86 = new Hashtable<>(101); 87 private static Hashtable<InetAddress, InetAddress> allowedAccessCache 88 = new Hashtable<>(3); 89 private static RegistryImpl registry; 90 private static ObjID id = new ObjID(ObjID.REGISTRY_ID); 91 92 private static ResourceBundle resources = null; 93 94 /** 95 * Property name of the RMI Registry serial filter to augment 96 * the built-in list of allowed types. 97 * Setting the property in the {@code lib/security/java.security} file 98 * will enable the augmented filter. 99 */ 100 private static final String REGISTRY_FILTER_PROPNAME = "sun.rmi.registry.registryFilter"; 101 102 /** Registry max depth of remote invocations. **/ 103 private static final int REGISTRY_MAX_DEPTH = 20; 104 105 /** Registry maximum array size in remote invocations. **/ 106 private static final int REGISTRY_MAX_ARRAY_SIZE = 10000; 107 108 /** 109 * The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"} 110 * property. 111 */ 112 private static final ObjectInputFilter registryFilter = 113 AccessController.doPrivileged((PrivilegedAction<ObjectInputFilter>)RegistryImpl::initRegistryFilter); 114 115 /** 116 * Initialize the registryFilter from the security properties or system property; if any 117 * @return an ObjectInputFilter, or null 118 */ 119 private static ObjectInputFilter initRegistryFilter() { 120 ObjectInputFilter filter = null; 121 String props = System.getProperty(REGISTRY_FILTER_PROPNAME); 122 if (props == null) { 123 props = Security.getProperty(REGISTRY_FILTER_PROPNAME); 124 } 125 if (props != null) { 126 filter = ObjectInputFilter.Config.createFilter(props); 127 Log regLog = Log.getLog("sun.rmi.registry", "registry", -1); 128 if (regLog.isLoggable(Log.BRIEF)) { 129 regLog.log(Log.BRIEF, "registryFilter = " + filter); 130 } 131 } 132 return filter; 133 } 134 135 /** 136 * Construct a new RegistryImpl on the specified port with the 137 * given custom socket factory pair. 138 */ 139 public RegistryImpl(int port, 140 RMIClientSocketFactory csf, 141 RMIServerSocketFactory ssf) 142 throws RemoteException 143 { 144 this(port, csf, ssf, RegistryImpl::registryFilter); 145 } 146 402 * @param filterInfo access to the class, array length, etc. 403 * @return {@link ObjectInputFilter.Status#ALLOWED} if allowed, 404 * {@link ObjectInputFilter.Status#REJECTED} if rejected, 405 * otherwise {@link ObjectInputFilter.Status#UNDECIDED} 406 */ 407 private static ObjectInputFilter.Status registryFilter(ObjectInputFilter.FilterInfo filterInfo) { 408 if (registryFilter != null) { 409 ObjectInputFilter.Status status = registryFilter.checkInput(filterInfo); 410 if (status != ObjectInputFilter.Status.UNDECIDED) { 411 // The Registry filter can override the built-in white-list 412 return status; 413 } 414 } 415 416 if (filterInfo.depth() > REGISTRY_MAX_DEPTH) { 417 return ObjectInputFilter.Status.REJECTED; 418 } 419 Class<?> clazz = filterInfo.serialClass(); 420 if (clazz != null) { 421 if (clazz.isArray()) { 422 if (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE) { 423 return ObjectInputFilter.Status.REJECTED; 424 } 425 do { 426 // Arrays are allowed depending on the component type 427 clazz = clazz.getComponentType(); 428 } while (clazz.isArray()); 429 } 430 if (clazz.isPrimitive()) { 431 // Arrays of primitives are allowed 432 return ObjectInputFilter.Status.ALLOWED; 433 } 434 if (String.class == clazz 435 || java.lang.Number.class.isAssignableFrom(clazz) 436 || Remote.class.isAssignableFrom(clazz) 437 || java.lang.reflect.Proxy.class.isAssignableFrom(clazz) 438 || UnicastRef.class.isAssignableFrom(clazz) 439 || RMIClientSocketFactory.class.isAssignableFrom(clazz) 440 || RMIServerSocketFactory.class.isAssignableFrom(clazz) 441 || java.rmi.activation.ActivationID.class.isAssignableFrom(clazz) 442 || java.rmi.server.UID.class.isAssignableFrom(clazz)) { 443 return ObjectInputFilter.Status.ALLOWED; 444 } else { 445 return ObjectInputFilter.Status.REJECTED; 446 } 447 } 448 return ObjectInputFilter.Status.UNDECIDED; 449 } 450 451 /** 452 * Main program to start a registry. <br> | 86 = new Hashtable<>(101); 87 private static Hashtable<InetAddress, InetAddress> allowedAccessCache 88 = new Hashtable<>(3); 89 private static RegistryImpl registry; 90 private static ObjID id = new ObjID(ObjID.REGISTRY_ID); 91 92 private static ResourceBundle resources = null; 93 94 /** 95 * Property name of the RMI Registry serial filter to augment 96 * the built-in list of allowed types. 