You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by ay...@apache.org on 2006/11/03 16:38:16 UTC
svn commit: r470861 - in
/incubator/harmony/enhanced/classlib/trunk/modules/luni/src:
main/java/java/io/ main/java/org/apache/harmony/luni/util/
test/java/org/apache/harmony/luni/tests/java/io/
Author: ayza
Date: Fri Nov 3 07:38:15 2006
New Revision: 470861
URL: http://svn.apache.org/viewvc?view=rev&rev=470861
Log:
applying patch for HARMONY-1920 "[classlib][luni] class replacement in ObjectInputStream.resolveClass() should not work for different class names
"
Modified:
incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/io/ObjectInputStream.java
incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/ExternalMessages.properties
incubator/harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/io/ObjectInputStreamTest.java
Modified: incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/io/ObjectInputStream.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/io/ObjectInputStream.java?view=diff&rev=470861&r1=470860&r2=470861
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/io/ObjectInputStream.java (original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/io/ObjectInputStream.java Fri Nov 3 07:38:15 2006
@@ -1661,6 +1661,8 @@
newClassDesc.setClass(resolveClass(newClassDesc));
// Check SUIDs
verifySUID(newClassDesc);
+ // Check base name of the class
+ verifyBaseName(newClassDesc);
} catch (ClassNotFoundException e) {
if (mustResolve) {
throw e;
@@ -2677,5 +2679,40 @@
.getString("K00da", loadedStreamClass, //$NON-NLS-1$
localStreamClass));
}
+ }
+
+ /**
+ * Verify if the base name for descriptor <code>loadedStreamClass</code>
+ * matches the base name of the corresponding loaded class.
+ *
+ * @param loadedStreamClass
+ * An ObjectStreamClass that was loaded from the stream.
+ *
+ * @throws InvalidClassException
+ * If the base name of the stream class does not match the VM class
+ */
+ private void verifyBaseName(ObjectStreamClass loadedStreamClass)
+ throws InvalidClassException {
+ Class<?> localClass = loadedStreamClass.forClass();
+ ObjectStreamClass localStreamClass = ObjectStreamClass
+ .lookupStreamClass(localClass);
+ String loadedClassBaseName = getBaseName(loadedStreamClass.getName());
+ String localClassBaseName = getBaseName(localStreamClass.getName());
+
+ if (!loadedClassBaseName.equals(localClassBaseName)) {
+ throw new InvalidClassException(loadedStreamClass.getName(), Msg
+ .getString("KA015", loadedClassBaseName, //$NON-NLS-1$
+ localClassBaseName));
+ }
+ }
+
+ private static String getBaseName(String fullName) {
+ int k = fullName.lastIndexOf(".");
+
+ if (k == -1 || k == (fullName.length() - 1)) {
+ return fullName;
+ } else {
+ return fullName.substring(k + 1);
+ }
}
}
Modified: incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/ExternalMessages.properties
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/ExternalMessages.properties?view=diff&rev=470861&r1=470860&r2=470861
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/ExternalMessages.properties (original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/org/apache/harmony/luni/util/ExternalMessages.properties Fri Nov 3 07:38:15 2006
@@ -306,4 +306,5 @@
KA012=No such file or directory
KA013=Number of bytes to skip cannot be negative
KA014=Invalit UUID string
+KA015=Incompatible class (base name)\: {0} but expected {1}
Modified: incubator/harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/io/ObjectInputStreamTest.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/io/ObjectInputStreamTest.java?view=diff&rev=470861&r1=470860&r2=470861
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/io/ObjectInputStreamTest.java (original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/luni/src/test/java/org/apache/harmony/luni/tests/java/io/ObjectInputStreamTest.java Fri Nov 3 07:38:15 2006
@@ -19,9 +19,12 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.InvalidClassException;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
+import java.io.ObjectStreamClass;
import java.io.ObjectStreamException;
import java.io.Serializable;
import java.util.ArrayList;
@@ -111,7 +114,56 @@
// expected
}
}
-
+
+ static class TestObjectInputStream extends ObjectInputStream {
+ public TestObjectInputStream(InputStream in) throws IOException {
+ super(in);
+ }
+
+ protected Class resolveClass(ObjectStreamClass desc)
+ throws IOException, ClassNotFoundException {
+ if (desc.getName().endsWith("ObjectInputStreamTest$TestClass1")) {
+ return TestClass2.class;
+ }
+ return super.resolveClass(desc);
+ }
+ }
+
+ static class TestClass1 implements Serializable {
+ private static final long serialVersionUID = 11111L;
+ int i = 0;
+ }
+
+ static class TestClass2 implements Serializable {
+ private static final long serialVersionUID = 11111L;
+ int i = 0;
+ }
+
+ public void test_resolveClass_invalidClassName()
+ throws Exception {
+ // Regression test for HARMONY-1920
+ TestClass1 to1 = new TestClass1();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ ObjectOutputStream oos = new ObjectOutputStream(baos);
+ ByteArrayInputStream bais;
+ ObjectInputStream ois;
+
+ to1.i = 555;
+ oos.writeObject(to1);
+ oos.flush();
+ byte[] bytes = baos.toByteArray();
+ bais = new ByteArrayInputStream(bytes);
+ ois = new TestObjectInputStream(bais);
+
+ try {
+ TestClass2 to2 = (TestClass2) ois.readObject();
+
+ fail("Should throw InvalidClassException");
+ } catch (InvalidClassException ice) {
+ // valid
+ ice.printStackTrace();
+ }
+ }
}