On 11/7/17 6:48 AM, Christoph Dreis wrote:
======= PATCH =======
diff -r 67aa34b019e1 src/java.base/share/classes/java/io/ObjectInputFilter.java
--- a/src/java.base/share/classes/java/io/ObjectInputFilter.java Mon Nov
06 17:48:00 2017 -0800
+++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java Tue Nov
07 15:44:36 2017 +0100
@@ -656,8 +656,8 @@
* otherwise {@code false}
*/
private static boolean matchesPackage(Class<?> c, String pkg) {
- String n = c.getName();
- return n.startsWith(pkg) && n.lastIndexOf('.') == pkg.length()
- 1;
+ String n = c.getPackageName();
+ return n.length() == pkg.length() - 1 && n.startsWith(pkg);
}
This is correct but we could simplify this. We can modify the callers
to drop a trailing "." from the pkg parameter. I took the liberty to
revise it a little.
http://cr.openjdk.java.net/~mchung/jdk10/webrevs/8190733/webrev.00/
Roger - can you take a look at the change in ObjectInputFilter?
Mandy
