6736390: File TOCTOU deserialization vulnerability

Reviewed-by: hawtin

6736390: File TOCTOU deserialization vulnerability
Reviewed-by: hawtin
cb346a83 · alanb · a21484e3 · cb346a83
隐藏空白更改
内联并排

Showing with 4 addition and 3 deletion

src/share/classes/java/io/File.java src/share/classes/java/io/File.java +4 -3

未找到文件。
--- a/src/share/classes/java/io/File.java
+++ b/src/share/classes/java/io/File.java
@@ -2064,11 +2064,12 @@ public class File
    private synchronized void readObject(java.io.ObjectInputStream s)
         throws IOException, ClassNotFoundException
    {
-        s.defaultReadObject();
+        ObjectInputStream.GetField fields = s.readFields();
+        String pathField = (String)fields.get("path", null);
        char sep = s.readChar(); // read the previous separator char
        if (sep != separatorChar)
-            this.path = this.path.replace(sep, separatorChar);
+            pathField = pathField.replace(sep, separatorChar);
-        this.path = fs.normalize(this.path);
+        this.path = fs.normalize(pathField);
        this.prefixLength = fs.prefixLength(this.path);
    }