Fri, 29 Jan 2016 00:19:41 +0000
8079718: IIOP Input Stream Hooking
Reviewed-by: rriggs, ahgross, coffeys, skoivu
1.1 --- a/src/share/classes/com/sun/corba/se/impl/orbutil/ORBUtility.java Tue Jan 26 10:23:22 2016 -0800 1.2 +++ b/src/share/classes/com/sun/corba/se/impl/orbutil/ORBUtility.java Fri Jan 29 00:19:41 2016 +0000 1.3 @@ -1,5 +1,5 @@ 1.4 /* 1.5 - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. 1.6 + * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. 1.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.8 * 1.9 * This code is free software; you can redistribute it and/or modify it 1.10 @@ -34,21 +34,13 @@ 1.11 import java.security.Policy; 1.12 import java.security.PrivilegedAction; 1.13 import java.security.ProtectionDomain; 1.14 -import java.util.ArrayList; 1.15 -import java.util.Arrays; 1.16 -import java.util.Map; 1.17 -import java.util.List; 1.18 -import java.util.ListIterator; 1.19 -import java.util.Set; 1.20 -import java.util.Map.Entry; 1.21 -import java.util.Collection; 1.22 +import java.security.PrivilegedActionException; 1.23 +import java.security.PrivilegedExceptionAction; 1.24 import java.util.HashMap; 1.25 import java.util.HashSet; 1.26 import java.util.Hashtable; 1.27 import java.util.Iterator; 1.28 import java.util.Enumeration; 1.29 -import java.util.Properties; 1.30 -import java.util.IdentityHashMap; 1.31 import java.util.StringTokenizer; 1.32 import java.util.NoSuchElementException; 1.33 1.34 @@ -165,8 +157,18 @@ 1.35 * Return default ValueHandler 1.36 */ 1.37 public static ValueHandler createValueHandler() { 1.38 + ValueHandler vh; 1.39 + try { 1.40 + vh = AccessController.doPrivileged(new PrivilegedExceptionAction<ValueHandler>() { 1.41 + public ValueHandler run() throws Exception { 1.42 return Util.createValueHandler(); 1.43 } 1.44 + }); 1.45 + } catch (PrivilegedActionException e) { 1.46 + throw new InternalError(e.getMessage()); 1.47 + } 1.48 + return vh; 1.49 + } 1.50 1.51 /** 1.52 * Returns true if it was accurately determined that the remote ORB is 1.53 @@ -664,7 +666,16 @@ 1.54 * ValueHandler. 1.55 */ 1.56 public static byte getMaxStreamFormatVersion() { 1.57 - ValueHandler vh = Util.createValueHandler(); 1.58 + ValueHandler vh; 1.59 + try { 1.60 + vh = AccessController.doPrivileged(new PrivilegedExceptionAction<ValueHandler>() { 1.61 + public ValueHandler run() throws Exception { 1.62 + return Util.createValueHandler(); 1.63 + } 1.64 + }); 1.65 + } catch (PrivilegedActionException e) { 1.66 + throw new InternalError(e.getMessage()); 1.67 + } 1.68 1.69 if (!(vh instanceof javax.rmi.CORBA.ValueHandlerMultiFormat)) 1.70 return ORBConstants.STREAM_FORMAT_VERSION_1;
2.1 --- a/src/share/classes/javax/rmi/CORBA/Util.java Tue Jan 26 10:23:22 2016 -0800 2.2 +++ b/src/share/classes/javax/rmi/CORBA/Util.java Fri Jan 29 00:19:41 2016 +0000 2.3 @@ -1,5 +1,5 @@ 2.4 /* 2.5 - * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. 2.6 + * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. 2.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 2.8 * 2.9 * This code is free software; you can redistribute it and/or modify it 2.10 @@ -45,6 +45,7 @@ 2.11 import java.rmi.Remote; 2.12 import java.io.File; 2.13 import java.io.FileInputStream; 2.14 +import java.io.SerializablePermission; 2.15 import java.net.MalformedURLException ; 2.16 import java.security.AccessController; 2.17 import java.security.PrivilegedAction; 2.18 @@ -63,8 +64,22 @@ 2.19 private static final javax.rmi.CORBA.UtilDelegate utilDelegate; 2.20 private static final String UtilClassKey = "javax.rmi.CORBA.UtilClass"; 2.21 2.22 + private static final String ALLOW_CREATEVALUEHANDLER_PROP = "jdk.rmi.CORBA.allowCustomValueHandler"; 2.23 + private static boolean allowCustomValueHandler; 2.24 + 2.25 static { 2.26 utilDelegate = (javax.rmi.CORBA.UtilDelegate)createDelegate(UtilClassKey); 2.27 + allowCustomValueHandler = readAllowCustomValueHandlerProperty(); 2.28 + } 2.29 + 2.30 + private static boolean readAllowCustomValueHandlerProperty () { 2.31 + return AccessController 2.32 + .doPrivileged(new PrivilegedAction<Boolean>() { 2.33 + @Override 2.34 + public Boolean run() { 2.35 + return Boolean.getBoolean(ALLOW_CREATEVALUEHANDLER_PROP); 2.36 + } 2.37 + }); 2.38 } 2.39 2.40 private Util(){} 2.41 @@ -111,7 +126,7 @@ 2.42 * Writes a java.lang.Object as a CORBA Object. If <code>obj</code> is 2.43 * an exported RMI-IIOP server object, the tie is found 2.44 * and wired to <code>obj</code>, then written to 2.45 -<code>out.write_Object(org.omg.CORBA.Object)</code>. 2.46 + * <code>out.write_Object(org.omg.CORBA.Object)</code>. 2.47 * If <code>obj</code> is a CORBA Object, it is written to 2.48 * <code>out.write_Object(org.omg.CORBA.Object)</code>. 2.49 * @param out the stream in which to write the object. 2.50 @@ -196,6 +211,8 @@ 2.51 */ 2.52 public static ValueHandler createValueHandler() { 2.53 2.54 + isCustomSerializationPermitted(); 2.55 + 2.56 if (utilDelegate != null) { 2.57 return utilDelegate.createValueHandler(); 2.58 } 2.59 @@ -336,6 +353,7 @@ 2.60 // security reasons. If you know a better solution how to share this code 2.61 // then remove it from PortableRemoteObject. Also in Stub.java 2.62 private static Object createDelegate(String classKey) { 2.63 + 2.64 String className = (String) 2.65 AccessController.doPrivileged(new GetPropertyAction(classKey)); 2.66 if (className == null) { 2.67 @@ -388,4 +406,16 @@ 2.68 new GetORBPropertiesFileAction()); 2.69 } 2.70 2.71 + private static void isCustomSerializationPermitted() { 2.72 + SecurityManager sm = System.getSecurityManager(); 2.73 + if (!allowCustomValueHandler) { 2.74 + if ( sm != null) { 2.75 + // check that a serialization permission has been 2.76 + // set to allow the loading of the Util delegate 2.77 + // which provides access to custom ValueHandler 2.78 + sm.checkPermission(new SerializablePermission( 2.79 + "enableCustomValueHanlder")); 2.80 + } 2.81 + } 2.82 + } 2.83 }