thu, 22 Oct 2015 11:12:33 -0700
changeset 33327 9e3f2229fe8c
parent 33322 4400d372d3c6 (current diff)
parent 33326 e5b07cebf4a0 (diff)
child 33328 01e53e376d44
Merge
--- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java	Thu Oct 22 08:47:40 2015 -0700
+++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java	Thu Oct 22 11:12:33 2015 -0700
@@ -567,6 +567,11 @@
                 // XXX I18N, logging needed.
                 throw new NotActiveException("defaultReadObjectDelegate");
 
+            if (!currentClassDesc.forClass().isAssignableFrom(
+                    currentObject.getClass())) {
+                throw new IOException("Object Type mismatch");
+            }
+
             // The array will be null unless fields were retrieved
             // remotely because of a serializable version difference.
             // Bug fix for 4365188.  See the definition of
@@ -1063,6 +1068,9 @@
 
             int spBase = spClass;       // current top of stack
 
+            if (currentClass.getName().equals("java.lang.String")) {
+                return this.readUTF();
+            }
             /* The object's classes should be processed from supertype to subtype
              * Push all the clases of the current object onto a stack.
              * Note that only the serializable classes are represented
@@ -2257,6 +2265,27 @@
 
                 try {
                     Class fieldCl = fields[i].getClazz();
+                    if ((objectValue != null)
+                            && (!fieldCl.isAssignableFrom(
+                                    objectValue.getClass()))) {
+                        throw new IllegalArgumentException("Field mismatch");
+                    }
+                   Field classField = null;
+                    try {
+                        classField = cl.getDeclaredField(fields[i].getName());
+                    } catch (NoSuchFieldException nsfEx) {
+                        throw new IllegalArgumentException(nsfEx);
+                    } catch (SecurityException secEx) {
+                        throw new IllegalArgumentException(secEx.getCause());
+                    }
+                    Class<?> declaredFieldClass = classField.getType();
+
+                    // check input field type is a declared field type
+                    // input field is a subclass of the declared field
+                    if (!declaredFieldClass.isAssignableFrom(fieldCl)) {
+                        throw new IllegalArgumentException(
+                                "Field Type mismatch");
+                    }
                     if (objectValue != null && !fieldCl.isInstance(objectValue)) {
                         throw new IllegalArgumentException();
                     }
--- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java	Thu Oct 22 08:47:40 2015 -0700
+++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java	Thu Oct 22 11:12:33 2015 -0700
@@ -559,6 +559,10 @@
              * Push all the clases of the current object onto a stack.
              * Remember the stack pointer where this set of classes is being pushed.
              */
+            if (currentClassDesc.forClass().getName().equals("java.lang.String")) {
+                    this.writeUTF((String)obj);
+                    return;
+            }
             int stackMark = classDescStack.size();
             try {
                 ObjectStreamClass next;
--- a/corba/src/jdk.rmic/share/classes/sun/rmi/rmic/iiop/StubGenerator.java	Thu Oct 22 08:47:40 2015 -0700
+++ b/corba/src/jdk.rmic/share/classes/sun/rmi/rmic/iiop/StubGenerator.java	Thu Oct 22 11:12:33 2015 -0700
@@ -446,6 +446,9 @@
         if (emitPermissionCheck) {
 
             // produce the following generated code for example
+            //
+            // private transient boolean _instantiated = false;
+            //
             // private static Void checkPermission() {
             // SecurityManager sm = System.getSecurityManager();
             // if (sm != null) {
@@ -460,11 +463,21 @@
             //
             // public _XXXXX_Stub() {
             // this(checkPermission());
+            // _instantiated = true;
+            // }
+            //
+            // private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException {
+            //    checkPermission();
+            //    s.defaultReadObject();
+            //    _instantiated = true;
             // }
             //
             // where XXXXX is the name of the remote interface
 
                 p.pln();
+                p.plnI("private transient boolean _instantiated = false;");
+                p.pln();
+                p.pO();
                 p.plnI("private static Void checkPermission() {");
                 p.plnI("SecurityManager sm = System.getSecurityManager();");
                 p.pln("if (sm != null) {");
@@ -481,13 +494,23 @@
                 p.pO();
 
                 p.pI();
-                p.pln("private " + currentClass + "(Void ignore) {  }");
+                p.plnI("private " + currentClass + "(Void ignore) {  }");
                 p.pln();
+                p.pO();
 
                 p.plnI("public " + currentClass + "() { ");
                 p.pln("this(checkPermission());");
+                p.pln("_instantiated = true;");
                 p.pOln("}");
                 p.pln();
+                p.plnI("private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException {");
+                p.plnI("checkPermission();");
+                p.pO();
+                p.pln("s.defaultReadObject();");
+                p.pln("_instantiated = true;");
+                p.pOln("}");
+                p.pln();
+                //p.pO();
         }
 
        if (!emitPermissionCheck) {
@@ -894,6 +917,7 @@
         String paramNames[] = method.getArgumentNames();
         Type returnType = method.getReturnType();
         ValueType[] exceptions = getStubExceptions(method,false);
+        boolean hasIOException = false;
 
         addNamesInUse(method);
         addNameInUse("_type_ids");
@@ -921,6 +945,13 @@
         p.plnI(" {");
 
         // Now create the method body...
+        if (emitPermissionCheck) {
+            p.pln("if ((System.getSecurityManager() != null) && (!_instantiated)) {");
+            p.plnI("    throw new java.io.IOError(new java.io.IOException(\"InvalidObject \"));");
+            p.pOln("}");
+            p.pln();
+        }
+
 
         if (localStubs) {
             writeLocalStubMethodBody(p,method,theType);