From 9753729bbb753b19367f4211e3f554b0902bcc01 Mon Sep 17 00:00:00 2001 From: rriggs Date: Tue, 15 Oct 2019 15:05:33 -0400 Subject: [PATCH] 8230967: Improve Registry support of clients Reviewed-by: skoivu, smarks, rhalade --- .../java/rmi/server/RemoteObjectInvocationHandler.java | 10 +++++++++- .../classes/sun/rmi/transport/tcp/TCPEndpoint.java | 6 +++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java b/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java index c17eac6cf..3482b274c 100644 --- a/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java +++ b/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import java.lang.reflect.InvocationHandler; import java.lang.reflect.Method; import java.lang.reflect.Proxy; import java.rmi.Remote; +import java.rmi.RemoteException; import java.rmi.UnexpectedException; import java.rmi.activation.Activatable; import java.security.PrivilegedAction; @@ -224,6 +225,13 @@ public class RemoteObjectInvocationHandler throw new IllegalArgumentException( "proxy not Remote instance"); } + + // Verify that the method is declared on an interface that extends Remote + Class decl = method.getDeclaringClass(); + if (!Remote.class.isAssignableFrom(decl)) { + throw new RemoteException("Method is not Remote: " + decl + "::" + method); + } + return ref.invoke((Remote) proxy, method, args, getMethodHash(method)); } catch (Exception e) { diff --git a/src/share/classes/sun/rmi/transport/tcp/TCPEndpoint.java b/src/share/classes/sun/rmi/transport/tcp/TCPEndpoint.java index d7338219a..0d849ed7f 100644 --- a/src/share/classes/sun/rmi/transport/tcp/TCPEndpoint.java +++ b/src/share/classes/sun/rmi/transport/tcp/TCPEndpoint.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import java.io.DataOutput; import java.io.IOException; import java.io.ObjectInput; import java.io.ObjectOutput; +import java.lang.reflect.Proxy; import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; @@ -553,6 +554,9 @@ public class TCPEndpoint implements Endpoint { host = in.readUTF(); port = in.readInt(); csf = (RMIClientSocketFactory) in.readObject(); + if (Proxy.isProxyClass(csf.getClass())) { + throw new IOException("Invalid SocketFactory"); + } break; default: -- GitLab