Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
7201070: Serialization to conform to protocol
authorsmarks
Thu, 08 Nov 2012 15:41:01 -0800
changeset 16090 633bc7653c3b
parent 16089 7cf1e2708454
child 16091 4eb1062acb5b
7201070: Serialization to conform to protocol Reviewed-by: dmocek, ahgross, skoivu
jdk/src/share/classes/java/io/ObjectInputStream.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/java/io/ObjectInputStream.java	Wed Nov 07 14:26:41 2012 +0000
+++ b/jdk/src/share/classes/java/io/ObjectInputStream.java	Thu Nov 08 15:41:01 2012 -0800
@@ -1752,6 +1752,12 @@
         ObjectStreamClass desc = readClassDesc(false);
         desc.checkDeserialize();
 
+        Class<?> cl = desc.forClass();
+        if (cl == String.class || cl == Class.class
+                || cl == ObjectStreamClass.class) {
+            throw new InvalidClassException("invalid class descriptor");
+        }
+
         Object obj;
         try {
             obj = desc.isInstantiable() ? desc.newInstance() : null;
jdk-sandbox