diff options
author | Neil Fuller <nfuller@google.com> | 2014-06-25 17:54:12 +0100 |
---|---|---|
committer | Paul Kocialkowski <contact@paulk.fr> | 2015-08-30 23:04:25 +0200 |
commit | 74ebabb6156cd62e8fb877f08caf3c88f357fdcd (patch) | |
tree | 019bc345af31fd3e83d6b8978b3849d964c0f8c4 /luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java | |
parent | b32087cc78dfd13aac9e6476266cf211b179af2f (diff) | |
download | libcore-74ebabb6156cd62e8fb877f08caf3c88f357fdcd.zip libcore-74ebabb6156cd62e8fb877f08caf3c88f357fdcd.tar.gz libcore-74ebabb6156cd62e8fb877f08caf3c88f357fdcd.tar.bz2 |
Add additional checks in ObjectInputStream
Thanks to Jann Horn for reporting a bug in ObjectInputStream
and sending the initial patch.
Add some checks that the class of an object
being deserialized still conforms to the requirements
for serialization.
Add some checks that the class being deserialized matches
the type information (enum, serializable, externalizable)
held in the stream.
Delayed static initialization of classes until the
type of the class has been validated against the stream
content in some cases.
Added more tests.
Bug: 15874291
(cherry picked from commit 738c833d38d41f8f76eb7e77ab39add82b1ae1e2)
Change-Id: I9f5437ed60936882de56589537176466624e631d
Signed-off-by: Neil Fuller <nfuller@google.com>
Tested-by: Moritz Bandemer <replicant@posteo.mx>
Diffstat (limited to 'luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java')
0 files changed, 0 insertions, 0 deletions