diff --git a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java index 0c3ff08a7ad..c9d6320f65a 100644 --- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java @@ -567,6 +567,11 @@ public class IIOPInputStream // XXX I18N, logging needed. throw new NotActiveException("defaultReadObjectDelegate"); + if (!currentClassDesc.forClass().isAssignableFrom( + currentObject.getClass())) { + throw new IOException("Object Type mismatch"); + } + // The array will be null unless fields were retrieved // remotely because of a serializable version difference. // Bug fix for 4365188. See the definition of @@ -1063,6 +1068,9 @@ public class IIOPInputStream int spBase = spClass; // current top of stack + if (currentClass.getName().equals("java.lang.String")) { + return this.readUTF(); + } /* The object's classes should be processed from supertype to subtype * Push all the clases of the current object onto a stack. * Note that only the serializable classes are represented @@ -2257,6 +2265,27 @@ public class IIOPInputStream try { Class fieldCl = fields[i].getClazz(); + if ((objectValue != null) + && (!fieldCl.isAssignableFrom( + objectValue.getClass()))) { + throw new IllegalArgumentException("Field mismatch"); + } + Field classField = null; + try { + classField = cl.getDeclaredField(fields[i].getName()); + } catch (NoSuchFieldException nsfEx) { + throw new IllegalArgumentException(nsfEx); + } catch (SecurityException secEx) { + throw new IllegalArgumentException(secEx.getCause()); + } + Class declaredFieldClass = classField.getType(); + + // check input field type is a declared field type + // input field is a subclass of the declared field + if (!declaredFieldClass.isAssignableFrom(fieldCl)) { + throw new IllegalArgumentException( + "Field Type mismatch"); + } if (objectValue != null && !fieldCl.isInstance(objectValue)) { throw new IllegalArgumentException(); } diff --git a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java index 1ca9e118cfd..a8fcb186c8b 100644 --- a/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java +++ b/corba/src/java.corba/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java @@ -559,6 +559,10 @@ public class IIOPOutputStream * Push all the clases of the current object onto a stack. * Remember the stack pointer where this set of classes is being pushed. */ + if (currentClassDesc.forClass().getName().equals("java.lang.String")) { + this.writeUTF((String)obj); + return; + } int stackMark = classDescStack.size(); try { ObjectStreamClass next; diff --git a/corba/src/jdk.rmic/share/classes/sun/rmi/rmic/iiop/StubGenerator.java b/corba/src/jdk.rmic/share/classes/sun/rmi/rmic/iiop/StubGenerator.java index 0d41c1edb90..bceb86cf774 100644 --- a/corba/src/jdk.rmic/share/classes/sun/rmi/rmic/iiop/StubGenerator.java +++ b/corba/src/jdk.rmic/share/classes/sun/rmi/rmic/iiop/StubGenerator.java @@ -446,6 +446,9 @@ public class StubGenerator extends sun.rmi.rmic.iiop.Generator { if (emitPermissionCheck) { // produce the following generated code for example + // + // private transient boolean _instantiated = false; + // // private static Void checkPermission() { // SecurityManager sm = System.getSecurityManager(); // if (sm != null) { @@ -460,11 +463,21 @@ public class StubGenerator extends sun.rmi.rmic.iiop.Generator { // // public _XXXXX_Stub() { // this(checkPermission()); + // _instantiated = true; + // } + // + // private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException { + // checkPermission(); + // s.defaultReadObject(); + // _instantiated = true; // } // // where XXXXX is the name of the remote interface p.pln(); + p.plnI("private transient boolean _instantiated = false;"); + p.pln(); + p.pO(); p.plnI("private static Void checkPermission() {"); p.plnI("SecurityManager sm = System.getSecurityManager();"); p.pln("if (sm != null) {"); @@ -481,13 +494,23 @@ public class StubGenerator extends sun.rmi.rmic.iiop.Generator { p.pO(); p.pI(); - p.pln("private " + currentClass + "(Void ignore) { }"); + p.plnI("private " + currentClass + "(Void ignore) { }"); p.pln(); + p.pO(); p.plnI("public " + currentClass + "() { "); p.pln("this(checkPermission());"); + p.pln("_instantiated = true;"); p.pOln("}"); p.pln(); + p.plnI("private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException {"); + p.plnI("checkPermission();"); + p.pO(); + p.pln("s.defaultReadObject();"); + p.pln("_instantiated = true;"); + p.pOln("}"); + p.pln(); + //p.pO(); } if (!emitPermissionCheck) { @@ -894,6 +917,7 @@ public class StubGenerator extends sun.rmi.rmic.iiop.Generator { String paramNames[] = method.getArgumentNames(); Type returnType = method.getReturnType(); ValueType[] exceptions = getStubExceptions(method,false); + boolean hasIOException = false; addNamesInUse(method); addNameInUse("_type_ids"); @@ -921,6 +945,13 @@ public class StubGenerator extends sun.rmi.rmic.iiop.Generator { p.plnI(" {"); // Now create the method body... + if (emitPermissionCheck) { + p.pln("if ((System.getSecurityManager() != null) && (!_instantiated)) {"); + p.plnI(" throw new java.io.IOError(new java.io.IOException(\"InvalidObject \"));"); + p.pOln("}"); + p.pln(); + } + if (localStubs) { writeLocalStubMethodBody(p,method,theType);