changeset: 5253:dfffff29f870user: malenkovdate: Tue Jun 19 2

1. changeset:   5253:dfffff29f870
2. user:        malenkov
3. date:        Tue Jun 19 21:04:48 2012 +0400
4. summary:     7162476: XMLDecoder security issue via ClassFinder
5.  
6. diff -r 2c58f14f60c7 -r dfffff29f870 src/share/classes/com/sun/beans/finder/ClassFinder.java
7. --- a/src/share/classes/com/sun/beans/finder/ClassFinder.java   Tue Jun 19 20:06:56 2012 +0400
8. +++ b/src/share/classes/com/sun/beans/finder/ClassFinder.java   Tue Jun 19 21:04:48 2012 +0400
9. @@ -1,5 +1,5 @@
10.  /*
11. - * Copyright (c) 2006, 2008, Oracle and/or its affiliates. All rights reserved.
12. + * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
13.   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
14.   *
15.   * This code is free software; you can redistribute it and/or modify it
16. @@ -24,6 +24,8 @@
17.   */
18.  package com.sun.beans.finder;
19.  
20. +import static sun.reflect.misc.ReflectUtil.checkPackageAccess;
21. +
22.  /**
23.   * This is utility class that provides {@code static} methods
24.   * to find a class with the specified name using the specified class loader.
25. @@ -54,6 +56,7 @@
26.       * @see Thread#getContextClassLoader()
27.       */
28.      public static Class<?> findClass(String name) throws ClassNotFoundException {
29. +        checkPackageAccess(name);
30.          try {
31.              ClassLoader loader = Thread.currentThread().getContextClassLoader();
32.              if (loader == null) {
33. @@ -94,6 +97,7 @@
34.       * @see Class#forName(String,boolean,ClassLoader)
35.       */
36.      public static Class<?> findClass(String name, ClassLoader loader) throws ClassNotFoundException {
37. +        checkPackageAccess(name);
38.          if (loader != null) {
39.              try {
40.                  return Class.forName(name, false, loader);