Mercurial > jdk8-mips64-public > corba / changeset

changeset

8079718: IIOP Input Stream Hooking

Fri, 29 Jan 2016 00:19:41 +0000

author
msheppar
date
Fri, 29 Jan 2016 00:19:41 +0000
changeset 1294
4821afbaa2a6
parent 1293
40af8b1582c7
child 1298
1cc4df0d1a3b

8079718: IIOP Input Stream Hooking
Reviewed-by: rriggs, ahgross, coffeys, skoivu

src/share/classes/com/sun/corba/se/impl/orbutil/ORBUtility.java file | annotate | diff | comparison | revisions
src/share/classes/javax/rmi/CORBA/Util.java file | annotate | diff | comparison | revisions 
     1.1 --- a/src/share/classes/com/sun/corba/se/impl/orbutil/ORBUtility.java	Tue Jan 26 10:23:22 2016 -0800
     1.2 +++ b/src/share/classes/com/sun/corba/se/impl/orbutil/ORBUtility.java	Fri Jan 29 00:19:41 2016 +0000
     1.3 @@ -1,5 +1,5 @@
     1.4  /*
     1.5 - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
     1.6 + * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
     1.7   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
     1.8   *
     1.9   * This code is free software; you can redistribute it and/or modify it
    1.10 @@ -34,21 +34,13 @@
    1.11  import java.security.Policy;
    1.12  import java.security.PrivilegedAction;
    1.13  import java.security.ProtectionDomain;
    1.14 -import java.util.ArrayList;
    1.15 -import java.util.Arrays;
    1.16 -import java.util.Map;
    1.17 -import java.util.List;
    1.18 -import java.util.ListIterator;
    1.19 -import java.util.Set;
    1.20 -import java.util.Map.Entry;
    1.21 -import java.util.Collection;
    1.22 +import java.security.PrivilegedActionException;
    1.23 +import java.security.PrivilegedExceptionAction;
    1.24  import java.util.HashMap;
    1.25  import java.util.HashSet;
    1.26  import java.util.Hashtable;
    1.27  import java.util.Iterator;
    1.28  import java.util.Enumeration;
    1.29 -import java.util.Properties;
    1.30 -import java.util.IdentityHashMap;
    1.31  import java.util.StringTokenizer;
    1.32  import java.util.NoSuchElementException;
    1.33  
    1.34 @@ -165,8 +157,18 @@
    1.35       * Return default ValueHandler
    1.36       */
    1.37      public static ValueHandler createValueHandler() {
    1.38 +        ValueHandler vh;
    1.39 +        try {
    1.40 +            vh = AccessController.doPrivileged(new PrivilegedExceptionAction<ValueHandler>() {
    1.41 +                public ValueHandler run() throws Exception {
    1.42          return Util.createValueHandler();
    1.43      }
    1.44 +            });
    1.45 +        } catch (PrivilegedActionException e) {
    1.46 +            throw new InternalError(e.getMessage());
    1.47 +        }
    1.48 +        return vh;
    1.49 +    }
    1.50  
    1.51      /**
    1.52       * Returns true if it was accurately determined that the remote ORB is
    1.53 @@ -664,7 +666,16 @@
    1.54       * ValueHandler.
    1.55       */
    1.56      public static byte getMaxStreamFormatVersion() {
    1.57 -        ValueHandler vh = Util.createValueHandler();
    1.58 +        ValueHandler vh;
    1.59 +        try {
    1.60 +            vh = AccessController.doPrivileged(new PrivilegedExceptionAction<ValueHandler>() {
    1.61 +                public ValueHandler run() throws Exception {
    1.62 +                    return Util.createValueHandler();
    1.63 +                }
    1.64 +            });
    1.65 +        } catch (PrivilegedActionException e) {
    1.66 +            throw new InternalError(e.getMessage());
    1.67 +        }
    1.68  
    1.69          if (!(vh instanceof javax.rmi.CORBA.ValueHandlerMultiFormat))
    1.70              return ORBConstants.STREAM_FORMAT_VERSION_1;