97 * Setting the property in the {@code lib/security/java.security} file 98 * will enable the augmented filter. 99 */ 100 private static final String REGISTRY_FILTER_PROPNAME = "sun.rmi.registry.registryFilter"; 101 102 /** Registry max depth of remote invocations. **/ 103 private static final int REGISTRY_MAX_DEPTH = 20; 104 105 /** Registry maximum array size in remote invocations. **/ 106 private static final int REGISTRY_MAX_ARRAY_SIZE = 1_000_000; 107 108 /** 109 * The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"} 110 * property. 111 */ 112 private static final ObjectInputFilter registryFilter = 113 AccessController.doPrivileged((PrivilegedAction<ObjectInputFilter>)RegistryImpl::initRegistryFilter); 114 115 /** 116 * Initialize the registryFilter from the security properties or system property; if any 117 * @return an ObjectInputFilter, or null 118 */ 119 private static ObjectInputFilter initRegistryFilter() { 120 ObjectInputFilter filter = null; 121 String props = System.getProperty(REGISTRY_FILTER_PROPNAME); 122 if (props == null) { 123 props = Security.getProperty(REGISTRY_FILTER_PROPNAME); 124 } 125 if (props != null) { 126 filter = ObjectInputFilter.Config.createFilter2(props); 127 Log regLog = Log.getLog("sun.rmi.registry", "registry", -1); 128 if (regLog.isLoggable(Log.BRIEF)) { 129 regLog.log(Log.BRIEF, "registryFilter = " + filter); 130 } 131 } 132 return filter; 133 } 134 135 /** 136 * Construct a new RegistryImpl on the specified port with the 137 * given custom socket factory pair. 138 */ 139 public RegistryImpl(int port, 140 RMIClientSocketFactory csf, 141 RMIServerSocketFactory ssf) 142 throws RemoteException 143 { 144 this(port, csf, ssf, RegistryImpl::registryFilter); 145 } 146 402 * @param filterInfo access to the class, array length, etc. 403 * @return {@link ObjectInputFilter.Status#ALLOWED} if allowed, 404 * {@link ObjectInputFilter.Status#REJECTED} if rejected, 405 * otherwise {@link ObjectInputFilter.Status#UNDECIDED} 406 */ 407 private static ObjectInputFilter.Status registryFilter(ObjectInputFilter.FilterInfo filterInfo) { 408 if (registryFilter != null) { 409 ObjectInputFilter.Status status = registryFilter.checkInput(filterInfo); 410 if (status != ObjectInputFilter.Status.UNDECIDED) { 411 // The Registry filter can override the built-in white-list 412 return status; 413 } 414 } 415 416 if (filterInfo.depth() > REGISTRY_MAX_DEPTH) { 417 return ObjectInputFilter.Status.REJECTED; 418 } 419 Class<?> clazz = filterInfo.serialClass(); 420 if (clazz != null) { 421 if (clazz.isArray()) { 422 // Arrays are REJECTED only if they exceed the limit 423 return (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE) 424 ? ObjectInputFilter.Status.REJECTED 425 : ObjectInputFilter.Status.UNDECIDED; 426 } 427 if (String.class == clazz 428 || java.lang.Number.class.isAssignableFrom(clazz) 429 || Remote.class.isAssignableFrom(clazz) 430 || java.lang.reflect.Proxy.class.isAssignableFrom(clazz) 431 || UnicastRef.class.isAssignableFrom(clazz) 432 || RMIClientSocketFactory.class.isAssignableFrom(clazz) 433 || RMIServerSocketFactory.class.isAssignableFrom(clazz) 434 || java.rmi.activation.ActivationID.class.isAssignableFrom(clazz) 435 || java.rmi.server.UID.class.isAssignableFrom(clazz)) { 436 return ObjectInputFilter.Status.ALLOWED; 437 } else { 438 return ObjectInputFilter.Status.REJECTED; 439 } 440 } 441 return ObjectInputFilter.Status.UNDECIDED; 442 } 443 444 /** 445 * Main program to start a registry. <br> |