summaryrefslogtreecommitdiff
path: root/java/openjdk6/files/icedtea/security/20130618/8000638-improve_deserialization.patch
diff options
context:
space:
mode:
Diffstat (limited to 'java/openjdk6/files/icedtea/security/20130618/8000638-improve_deserialization.patch')
-rw-r--r--java/openjdk6/files/icedtea/security/20130618/8000638-improve_deserialization.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/java/openjdk6/files/icedtea/security/20130618/8000638-improve_deserialization.patch b/java/openjdk6/files/icedtea/security/20130618/8000638-improve_deserialization.patch
new file mode 100644
index 000000000000..96611775f571
--- /dev/null
+++ b/java/openjdk6/files/icedtea/security/20130618/8000638-improve_deserialization.patch
@@ -0,0 +1,26 @@
+# HG changeset patch
+# User dmocek
+# Date 1362436455 28800
+# Node ID b1c99cf6c26d9df7ca7d02df1687064656c8ae71
+# Parent 8664ebe88635d671ed0134e9348d5e6caea81d0d
+8000638: Improve deserialization
+Reviewed-by: smarks, hawtin, mchung
+
+diff --git a/src/share/classes/java/io/ObjectStreamClass.java b/src/share/classes/java/io/ObjectStreamClass.java
+--- jdk/src/share/classes/java/io/ObjectStreamClass.java
++++ jdk/src/share/classes/java/io/ObjectStreamClass.java
+@@ -1135,7 +1135,14 @@
+ end = end.getSuperclass();
+ }
+
++ HashSet<String> oscNames = new HashSet<>(3);
++
+ for (ObjectStreamClass d = this; d != null; d = d.superDesc) {
++ if (oscNames.contains(d.name)) {
++ throw new InvalidClassException("Circular reference.");
++ } else {
++ oscNames.add(d.name);
++ }
+
+ // search up inheritance hierarchy for class with matching name
+ String searchName = (d.cl != null) ? d.cl.getName() : d.name;
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-09 11:16:39 +0000