ObjectInputStream.java (enableResolveObject): Use correct security check.

author Tom Tromey <tromey@redhat.com>

Fri, 21 Dec 2001 22:51:41 +0000 (22:51 +0000)

committer Tom Tromey <tromey@gcc.gnu.org>

Fri, 21 Dec 2001 22:51:41 +0000 (22:51 +0000)
author Tom Tromey <tromey@redhat.com>
Fri, 21 Dec 2001 22:51:41 +0000 (22:51 +0000)
committer Tom Tromey <tromey@gcc.gnu.org>
Fri, 21 Dec 2001 22:51:41 +0000 (22:51 +0000)
diff --git a/libjava/ChangeLog b/libjava/ChangeLog

index b4daf82ee9c9827c29e00515b37c27f2e5e92dcf..85b74ce70700a27b3ba629e15e1db85f3bbae11d 100644 (file)
--- a/libjava/ChangeLog
+++ b/libjava/ChangeLog
@@ -1,5 +1,10 @@
  2001-12-21  Tom Tromey  <tromey@redhat.com>
  
+       * java/io/ObjectInputStream.java (enableResolveObject): Use
+       correct security check.
+       * java/io/ObjectOutputStream.java (enableReplaceObject): Use
+       correct security check.
+
         Fix for PR java/5165:
         * java/lang/natClassLoader.cc (_Jv_PrepareCompiledClass):
         Convert any constant string field to a String; not just final
diff --git a/libjava/java/io/ObjectInputStream.java b/libjava/java/io/ObjectInputStream.java

index 7a67f3fb9a8a7eb7fe8ebfbe83f9a5ed1e8852b6..b530f4c045fbbaabb1823e042dc23d8a72e011d8 100644 (file)
--- a/libjava/java/io/ObjectInputStream.java
+++ b/libjava/java/io/ObjectInputStream.java
@@ -528,8 +528,11 @@ public class ObjectInputStream extends InputStream
      throws SecurityException
    {
      if (enable)
-      if (getClass ().getClassLoader () != null)
-       throw new SecurityException ("Untrusted ObjectInputStream subclass attempted to enable object resolution");
+      {
+       SecurityManager sm = System.getSecurityManager ();
+       if (sm != null)
+         sm.checkPermission (new SerializablePermission ("enableSubtitution"));
+      }
  
      boolean old_val = this.resolveEnabled;
      this.resolveEnabled = enable;
diff --git a/libjava/java/io/ObjectOutputStream.java b/libjava/java/io/ObjectOutputStream.java

index faf7ea1a21b37c96ed3afc6289206496f6445baa..26a1ee5f4b16c4bff1d008777671686ac7f4d056 100644 (file)
--- a/libjava/java/io/ObjectOutputStream.java
+++ b/libjava/java/io/ObjectOutputStream.java
@@ -1,5 +1,5 @@
  /* ObjectOutputStream.java -- Class used to write serialized objects
-   Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
+   Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
  
  This file is part of GNU Classpath.
  
@@ -550,8 +550,11 @@ public class ObjectOutputStream extends OutputStream
      throws SecurityException
    {
      if (enable)
-      if (getClass ().getClassLoader () != null)
-       throw new SecurityException ("Untrusted ObjectOutputStream subclass attempted to enable object replacement");
+      {
+       SecurityManager sm = System.getSecurityManager ();
+       if (sm != null)
+         sm.checkPermission (new SerializablePermission ("enableSubstitution"));
+      }
  
      boolean old_val = replacementEnabled;
      replacementEnabled = enable;
author	Tom Tromey <tromey@redhat.com>
	Fri, 21 Dec 2001 22:51:41 +0000 (22:51 +0000)
committer	Tom Tromey <tromey@gcc.gnu.org>
	Fri, 21 Dec 2001 22:51:41 +0000 (22:51 +0000)
libjava/ChangeLog		patch \| blob \| blame \| history
libjava/java/io/ObjectInputStream.java		patch \| blob \| blame \| history
libjava/java/io/ObjectOutputStream.java		patch \| blob \| blame \| history