--- a/corba/src/java.corba/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java Wed Jul 05 22:42:09 2017 +0200
+++ b/corba/src/java.corba/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java Thu Oct 06 17:33:57 2016 +0100
@@ -33,6 +33,8 @@
import org.omg.CosNaming.*;
+import com.sun.jndi.toolkit.corba.CorbaUtils;
+
/**
* Implements the JNDI NamingEnumeration interface for COS
* Naming. Gets hold of a list of bindings from the COS Naming Server
@@ -212,7 +214,10 @@
Name cname = CNNameParser.cosNameToName(bndg.binding_name);
try {
- obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env);
+ // Check whether object factory codebase is trusted
+ if (CorbaUtils.isObjectFactoryTrusted(obj)) {
+ obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env);
+ }
} catch (NamingException e) {
throw e;
} catch (Exception e) {
--- a/corba/src/java.corba/share/classes/com/sun/jndi/cosnaming/CNCtx.java Wed Jul 05 22:42:09 2017 +0200
+++ b/corba/src/java.corba/share/classes/com/sun/jndi/cosnaming/CNCtx.java Thu Oct 06 17:33:57 2016 +0100
@@ -36,6 +36,8 @@
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.omg.CosNaming.*;
import org.omg.CosNaming.NamingContextPackage.*;
@@ -82,6 +84,19 @@
private static final String FED_PROP = "com.sun.jndi.cosnaming.federation";
boolean federation = false;
+ /**
+ * Determines whether classes may be loaded from an arbitrary URL code base.
+ */
+ public static final boolean trustURLCodebase;
+ static {
+ // System property to control whether classes may be loaded from an
+ // arbitrary URL code base
+ PrivilegedAction<String> act = () -> System.getProperty(
+ "com.sun.jndi.cosnaming.object.trustURLCodebase", "false");
+ String trust = AccessController.doPrivileged(act);
+ trustURLCodebase = "true".equalsIgnoreCase(trust);
+ }
+
// Reference counter for tracking _orb references
OrbReuseTracker orbTracker = null;
int enumCount;
@@ -534,12 +549,16 @@
if (name.size() == 0 )
return this; // %%% should clone() so that env can be changed
NameComponent[] path = CNNameParser.nameToCosName(name);
+ java.lang.Object answer = null;
try {
- java.lang.Object answer = callResolve(path);
-
+ answer = callResolve(path);
try {
- return NamingManager.getObjectInstance(answer, name, this, _env);
+ // Check whether object factory codebase is trusted
+ if (CorbaUtils.isObjectFactoryTrusted(answer)) {
+ answer = NamingManager.getObjectInstance(
+ answer, name, this, _env);
+ }
} catch (NamingException e) {
throw e;
} catch (Exception e) {
@@ -552,6 +571,7 @@
javax.naming.Context cctx = getContinuationContext(cpe);
return cctx.lookup(cpe.getRemainingName());
}
+ return answer;
}
/**
--- a/corba/src/java.corba/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java Wed Jul 05 22:42:09 2017 +0200
+++ b/corba/src/java.corba/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java Thu Oct 06 17:33:57 2016 +0100
@@ -33,6 +33,8 @@
import org.omg.CosNaming.NamingContextPackage.*;
import org.omg.CORBA.*;
+import com.sun.jndi.toolkit.corba.CorbaUtils;
+
/**
* A convenience class to map the COS Naming exceptions to the JNDI exceptions.
* @author Raj Krishnamurthy
@@ -202,10 +204,13 @@
// Not a context, use object factory to transform object.
Name cname = CNNameParser.cosNameToName(resolvedName);
- java.lang.Object resolvedObj2;
+ java.lang.Object resolvedObj2 = null;
try {
- resolvedObj2 = NamingManager.getObjectInstance(resolvedObj,
- cname, ctx, ctx._env);
+ // Check whether object factory codebase is trusted
+ if (CorbaUtils.isObjectFactoryTrusted(resolvedObj)) {
+ resolvedObj2 = NamingManager.getObjectInstance(resolvedObj,
+ cname, ctx, ctx._env);
+ }
} catch (NamingException ge) {
throw ge;
} catch (Exception ge) {
--- a/corba/src/java.corba/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java Wed Jul 05 22:42:09 2017 +0200
+++ b/corba/src/java.corba/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java Thu Oct 06 17:33:57 2016 +0100
@@ -36,11 +36,12 @@
import org.omg.CORBA.ORB;
-import javax.naming.Context;
-import javax.naming.ConfigurationException;
+import javax.naming.*;
import javax.rmi.CORBA.Stub;
import javax.rmi.PortableRemoteObject;
+import com.sun.jndi.cosnaming.CNCtx;
+
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URLDecoder;
@@ -183,6 +184,32 @@
}
/**
+ * Check whether object factory code base is trusted.
+ * Classes may only be loaded from an arbitrary URL code base when
+ * the system property com.sun.jndi.rmi.object.trustURLCodebase
+ * has been set to "true".
+ */
+ public static boolean isObjectFactoryTrusted(Object obj)
+ throws NamingException {
+
+ // Extract Reference, if possible
+ Reference ref = null;
+ if (obj instanceof Reference) {
+ ref = (Reference) obj;
+ } else if (obj instanceof Referenceable) {
+ ref = ((Referenceable)(obj)).getReference();
+ }
+
+ if (ref != null && ref.getFactoryClassLocation() != null &&
+ !CNCtx.trustURLCodebase) {
+ throw new ConfigurationException(
+ "The object factory is untrusted. Set the system property" +
+ " 'com.sun.jndi.cosnaming.object.trustURLCodebase' to 'true'.");
+ }
+ return true;
+ }
+
+ /**
* Decode a URI string (according to RFC 2396).
*/
public static final String decode(String s) throws MalformedURLException {