8031395: Enhance LDAP processing

Reviewed-by: vinnie, alanb, skoivu, ahgross
2026-05-21 02:48:02 +00:00 · 2014-01-09 17:41:41 +08:00 · 2014-01-09 17:41:41 +08:00 · b8fd19accd
commit b8fd19accd
parent 2afce421d5
2 changed files with 32 additions and 3 deletions
--- a/jdk/src/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java
+++ b/jdk/src/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java
@ -25,6 +25,10 @@

 package com.sun.jndi.ldap;

+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Vector;
 import javax.naming.*;
 import javax.naming.directory.*;
@ -36,6 +40,8 @@ import com.sun.jndi.toolkit.ctx.Continuation;
 final class LdapBindingEnumeration
        extends AbstractLdapNamingEnumeration<Binding> {

+    private final AccessControlContext acc = AccessController.getContext();
+
    LdapBindingEnumeration(LdapCtx homeCtx, LdapResult answer, Name remain,
        Continuation cont) throws NamingException
    {
@ -52,7 +58,16 @@ final class LdapBindingEnumeration

        if (attrs.get(Obj.JAVA_ATTRIBUTES[Obj.CLASSNAME]) != null) {
            // serialized object or object reference
-            obj = Obj.decodeObject(attrs);
+            try {
+                obj = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+                    @Override
+                    public Object run() throws NamingException {
+                        return Obj.decodeObject(attrs);
+                    }
+                }, acc);
+            } catch (PrivilegedActionException e) {
+                throw (NamingException)e.getException();
+            }
        }
        if (obj == null) {
            // DirContext object
--- a/jdk/src/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java
+++ b/jdk/src/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java
@ -25,6 +25,10 @@

 package com.sun.jndi.ldap;

+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Vector;
 import javax.naming.*;
 import javax.naming.directory.*;
@ -40,6 +44,8 @@ final class LdapSearchEnumeration
    private Name startName;             // prefix of names of search results
    private LdapCtx.SearchArgs searchArgs = null;

+    private final AccessControlContext acc = AccessController.getContext();
+
    LdapSearchEnumeration(LdapCtx homeCtx, LdapResult search_results,
        String starter, LdapCtx.SearchArgs args, Continuation cont)
        throws NamingException {
@ -112,8 +118,16 @@ final class LdapSearchEnumeration
            if (attrs.get(Obj.JAVA_ATTRIBUTES[Obj.CLASSNAME]) != null) {
                // Entry contains Java-object attributes (ser/ref object)
                // serialized object or object reference
-                obj = Obj.decodeObject(attrs);
-
+                try {
+                    obj = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+                        @Override
+                        public Object run() throws NamingException {
+                            return Obj.decodeObject(attrs);
+                        }
+                    }, acc);
+                } catch (PrivilegedActionException e) {
+                    throw (NamingException)e.getException();
+                }
            }
            if (obj == null) {
                obj = new LdapCtx(homeCtx, dn);