From fca4ceb1c6f62cf5f7053700648219cffbdcc1eb Mon Sep 17 00:00:00 2001 From: msheppar Date: Tue, 14 Jul 2015 16:49:41 +0100 Subject: [PATCH] 8076392: Improve IIOPInputStream consistency Reviewed-by: rriggs, coffeys, skoivu, ahgross --- .../sun/corba/se/impl/io/IIOPInputStream.java | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java b/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java index 0c3ff08..f3436b2 100644 --- a/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java +++ b/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java @@ -567,6 +567,11 @@ public class IIOPInputStream // XXX I18N, logging needed. throw new NotActiveException("defaultReadObjectDelegate"); + if (!currentClassDesc.forClass().isAssignableFrom( + currentObject.getClass())) { + throw new IOException("Object Type mismatch"); + } + // The array will be null unless fields were retrieved // remotely because of a serializable version difference. // Bug fix for 4365188. See the definition of @@ -2257,6 +2262,27 @@ public class IIOPInputStream try { Class fieldCl = fields[i].getClazz(); + if ((objectValue != null) + && (!fieldCl.isAssignableFrom( + objectValue.getClass()))) { + throw new IllegalArgumentException("Field mismatch"); + } + Field classField = null; + try { + classField = cl.getDeclaredField(fields[i].getName()); + } catch (NoSuchFieldException nsfEx) { + throw new IllegalArgumentException(nsfEx); + } catch (SecurityException secEx) { + throw new IllegalArgumentException(secEx.getCause()); + } + Class declaredFieldClass = classField.getType(); + + // check input field type is a declared field type + // input field is a subclass of the declared field + if (!declaredFieldClass.isAssignableFrom(fieldCl)) { + throw new IllegalArgumentException( + "Field Type mismatch"); + } if (objectValue != null && !fieldCl.isInstance(objectValue)) { throw new IllegalArgumentException(); } -- GitLab