Author: b...@google.com Date: Mon Jun 15 14:00:16 2009 New Revision: 5559 Modified: trunk/user/src/com/google/gwt/user/server/rpc/RPC.java trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java trunk/user/src/com/google/gwt/user/server/rpc/impl/ServerSerializationStreamReader.java
Log: Add additional RPC sanity checks. Patch by: meder Review by: bobv Modified: trunk/user/src/com/google/gwt/user/server/rpc/RPC.java ============================================================================== --- trunk/user/src/com/google/gwt/user/server/rpc/RPC.java (original) +++ trunk/user/src/com/google/gwt/user/server/rpc/RPC.java Mon Jun 15 14:00:16 2009 @@ -269,6 +269,9 @@ String serviceMethodName = streamReader.readString(); int paramCount = streamReader.readInt(); + if (paramCount > streamReader.getNumberOfTokens()) { + throw new IncompatibleRemoteServiceException("Invalid number of parameters"); + } Class<?>[] parameterTypes = new Class[paramCount]; for (int i = 0; i < parameterTypes.length; i++) { Modified: trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java ============================================================================== --- trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java (original) +++ trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java Mon Jun 15 14:00:16 2009 @@ -177,6 +177,9 @@ */ public String processCall(String payload) throws SerializationException { try { + if (getPermutationStrongName() == null) { + throw new SecurityException("Blocked request without GWT permutation header(XSRF attack?)"); + } RPCRequest rpcRequest = RPC.decodeRequest(payload, this.getClass(), this); onAfterRequestDeserialized(rpcRequest); return RPC.invokeAndEncodeResponse(this, rpcRequest.getMethod(), Modified: trunk/user/src/com/google/gwt/user/server/rpc/impl/ServerSerializationStreamReader.java ============================================================================== --- trunk/user/src/com/google/gwt/user/server/rpc/impl/ServerSerializationStreamReader.java (original) +++ trunk/user/src/com/google/gwt/user/server/rpc/impl/ServerSerializationStreamReader.java Mon Jun 15 14:00:16 2009 @@ -373,6 +373,10 @@ } } + public int getNumberOfTokens() { + return tokenList.size(); + } + public SerializationPolicy getSerializationPolicy() { return serializationPolicy; } --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/Google-Web-Toolkit-Contributors -~----------~----~----~----~------~----~------~--~---