archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 23:34:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8290367: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property

Browse source 
Reviewed-by: dfuchs, jpai
This commit is contained in:
Aleksei Efimov 2022-09-16 10:04:51 +00:00
parent 11e7d53b23
commit 7765942aee
13 changed files with 262 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/java.naming/share/classes/com/sun/jndi/ldap/VersionHelper.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -44,8 +44,8 @@ public final class VersionHelper {
private static final boolean trustURLCodebase;
/**
* Determines whether objects may be deserialized from the content of
* 'javaSerializedData' attribute.
* Determines whether objects may be deserialized or reconstructed from a content of
* 'javaSerializedData', 'javaRemoteLocation' or 'javaReferenceAddress' LDAP attributes.
*/
private static final boolean trustSerialData;
@ -56,10 +56,10 @@ public final class VersionHelper {
"com.sun.jndi.ldap.object.trustURLCodebase", "false");
trustURLCodebase = "true".equalsIgnoreCase(trust);
// System property to control whether classes is allowed to be loaded from
// 'javaSerializedData' attribute
// System property to control whether classes are allowed to be loaded from
// 'javaSerializedData', 'javaRemoteLocation' or 'javaReferenceAddress' attributes.
String trustSerialDataSp = getPrivilegedProperty(
"com.sun.jndi.ldap.object.trustSerialData", "true");
"com.sun.jndi.ldap.object.trustSerialData", "false");
trustSerialData = "true".equalsIgnoreCase(trustSerialDataSp);
}
@ -81,8 +81,9 @@ public final class VersionHelper {
}
/**
* Returns true if deserialization of objects from 'javaSerializedData'
* and 'javaReferenceAddress' LDAP attributes is allowed.
* Returns true if deserialization or reconstruction of objects from
* 'javaSerializedData', 'javaRemoteLocation' and 'javaReferenceAddress'
* LDAP attributes is allowed.
*
* @return true if deserialization is allowed; false - otherwise
*/