• file
• revisions
• annotate
• diff
• comparison
• raw

src/share/classes/com/sun/corba/se/spi/orb/ParserImplBase.java@b2fff4b7e8cd (annotated)

src/share/classes/com/sun/corba/se/spi/orb/ParserImplBase.java

Fri, 24 Sep 2010 22:42:14 -0700

author

skoppar

date

Fri, 24 Sep 2010 22:42:14 -0700

changeset 205

b2fff4b7e8cd

parent 158

91006f157c46

child 748

6845b95cba6b

permissions

-rw-r--r--

6891766: Vulnerabilities in use of reflection in CORBA
Reviewed-by: hawtin

duke@1	1	/*
skoppar@205	2	* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
duke@1	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
duke@1	4	*
duke@1	5	* This code is free software; you can redistribute it and/or modify it
duke@1	6	* under the terms of the GNU General Public License version 2 only, as
ohair@158	7	* published by the Free Software Foundation. Oracle designates this
duke@1	8	* particular file as subject to the "Classpath" exception as provided
ohair@158	9	* by Oracle in the LICENSE file that accompanied this code.
duke@1	10	*
duke@1	11	* This code is distributed in the hope that it will be useful, but WITHOUT
duke@1	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
duke@1	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
duke@1	14	* version 2 for more details (a copy is included in the LICENSE file that
duke@1	15	* accompanied this code).
duke@1	16	*
duke@1	17	* You should have received a copy of the GNU General Public License version
duke@1	18	* 2 along with this work; if not, write to the Free Software Foundation,
duke@1	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
duke@1	20	*
ohair@158	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
ohair@158	22	* or visit www.oracle.com if you need additional information or have any
ohair@158	23	* questions.
duke@1	24	*/
duke@1	25	package com.sun.corba.se.spi.orb ;
duke@1	26
duke@1	27	import java.util.Map ;
duke@1	28	import java.util.Set ;
duke@1	29	import java.util.Iterator ;
duke@1	30	import java.util.Properties ;
duke@1	31
duke@1	32	import java.security.PrivilegedExceptionAction ;
duke@1	33	import java.security.PrivilegedActionException ;
duke@1	34	import java.security.AccessController ;
duke@1	35
duke@1	36	import java.lang.reflect.Field ;
duke@1	37
duke@1	38	import org.omg.CORBA.INTERNAL ;
duke@1	39
duke@1	40	import com.sun.corba.se.spi.logging.CORBALogDomains ;
duke@1	41
duke@1	42	import com.sun.corba.se.impl.logging.ORBUtilSystemException ;
duke@1	43
duke@1	44	import com.sun.corba.se.impl.orbutil.ObjectUtility ;
duke@1	45
duke@1	46	// XXX This could probably be further extended by using more reflection and
duke@1	47	// a dynamic proxy that satisfies the interfaces that are inherited by the
duke@1	48	// more derived class. Do we want to go that far?
duke@1	49	public abstract class ParserImplBase {
duke@1	50	private ORBUtilSystemException wrapper ;
duke@1	51
duke@1	52	protected abstract PropertyParser makeParser() ;
duke@1	53
duke@1	54	/** Override this method if there is some needed initialization
duke@1	55	* that takes place after argument parsing. It is always called
duke@1	56	* at the end of setFields.
duke@1	57	*/
duke@1	58	protected void complete()
duke@1	59	{
duke@1	60	}
duke@1	61
duke@1	62	public ParserImplBase()
duke@1	63	{
duke@1	64	// Do nothing in this case: no parsing takes place
duke@1	65	wrapper = ORBUtilSystemException.get(
duke@1	66	CORBALogDomains.ORB_LIFECYCLE ) ;
duke@1	67	}
duke@1	68
duke@1	69	public void init( DataCollector coll )
duke@1	70	{
duke@1	71	PropertyParser parser = makeParser() ;
duke@1	72	coll.setParser( parser ) ;
duke@1	73	Properties props = coll.getProperties() ;
duke@1	74	Map map = parser.parse( props ) ;
duke@1	75	setFields( map ) ;
duke@1	76	}
duke@1	77
duke@1	78	private Field getAnyField( String name )
duke@1	79	{
duke@1	80	Field result = null ;
duke@1	81
duke@1	82	try {
duke@1	83	Class cls = this.getClass() ;
duke@1	84	result = cls.getDeclaredField( name ) ;
duke@1	85	while (result == null) {
duke@1	86	cls = cls.getSuperclass() ;
duke@1	87	if (cls == null)
duke@1	88	break ;
duke@1	89
duke@1	90	result = cls.getDeclaredField( name ) ;
duke@1	91	}
duke@1	92	} catch (Exception exc) {
duke@1	93	throw wrapper.fieldNotFound( exc, name ) ;
duke@1	94	}
duke@1	95
duke@1	96	if (result == null)
duke@1	97	throw wrapper.fieldNotFound( name ) ;
duke@1	98
duke@1	99	return result ;
duke@1	100	}
duke@1	101
duke@1	102	protected void setFields( Map map )
duke@1	103	{
duke@1	104	Set entries = map.entrySet() ;
duke@1	105	Iterator iter = entries.iterator() ;
duke@1	106	while (iter.hasNext()) {
duke@1	107	java.util.Map.Entry entry = (java.util.Map.Entry)(iter.next()) ;
duke@1	108	final String name = (String)(entry.getKey()) ;
duke@1	109	final Object value = entry.getValue() ;
duke@1	110
duke@1	111	try {
duke@1	112	AccessController.doPrivileged(
duke@1	113	new PrivilegedExceptionAction() {
duke@1	114	public Object run() throws IllegalAccessException,
duke@1	115	IllegalArgumentException
duke@1	116	{
duke@1	117	Field field = getAnyField( name ) ;
duke@1	118	field.setAccessible( true ) ;
duke@1	119	field.set( ParserImplBase.this, value ) ;
duke@1	120	return null ;
duke@1	121	}
duke@1	122	}
duke@1	123	) ;
duke@1	124	} catch (PrivilegedActionException exc) {
duke@1	125	// Since exc wraps the actual exception, use exc.getCause()
duke@1	126	// instead of exc.
duke@1	127	throw wrapper.errorSettingField( exc.getCause(), name,
skoppar@205	128	value.toString() ) ;
duke@1	129	}
duke@1	130	}
duke@1	131
duke@1	132	// Make sure that any extra initialization takes place after all the
duke@1	133	// fields are set from the map.
duke@1	134	complete() ;
duke@1	135	}
duke@1	136	}