Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- changeset: 5253:dfffff29f870
- user: malenkov
- date: Tue Jun 19 21:04:48 2012 +0400
- summary: 7162476: XMLDecoder security issue via ClassFinder
- diff -r 2c58f14f60c7 -r dfffff29f870 src/share/classes/com/sun/beans/finder/ClassFinder.java
- --- a/src/share/classes/com/sun/beans/finder/ClassFinder.java Tue Jun 19 20:06:56 2012 +0400
- +++ b/src/share/classes/com/sun/beans/finder/ClassFinder.java Tue Jun 19 21:04:48 2012 +0400
- @@ -1,5 +1,5 @@
- /*
- - * Copyright (c) 2006, 2008, Oracle and/or its affiliates. All rights reserved.
- + * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- @@ -24,6 +24,8 @@
- */
- package com.sun.beans.finder;
- +import static sun.reflect.misc.ReflectUtil.checkPackageAccess;
- +
- /**
- * This is utility class that provides {@code static} methods
- * to find a class with the specified name using the specified class loader.
- @@ -54,6 +56,7 @@
- * @see Thread#getContextClassLoader()
- */
- public static Class<?> findClass(String name) throws ClassNotFoundException {
- + checkPackageAccess(name);
- try {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- if (loader == null) {
- @@ -94,6 +97,7 @@
- * @see Class#forName(String,boolean,ClassLoader)
- */
- public static Class<?> findClass(String name, ClassLoader loader) throws ClassNotFoundException {
- + checkPackageAccess(name);
- if (loader != null) {
- try {
- return Class.forName(name, false, loader);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement