diff --git a/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java b/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java index 0c3ff08a7adc1be2bbf6087dd4c5ddc0a546b113..f3436b2c3c9e314946dd8deb036240a75ef60edb 100644 --- a/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java +++ b/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java @@ -567,6 +567,11 @@ public class IIOPInputStream // XXX I18N, logging needed. throw new NotActiveException("defaultReadObjectDelegate"); + if (!currentClassDesc.forClass().isAssignableFrom( + currentObject.getClass())) { + throw new IOException("Object Type mismatch"); + } + // The array will be null unless fields were retrieved // remotely because of a serializable version difference. // Bug fix for 4365188. See the definition of @@ -2257,6 +2262,27 @@ public class IIOPInputStream try { Class fieldCl = fields[i].getClazz(); + if ((objectValue != null) + && (!fieldCl.isAssignableFrom( + objectValue.getClass()))) { + throw new IllegalArgumentException("Field mismatch"); + } + Field classField = null; + try { + classField = cl.getDeclaredField(fields[i].getName()); + } catch (NoSuchFieldException nsfEx) { + throw new IllegalArgumentException(nsfEx); + } catch (SecurityException secEx) { + throw new IllegalArgumentException(secEx.getCause()); + } + Class declaredFieldClass = classField.getType(); + + // check input field type is a declared field type + // input field is a subclass of the declared field + if (!declaredFieldClass.isAssignableFrom(fieldCl)) { + throw new IllegalArgumentException( + "Field Type mismatch"); + } if (objectValue != null && !fieldCl.isInstance(objectValue)) { throw new IllegalArgumentException(); }