stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8267712: Better LDAP reference processing

Browse Source 
Reviewed-by: dfuchs, ahgross, rhalade
This commit is contained in:
Aleksei Efimov 2021-06-08 10:18:09 +00:00 committed by Henry Jen
parent 470e8a0fda
commit bddcc8ea9d
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/java.naming/share/classes/com/sun/jndi/ldap/Obj.java
View File

@ -465,6 +465,12 @@ final class Obj {
// Empty content // Empty content
refAddrList[posn] = new StringRefAddr(type, null); refAddrList[posn] = new StringRefAddr(type, null);
} else if (val.charAt(start) == separator) { } else if (val.charAt(start) == separator) {
// Check if deserialization of binary RefAddr is allowed from
// 'javaReferenceAddress' LDAP attribute.
if (!VersionHelper.isSerialDataAllowed()) {
throw new NamingException("Object deserialization is not allowed");
}
// Double separators indicate a non-StringRefAddr // Double separators indicate a non-StringRefAddr
// Content is a Base64-encoded serialized RefAddr // Content is a Base64-encoded serialized RefAddr

2
src/java.naming/share/classes/com/sun/jndi/ldap/VersionHelper.java
View File

@ -82,7 +82,7 @@ public final class VersionHelper {
/** /**
* Returns true if deserialization of objects from 'javaSerializedData' * Returns true if deserialization of objects from 'javaSerializedData'
* LDAP attribute is allowed. * and 'javaReferenceAddress' LDAP attributes is allowed.
* *
* @return true if deserialization is allowed; false - otherwise * @return true if deserialization is allowed; false - otherwise
*/ */