     2.1 --- a/src/share/classes/javax/rmi/CORBA/Util.java	Tue Jan 26 10:23:22 2016 -0800
     2.2 +++ b/src/share/classes/javax/rmi/CORBA/Util.java	Fri Jan 29 00:19:41 2016 +0000
     2.3 @@ -1,5 +1,5 @@
     2.4  /*
     2.5 - * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
     2.6 + * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
     2.7   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
     2.8   *
     2.9   * This code is free software; you can redistribute it and/or modify it
    2.10 @@ -45,6 +45,7 @@
    2.11  import java.rmi.Remote;
    2.12  import java.io.File;
    2.13  import java.io.FileInputStream;
    2.14 +import java.io.SerializablePermission;
    2.15  import java.net.MalformedURLException ;
    2.16  import java.security.AccessController;
    2.17  import java.security.PrivilegedAction;
    2.18 @@ -63,8 +64,22 @@
    2.19      private static final javax.rmi.CORBA.UtilDelegate utilDelegate;
    2.20      private static final String UtilClassKey = "javax.rmi.CORBA.UtilClass";
    2.21  
    2.22 +    private static final String ALLOW_CREATEVALUEHANDLER_PROP = "jdk.rmi.CORBA.allowCustomValueHandler";
    2.23 +    private static boolean allowCustomValueHandler;
    2.24 +
    2.25      static {
    2.26          utilDelegate = (javax.rmi.CORBA.UtilDelegate)createDelegate(UtilClassKey);
    2.27 +        allowCustomValueHandler = readAllowCustomValueHandlerProperty();
    2.28 +    }
    2.29 +
    2.30 +    private static boolean readAllowCustomValueHandlerProperty () {
    2.31 +       return AccessController
    2.32 +        .doPrivileged(new PrivilegedAction<Boolean>() {
    2.33 +            @Override
    2.34 +            public Boolean run() {
    2.35 +                return Boolean.getBoolean(ALLOW_CREATEVALUEHANDLER_PROP);
    2.36 +            }
    2.37 +        });
    2.38      }
    2.39  
    2.40      private Util(){}
    2.41 @@ -111,7 +126,7 @@
    2.42       * Writes a java.lang.Object as a CORBA Object. If <code>obj</code> is
    2.43       * an exported RMI-IIOP server object, the tie is found
    2.44       * and wired to <code>obj</code>, then written to
    2.45 -<code>out.write_Object(org.omg.CORBA.Object)</code>.
    2.46 +     * <code>out.write_Object(org.omg.CORBA.Object)</code>.
    2.47       * If <code>obj</code> is a CORBA Object, it is written to
    2.48       * <code>out.write_Object(org.omg.CORBA.Object)</code>.
    2.49       * @param out the stream in which to write the object.
    2.50 @@ -196,6 +211,8 @@
    2.51       */
    2.52      public static ValueHandler createValueHandler() {
    2.53  
    2.54 +        isCustomSerializationPermitted();
    2.55 +
    2.56          if (utilDelegate != null) {
    2.57              return utilDelegate.createValueHandler();
    2.58          }
    2.59 @@ -336,6 +353,7 @@
    2.60      // security reasons. If you know a better solution how to share this code
    2.61      // then remove it from PortableRemoteObject. Also in Stub.java
    2.62      private static Object createDelegate(String classKey) {
    2.63 +
    2.64          String className = (String)
    2.65              AccessController.doPrivileged(new GetPropertyAction(classKey));
    2.66          if (className == null) {
    2.67 @@ -388,4 +406,16 @@
    2.68              new GetORBPropertiesFileAction());
    2.69      }
    2.70  
    2.71 +    private static void isCustomSerializationPermitted() {
    2.72 +        SecurityManager sm = System.getSecurityManager();
    2.73 +        if (!allowCustomValueHandler) {
    2.74 +            if ( sm != null) {
    2.75 +                // check that a serialization permission has been
    2.76 +                // set to allow the loading of the Util delegate
    2.77 +                // which provides access to custom ValueHandler
    2.78 +                sm.checkPermission(new SerializablePermission(
    2.79 +                        "enableCustomValueHanlder"));
    2.80 +            }
    2.81 +        }
    2.82 +    }
    2.83  }

Mercurial Repository: jdk8-mips64-public/corba

mercurial