1 files changed, 61 insertions, 0 deletions

diff --git a/java/openjdk6/files/icedtea/security/20130416/8001322.patch b/java/openjdk6/files/icedtea/security/20130416/8001322.patch
new file mode 100644
index 000000000000..766d7270a1ab
--- /dev/null
+++ b/java/openjdk6/files/icedtea/security/20130416/8001322.patch
@@ -0,0 +1,61 @@
+# HG changeset patch
+# User dfuchs
+# Date 1363010839 -3600
+# Node ID 4a3260353853c3590ceb915337e21fe17aa07dbd
+# Parent  ac0858a12d62c384c53a048a634d25dc1f8f1b72
+8001322: Refactor deserialization
+Reviewed-by: mchung, skoivu, smarks
+
+diff --git a/src/share/classes/java/io/ObjectInputStream.java b/src/share/classes/java/io/ObjectInputStream.java
+--- jdk/src/share/classes/java/io/ObjectInputStream.java
++++ jdk/src/share/classes/java/io/ObjectInputStream.java
+@@ -41,6 +41,7 @@
+ import java.util.concurrent.ConcurrentMap;
+ import java.util.concurrent.atomic.AtomicBoolean;
+ import static java.io.ObjectStreamClass.processQueue;
++import sun.reflect.misc.ReflectUtil;
+ 
+ /**
+  * An ObjectInputStream deserializes primitive data and objects previously
+@@ -1518,6 +1519,12 @@
+         }
+     }
+ 
++    private boolean isCustomSubclass() {
++        // Return true if this class is a custom subclass of ObjectInputStream
++        return getClass().getClassLoader()
++                    != ObjectInputStream.class.getClassLoader();
++    }
++
+     /**
+      * Reads in and returns class descriptor for a dynamic proxy class.  Sets
+      * passHandle to proxy class descriptor's assigned handle.  If proxy class
+@@ -1547,6 +1554,15 @@
+         try {
+             if ((cl = resolveProxyClass(ifaces)) == null) {
+                 resolveEx = new ClassNotFoundException("null class");
++            } else if (!Proxy.isProxyClass(cl)) {
++                throw new InvalidClassException("Not a proxy");
++            } else {
++                // ReflectUtil.checkProxyPackageAccess makes a test
++                // equivalent to isCustomSubclass so there's no need
++                // to condition this call to isCustomSubclass == true here.
++                ReflectUtil.checkProxyPackageAccess(
++                        getClass().getClassLoader(),
++                        cl.getInterfaces());
+             }
+         } catch (ClassNotFoundException ex) {
+             resolveEx = ex;
+@@ -1588,9 +1604,12 @@
+         Class cl = null;
+         ClassNotFoundException resolveEx = null;
+         bin.setBlockDataMode(true);
++        final boolean checksRequired = isCustomSubclass();
+         try {
+             if ((cl = resolveClass(readDesc)) == null) {
+                 resolveEx = new ClassNotFoundException("null class");
++            } else if (checksRequired) {
++                ReflectUtil.checkPackageAccess(cl);
+             }
+         } catch (ClassNotFoundException ex) {
+             resolveEx = ex;