diff options
| author | Tom Tromey <tromey@redhat.com> | 2001-12-21 22:51:41 +0000 |
|---|---|---|
| committer | Tom Tromey <tromey@gcc.gnu.org> | 2001-12-21 22:51:41 +0000 |
| commit | e3109d4c1738470671c5eeafc4d33b958e93180a (patch) | |
| tree | e99cd67c1460483884ec1b91495d76bdbc871cd1 /libjava | |
| parent | d47eb5d3f27cd5a42271366d82a4691ae5b931ee (diff) | |
| download | gcc-e3109d4c1738470671c5eeafc4d33b958e93180a.zip gcc-e3109d4c1738470671c5eeafc4d33b958e93180a.tar.gz gcc-e3109d4c1738470671c5eeafc4d33b958e93180a.tar.bz2 | |
ObjectInputStream.java (enableResolveObject): Use correct security check.
* java/io/ObjectInputStream.java (enableResolveObject): Use
correct security check.
* java/io/ObjectOutputStream.java (enableReplaceObject): Use
correct security check.
From-SVN: r48256
Diffstat (limited to 'libjava')
| -rw-r--r-- | libjava/ChangeLog | 5 | ||||
| -rw-r--r-- | libjava/java/io/ObjectInputStream.java | 7 | ||||
| -rw-r--r-- | libjava/java/io/ObjectOutputStream.java | 9 |
3 files changed, 16 insertions, 5 deletions
diff --git a/libjava/ChangeLog b/libjava/ChangeLog index b4daf82..85b74ce 100644 --- a/libjava/ChangeLog +++ b/libjava/ChangeLog @@ -1,5 +1,10 @@ 2001-12-21 Tom Tromey <tromey@redhat.com> + * java/io/ObjectInputStream.java (enableResolveObject): Use + correct security check. + * java/io/ObjectOutputStream.java (enableReplaceObject): Use + correct security check. + Fix for PR java/5165: * java/lang/natClassLoader.cc (_Jv_PrepareCompiledClass): Convert any constant string field to a String; not just final diff --git a/libjava/java/io/ObjectInputStream.java b/libjava/java/io/ObjectInputStream.java index 7a67f3f..b530f4c 100644 --- a/libjava/java/io/ObjectInputStream.java +++ b/libjava/java/io/ObjectInputStream.java @@ -528,8 +528,11 @@ public class ObjectInputStream extends InputStream throws SecurityException { if (enable) - if (getClass ().getClassLoader () != null) - throw new SecurityException ("Untrusted ObjectInputStream subclass attempted to enable object resolution"); + { + SecurityManager sm = System.getSecurityManager (); + if (sm != null) + sm.checkPermission (new SerializablePermission ("enableSubtitution")); + } boolean old_val = this.resolveEnabled; this.resolveEnabled = enable; diff --git a/libjava/java/io/ObjectOutputStream.java b/libjava/java/io/ObjectOutputStream.java index faf7ea1..26a1ee5 100644 --- a/libjava/java/io/ObjectOutputStream.java +++ b/libjava/java/io/ObjectOutputStream.java @@ -1,5 +1,5 @@ /* ObjectOutputStream.java -- Class used to write serialized objects - Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. + Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -550,8 +550,11 @@ public class ObjectOutputStream extends OutputStream throws SecurityException { if (enable) - if (getClass ().getClassLoader () != null) - throw new SecurityException ("Untrusted ObjectOutputStream subclass attempted to enable object replacement"); + { + SecurityManager sm = System.getSecurityManager (); + if (sm != null) + sm.checkPermission (new SerializablePermission ("enableSubstitution")); + } boolean old_val = replacementEnabled; replacementEnabled = enable; |