summaryrefslogtreecommitdiffstats
path: root/libjava
diff options
context:
space:
mode:
Diffstat (limited to 'libjava')
-rw-r--r--libjava/ChangeLog5
-rw-r--r--libjava/java/io/ObjectInputStream.java7
-rw-r--r--libjava/java/io/ObjectOutputStream.java9
3 files changed, 16 insertions, 5 deletions
diff --git a/libjava/ChangeLog b/libjava/ChangeLog
index b4daf82ee9c..85b74ce7070 100644
--- a/libjava/ChangeLog
+++ b/libjava/ChangeLog
@@ -1,5 +1,10 @@
2001-12-21 Tom Tromey <tromey@redhat.com>
+ * java/io/ObjectInputStream.java (enableResolveObject): Use
+ correct security check.
+ * java/io/ObjectOutputStream.java (enableReplaceObject): Use
+ correct security check.
+
Fix for PR java/5165:
* java/lang/natClassLoader.cc (_Jv_PrepareCompiledClass):
Convert any constant string field to a String; not just final
diff --git a/libjava/java/io/ObjectInputStream.java b/libjava/java/io/ObjectInputStream.java
index 7a67f3fb9a8..b530f4c045f 100644
--- a/libjava/java/io/ObjectInputStream.java
+++ b/libjava/java/io/ObjectInputStream.java
@@ -528,8 +528,11 @@ public class ObjectInputStream extends InputStream
throws SecurityException
{
if (enable)
- if (getClass ().getClassLoader () != null)
- throw new SecurityException ("Untrusted ObjectInputStream subclass attempted to enable object resolution");
+ {
+ SecurityManager sm = System.getSecurityManager ();
+ if (sm != null)
+ sm.checkPermission (new SerializablePermission ("enableSubtitution"));
+ }
boolean old_val = this.resolveEnabled;
this.resolveEnabled = enable;
diff --git a/libjava/java/io/ObjectOutputStream.java b/libjava/java/io/ObjectOutputStream.java
index faf7ea1a21b..26a1ee5f4b1 100644
--- a/libjava/java/io/ObjectOutputStream.java
+++ b/libjava/java/io/ObjectOutputStream.java
@@ -1,5 +1,5 @@
/* ObjectOutputStream.java -- Class used to write serialized objects
- Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
+ Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -550,8 +550,11 @@ public class ObjectOutputStream extends OutputStream
throws SecurityException
{
if (enable)
- if (getClass ().getClassLoader () != null)
- throw new SecurityException ("Untrusted ObjectOutputStream subclass attempted to enable object replacement");
+ {
+ SecurityManager sm = System.getSecurityManager ();
+ if (sm != null)
+ sm.checkPermission (new SerializablePermission ("enableSubstitution"));
+ }
boolean old_val = replacementEnabled;
replacementEnabled = enable;
OpenPOWER on IntegriCloud