ObjectInputStream.java (enableResolveObject): Use correct security check.

* java/io/ObjectInputStream.java (enableResolveObject): Use correct security check. * java/io/ObjectOutputStream.java (enableReplaceObject): Use correct security check. From-SVN: r48256
2001-12-21 22:51:41 +00:00 · 2001-12-21 22:51:41 +00:00 · e3109d4c17
commit e3109d4c17
parent d47eb5d3f2
3 changed files with 16 additions and 5 deletions
--- a/libjava/ChangeLog
+++ b/libjava/ChangeLog
@ -1,5 +1,10 @@
 2001-12-21  Tom Tromey  <tromey@redhat.com>

+	* java/io/ObjectInputStream.java (enableResolveObject): Use
+	correct security check.
+	* java/io/ObjectOutputStream.java (enableReplaceObject): Use
+	correct security check.
+
 	Fix for PR java/5165:
 	* java/lang/natClassLoader.cc (_Jv_PrepareCompiledClass):
 	Convert any constant string field to a String; not just final
--- a/libjava/java/io/ObjectInputStream.java
+++ b/libjava/java/io/ObjectInputStream.java
@ -528,8 +528,11 @@ public class ObjectInputStream extends InputStream
    throws SecurityException
  {
    if (enable)
-      if (getClass ().getClassLoader () != null)
-	throw new SecurityException ("Untrusted ObjectInputStream subclass attempted to enable object resolution");
+      {
+	SecurityManager sm = System.getSecurityManager ();
+	if (sm != null)
+	  sm.checkPermission (new SerializablePermission ("enableSubtitution"));
+      }

    boolean old_val = this.resolveEnabled;
    this.resolveEnabled = enable;
--- a/libjava/java/io/ObjectOutputStream.java
+++ b/libjava/java/io/ObjectOutputStream.java
@ -1,5 +1,5 @@
 /* ObjectOutputStream.java -- Class used to write serialized objects
-   Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
+   Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.

 This file is part of GNU Classpath.

@ -550,8 +550,11 @@ public class ObjectOutputStream extends OutputStream
    throws SecurityException
  {
    if (enable)
-      if (getClass ().getClassLoader () != null)
-	throw new SecurityException ("Untrusted ObjectOutputStream subclass attempted to enable object replacement");
+      {
+	SecurityManager sm = System.getSecurityManager ();
+	if (sm != null)
+	  sm.checkPermission (new SerializablePermission ("enableSubstitution"));
+      }

    boolean old_val = replacementEnabled;
    replacementEnabled = enable;