infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-01-28 12:09:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

8356694: Removed unused subclass audits in ObjectInput/OutputStream

Browse Source 
Reviewed-by: alanb, rriggs
This commit is contained in:
Chen Liang 2025-05-14 00:03:20 +00:00
parent 4c0a0ab6bc
commit a96424b24c
2 changed files with 2 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/java.base/share/classes/java/io/ObjectInputStream.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -255,14 +255,6 @@ public class ObjectInputStream
private static final Object unsharedMarker = new Object();
private static class Caches {
/** cache of subclass security audit results */
static final ClassValue<Boolean> subclassAudits =
new ClassValue<>() {
@Override
protected Boolean computeValue(Class<?> type) {
return auditSubclass(type);
}
};
/**
* Property to permit setting a filter after objects
@ -1544,31 +1536,6 @@ public class ObjectInputStream
public abstract Object get(String name, Object val) throws IOException, ClassNotFoundException;
}
/**
* Performs reflective checks on given subclass to verify that it doesn't
* override security-sensitive non-final methods. Returns TRUE if subclass
* is "safe", FALSE otherwise.
*/
private static Boolean auditSubclass(Class<?> subcl) {
for (Class<?> cl = subcl;
cl != ObjectInputStream.class;
cl = cl.getSuperclass())
{
try {
cl.getDeclaredMethod(
"readUnshared", (Class[]) null);
return Boolean.FALSE;
} catch (NoSuchMethodException ex) {
}
try {
cl.getDeclaredMethod("readFields", (Class[]) null);
return Boolean.FALSE;
} catch (NoSuchMethodException ex) {
}
}
return Boolean.TRUE;
}
/**
* Clears internal data structures.
*/

38
src/java.base/share/classes/java/io/ObjectOutputStream.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2025, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2024, Alibaba Group Holding Limited. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
@ -174,17 +174,6 @@ public class ObjectOutputStream
{
private static final JavaLangAccess JLA = SharedSecrets.getJavaLangAccess();
private static class Caches {
/** cache of subclass security audit results */
static final ClassValue<Boolean> subclassAudits =
new ClassValue<>() {
@Override
protected Boolean computeValue(Class<?> type) {
return auditSubclass(type);
}
};
}
/** filter stream for handling block data conversion */
private final BlockDataOutputStream bout;
/** obj -> wire handle map */
@ -1003,31 +992,6 @@ public class ObjectOutputStream
}
}
/**
* Performs reflective checks on given subclass to verify that it doesn't
* override security-sensitive non-final methods. Returns TRUE if subclass
* is "safe", FALSE otherwise.
*/
private static Boolean auditSubclass(Class<?> subcl) {
for (Class<?> cl = subcl;
cl != ObjectOutputStream.class;
cl = cl.getSuperclass())
{
try {
cl.getDeclaredMethod(
"writeUnshared", new Class<?>[] { Object.class });
return Boolean.FALSE;
} catch (NoSuchMethodException ex) {
}
try {
cl.getDeclaredMethod("putFields", (Class<?>[]) null);
return Boolean.FALSE;
} catch (NoSuchMethodException ex) {
}
}
return Boolean.TRUE;
}
/**
* Clears internal data structures.
*/