--- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java Wed Jul 05 20:54:58 2017 +0200
+++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java Wed Oct 21 18:38:55 2015 -0700
@@ -567,6 +567,11 @@
// XXX I18N, logging needed.
throw new NotActiveException("defaultReadObjectDelegate");
+ if (!currentClassDesc.forClass().isAssignableFrom(
+ currentObject.getClass())) {
+ throw new IOException("Object Type mismatch");
+ }
+
// The array will be null unless fields were retrieved
// remotely because of a serializable version difference.
// Bug fix for 4365188. See the definition of
@@ -1063,6 +1068,9 @@
int spBase = spClass; // current top of stack
+ if (currentClass.getName().equals("java.lang.String")) {
+ return this.readUTF();
+ }
/* The object's classes should be processed from supertype to subtype
* Push all the clases of the current object onto a stack.
* Note that only the serializable classes are represented
@@ -2257,6 +2265,27 @@
try {
Class fieldCl = fields[i].getClazz();
+ if ((objectValue != null)
+ && (!fieldCl.isAssignableFrom(
+ objectValue.getClass()))) {
+ throw new IllegalArgumentException("Field mismatch");
+ }
+ Field classField = null;
+ try {
+ classField = cl.getDeclaredField(fields[i].getName());
+ } catch (NoSuchFieldException nsfEx) {
+ throw new IllegalArgumentException(nsfEx);
+ } catch (SecurityException secEx) {
+ throw new IllegalArgumentException(secEx.getCause());
+ }
+ Class<?> declaredFieldClass = classField.getType();
+
+ // check input field type is a declared field type
+ // input field is a subclass of the declared field
+ if (!declaredFieldClass.isAssignableFrom(fieldCl)) {
+ throw new IllegalArgumentException(
+ "Field Type mismatch");
+ }
if (objectValue != null && !fieldCl.isInstance(objectValue)) {
throw new IllegalArgumentException();
}
--- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java Wed Jul 05 20:54:58 2017 +0200
+++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java Wed Oct 21 18:38:55 2015 -0700
@@ -559,6 +559,10 @@
* Push all the clases of the current object onto a stack.
* Remember the stack pointer where this set of classes is being pushed.
*/
+ if (currentClassDesc.forClass().getName().equals("java.lang.String")) {
+ this.writeUTF((String)obj);
+ return;
+ }
int stackMark = classDescStack.size();
try {
ObjectStreamClass next;
--- a/corba/src/jdk.rmic/share/classes/sun/rmi/rmic/iiop/StubGenerator.java Wed Jul 05 20:54:58 2017 +0200
+++ b/corba/src/jdk.rmic/share/classes/sun/rmi/rmic/iiop/StubGenerator.java Wed Oct 21 18:38:55 2015 -0700
@@ -446,6 +446,9 @@
if (emitPermissionCheck) {
// produce the following generated code for example
+ //
+ // private transient boolean _instantiated = false;
+ //
// private static Void checkPermission() {
// SecurityManager sm = System.getSecurityManager();
// if (sm != null) {
@@ -460,11 +463,21 @@
//
// public _XXXXX_Stub() {
// this(checkPermission());
+ // _instantiated = true;
+ // }
+ //
+ // private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException {
+ // checkPermission();
+ // s.defaultReadObject();
+ // _instantiated = true;
// }
//
// where XXXXX is the name of the remote interface
p.pln();
+ p.plnI("private transient boolean _instantiated = false;");
+ p.pln();
+ p.pO();
p.plnI("private static Void checkPermission() {");
p.plnI("SecurityManager sm = System.getSecurityManager();");
p.pln("if (sm != null) {");
@@ -481,13 +494,23 @@
p.pO();
p.pI();
- p.pln("private " + currentClass + "(Void ignore) { }");
+ p.plnI("private " + currentClass + "(Void ignore) { }");
p.pln();
+ p.pO();
p.plnI("public " + currentClass + "() { ");
p.pln("this(checkPermission());");
+ p.pln("_instantiated = true;");
p.pOln("}");
p.pln();
+ p.plnI("private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException {");
+ p.plnI("checkPermission();");
+ p.pO();
+ p.pln("s.defaultReadObject();");
+ p.pln("_instantiated = true;");
+ p.pOln("}");
+ p.pln();
+ //p.pO();
}
if (!emitPermissionCheck) {
@@ -894,6 +917,7 @@
String paramNames[] = method.getArgumentNames();
Type returnType = method.getReturnType();
ValueType[] exceptions = getStubExceptions(method,false);
+ boolean hasIOException = false;
addNamesInUse(method);
addNameInUse("_type_ids");
@@ -921,6 +945,13 @@
p.plnI(" {");
// Now create the method body...
+ if (emitPermissionCheck) {
+ p.pln("if ((System.getSecurityManager() != null) && (!_instantiated)) {");
+ p.plnI(" throw new java.io.IOError(new java.io.IOException(\"InvalidObject \"));");
+ p.pOln("}");
+ p.pln();
+ }
+
if (localStubs) {
writeLocalStubMethodBody(p,method,theType);