From e3109d4c1738470671c5eeafc4d33b958e93180a Mon Sep 17 00:00:00 2001
From: Tom Tromey <tromey@redhat.com>
Date: Fri, 21 Dec 2001 22:51:41 +0000
Subject: ObjectInputStream.java (enableResolveObject): Use correct security
 check.

	* java/io/ObjectInputStream.java (enableResolveObject): Use
	correct security check.
	* java/io/ObjectOutputStream.java (enableReplaceObject): Use
	correct security check.

From-SVN: r48256
---
 libjava/ChangeLog                       | 5 +++++
 libjava/java/io/ObjectInputStream.java  | 7 +++++--
 libjava/java/io/ObjectOutputStream.java | 9 ++++++---
 3 files changed, 16 insertions(+), 5 deletions(-)

(limited to 'libjava')

diff --git a/libjava/ChangeLog b/libjava/ChangeLog
index b4daf82..85b74ce 100644
--- a/libjava/ChangeLog
+++ b/libjava/ChangeLog
@@ -1,5 +1,10 @@
 2001-12-21  Tom Tromey  <tromey@redhat.com>
 
+	* java/io/ObjectInputStream.java (enableResolveObject): Use
+	correct security check.
+	* java/io/ObjectOutputStream.java (enableReplaceObject): Use
+	correct security check.
+
 	Fix for PR java/5165:
 	* java/lang/natClassLoader.cc (_Jv_PrepareCompiledClass):
 	Convert any constant string field to a String; not just final
diff --git a/libjava/java/io/ObjectInputStream.java b/libjava/java/io/ObjectInputStream.java
index 7a67f3f..b530f4c 100644
--- a/libjava/java/io/ObjectInputStream.java
+++ b/libjava/java/io/ObjectInputStream.java
@@ -528,8 +528,11 @@ public class ObjectInputStream extends InputStream
     throws SecurityException
   {
     if (enable)
-      if (getClass ().getClassLoader () != null)
-	throw new SecurityException ("Untrusted ObjectInputStream subclass attempted to enable object resolution");
+      {
+	SecurityManager sm = System.getSecurityManager ();
+	if (sm != null)
+	  sm.checkPermission (new SerializablePermission ("enableSubtitution"));
+      }
 
     boolean old_val = this.resolveEnabled;
     this.resolveEnabled = enable;
diff --git a/libjava/java/io/ObjectOutputStream.java b/libjava/java/io/ObjectOutputStream.java
index faf7ea1..26a1ee5 100644
--- a/libjava/java/io/ObjectOutputStream.java
+++ b/libjava/java/io/ObjectOutputStream.java
@@ -1,5 +1,5 @@
 /* ObjectOutputStream.java -- Class used to write serialized objects
-   Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
+   Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
 
 This file is part of GNU Classpath.
 
@@ -550,8 +550,11 @@ public class ObjectOutputStream extends OutputStream
     throws SecurityException
   {
     if (enable)
-      if (getClass ().getClassLoader () != null)
-	throw new SecurityException ("Untrusted ObjectOutputStream subclass attempted to enable object replacement");
+      {
+	SecurityManager sm = System.getSecurityManager ();
+	if (sm != null)
+	  sm.checkPermission (new SerializablePermission ("enableSubstitution"));
+      }
 
     boolean old_val = replacementEnabled;
     replacementEnabled = enable;
-- 
cgit v1.1