stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

6736390: File TOCTOU deserialization vulnerability

Browse Source 
Reviewed-by: hawtin
This commit is contained in:
Alan Bateman 2009-11-25 10:02:50 +00:00
parent 9b6c8a826f
commit 8358846d5f
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
jdk/src/share/classes/java/io/File.java
View File

@ -2064,11 +2064,12 @@ public class File
private synchronized void readObject(java.io.ObjectInputStream s) private synchronized void readObject(java.io.ObjectInputStream s)
throws IOException, ClassNotFoundException throws IOException, ClassNotFoundException
{ {
s.defaultReadObject(); ObjectInputStream.GetField fields = s.readFields();
String pathField = (String)fields.get("path", null);
char sep = s.readChar(); // read the previous separator char char sep = s.readChar(); // read the previous separator char
if (sep != separatorChar) if (sep != separatorChar)
this.path = this.path.replace(sep, separatorChar); pathField = pathField.replace(sep, separatorChar);
this.path = fs.normalize(this.path); this.path = fs.normalize(pathField);
this.prefixLength = fs.prefixLength(this.path); this.prefixLength = fs.prefixLength(this.path);
} }