RFR: 8254161: Prevent instantiation of EnumSet subclasses through deserialization
Chris Hegarty
chegar at openjdk.java.net
Mon Oct 12 16:08:17 UTC 2020
TL;DR add EnumSet::readObjectNoData()
EnumSet is an exemplar of the Serialization Proxy Pattern. As such, it
should strictly implement that pattern and demonstrate how best to
defend against inappropriate instantiation through deserialization.
EnumSet is an extensible class. There are two subclasses in the JDK,
RegularEnumSet and JumboEnumSet. Since the serialization of an EnumSet
object writes a replacement object to the serial stream, a serial proxy
object, then stream objects of type RegularEnumSet or JumboEnumSet are
not expected in the serial stream. However, if they are present in the
serial stream, then, during deserialization, the EnumSet::readObject
method will be invoked. EnumSet::readObject unconditionally throws an
exception, thus preventing further deserialization of the stream object.
In this way, stream objects that are subclasses of EnumSet are prevented
from being instantiated through deserialization. But this is not
sufficient to prevent such in all scenarios.
A stream object whose local class equivalent of the specified stream
class descriptor is a subclasses of EnumSet, but whose specified stream
class descriptor does not list EnumSet as a superClass, may be
instantiated through deserialization. Since the stream class descriptor
does not list EnumSet as a superclass, then the defensive
EnumSet::readObject is never invoked. To prevent such objects from
being deserialized, an EnumSet::readObjectNoData() should be added -
whose implementation unconditionally throws an exception, similar to
that of the existing EnumSet::readObject.
-------------
Commit messages:
- Initial changes for 8254161 - Prevent instantiation of EnumSet subclasses through deserialization
Changes: https://git.openjdk.java.net/jdk/pull/611/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=611&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8254161
Stats: 11 lines in 1 file changed: 11 ins; 0 del; 0 mod
Patch: https://git.openjdk.java.net/jdk/pull/611.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/611/head:pull/611
PR: https://git.openjdk.java.net/jdk/pull/611
More information about the core-libs-dev
mailing list