From 905387a2395ab67ede61a5f7340e32a913959ed5 Mon Sep 17 00:00:00 2001 From: smarks Date: Thu, 8 Nov 2012 15:41:01 -0800 Subject: [PATCH] 7201070: Serialization to conform to protocol Reviewed-by: dmocek, ahgross, skoivu --- src/share/classes/java/io/ObjectInputStream.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/share/classes/java/io/ObjectInputStream.java b/src/share/classes/java/io/ObjectInputStream.java index 1963187ea..1125bb046 100644 --- a/src/share/classes/java/io/ObjectInputStream.java +++ b/src/share/classes/java/io/ObjectInputStream.java @@ -1752,6 +1752,12 @@ public class ObjectInputStream ObjectStreamClass desc = readClassDesc(false); desc.checkDeserialize(); + Class cl = desc.forClass(); + if (cl == String.class || cl == Class.class + || cl == ObjectStreamClass.class) { + throw new InvalidClassException("invalid class descriptor"); + } + Object obj; try { obj = desc.isInstantiable() ? desc.newInstance() : null; -- GitLab