You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by li...@apache.org on 2021/11/25 06:20:21 UTC

[dubbo] 35/45: fix:暂时移除 java 序列化的检查

This is an automated email from the ASF dual-hosted git repository.

liujun pushed a commit to branch release/3.0.14-rpccontext-bugfix
in repository https://gitbox.apache.org/repos/asf/dubbo.git

commit 7060c2bbe0e7c5165e878c1cc296bd8fccc5c051
Author: 未宇 <li...@alibaba-inc.com>
AuthorDate: Thu Jan 7 15:43:16 2021 +0800

    fix:暂时移除 java 序列化的检查
---
 .../apache/dubbo/remoting/transport/CodecSupport.java | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
index 8c74fe5..3b0d82a 100644
--- a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
+++ b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
@@ -31,10 +31,6 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 
-import static org.apache.dubbo.common.serialize.Constants.COMPACTED_JAVA_SERIALIZATION_ID;
-import static org.apache.dubbo.common.serialize.Constants.JAVA_SERIALIZATION_ID;
-import static org.apache.dubbo.common.serialize.Constants.NATIVE_JAVA_SERIALIZATION_ID;
-
 public class CodecSupport {
 
     private static final Logger logger = LoggerFactory.getLogger(CodecSupport.class);
@@ -78,12 +74,17 @@ public class CodecSupport {
 
     public static Serialization getSerialization(URL url, Byte id) throws IOException {
         Serialization serialization = getSerializationById(id);
-        String serializationName = url.getParameter(Constants.SERIALIZATION_KEY, Constants.DEFAULT_REMOTING_SERIALIZATION);
+//        String serializationName = url.getParameter(Constants.SERIALIZATION_KEY, Constants.DEFAULT_REMOTING_SERIALIZATION);
+//        // Check if "serialization id" passed from network matches the id on this side(only take effect for JDK serialization), for security purpose.
+//        if (serialization == null
+//                || ((id == JAVA_SERIALIZATION_ID || id == NATIVE_JAVA_SERIALIZATION_ID || id == COMPACTED_JAVA_SERIALIZATION_ID)
+//                && !(serializationName.equals(ID_SERIALIZATIONNAME_MAP.get(id))))) {
+//            throw new IOException("Unexpected serialization id:" + id + " received from network, please check if the peer send the right id.");
+//        }
         // Check if "serialization id" passed from network matches the id on this side(only take effect for JDK serialization), for security purpose.
-        if (serialization == null
-                || ((id == JAVA_SERIALIZATION_ID || id == NATIVE_JAVA_SERIALIZATION_ID || id == COMPACTED_JAVA_SERIALIZATION_ID)
-                && !(serializationName.equals(ID_SERIALIZATIONNAME_MAP.get(id))))) {
-            throw new IOException("Unexpected serialization id:" + id + " received from network, please check if the peer send the right id.");
+        if (serialization == null) {
+            logger.error("Unexpected serialization id:" + id + " received from network, please check if the peer send the right id.");
+            serialization = getSerialization(url);
         }
         return serialization;
     }