6893947: Deserialization of RMIConnectionImpl objects should enforce stricter checks [ZDI-CAN-588]
Summary: narrow the doPrivileged block to only set context ClassLoader
Reviewed-by: hawtin, emcmanus
--- a/jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java Tue Oct 06 12:20:35 2009 -0700
+++ b/jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java Wed Nov 25 09:09:04 2009 -0800
@@ -1271,6 +1271,7 @@
*
* @return a String representation of this object.
**/
+ @Override
public String toString() {
return super.toString() + ": connectionId=" + connectionId;
}
@@ -1514,6 +1515,21 @@
}
}
+ private static class SetCcl implements PrivilegedExceptionAction<ClassLoader> {
+ private final ClassLoader classLoader;
+
+ SetCcl(ClassLoader classLoader) {
+ this.classLoader = classLoader;
+ }
+
+ public ClassLoader run() {
+ Thread currentThread = Thread.currentThread();
+ ClassLoader old = currentThread.getContextClassLoader();
+ currentThread.setContextClassLoader(classLoader);
+ return old;
+ }
+ }
+
private static <T> T unwrap(final MarshalledObject<?> mo,
final ClassLoader cl,
final Class<T> wrappedClass)
@@ -1522,22 +1538,14 @@
return null;
}
try {
- return AccessController.doPrivileged(
- new PrivilegedExceptionAction<T>() {
- public T run()
- throws IOException {
- final ClassLoader old =
- Thread.currentThread().getContextClassLoader();
- Thread.currentThread().setContextClassLoader(cl);
- try {
- return wrappedClass.cast(mo.get());
- } catch (ClassNotFoundException cnfe) {
- throw new UnmarshalException(cnfe.toString(), cnfe);
- } finally {
- Thread.currentThread().setContextClassLoader(old);
- }
- }
- });
+ final ClassLoader old = AccessController.doPrivileged(new SetCcl(cl));
+ try {
+ return wrappedClass.cast(mo.get());
+ } catch (ClassNotFoundException cnfe) {
+ throw new UnmarshalException(cnfe.toString(), cnfe);
+ } finally {
+ AccessController.doPrivileged(new SetCcl(old));
+ }
} catch (PrivilegedActionException pe) {
Exception e = extractException(pe);
if (e instanceof IOException) {
@@ -1561,14 +1569,14 @@
return null;
}
try {
- return AccessController.doPrivileged(
- new PrivilegedExceptionAction<T>() {
- public T run()
- throws IOException {
- return unwrap(mo, new OrderClassLoaders(cl1, cl2),
- wrappedClass);
- }
- });
+ ClassLoader orderCL = AccessController.doPrivileged(
+ new PrivilegedExceptionAction<ClassLoader>() {
+ public ClassLoader run() throws Exception {
+ return new OrderClassLoaders(cl1, cl2);
+ }
+ }
+ );
+ return unwrap(mo, orderCL, wrappedClass);
} catch (PrivilegedActionException pe) {
Exception e = extractException(pe);
if (e instanceof IOException) {