Author: [email protected]
Date: Mon Jun 15 14:00:16 2009
New Revision: 5559
Modified:
trunk/user/src/com/google/gwt/user/server/rpc/RPC.java
trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java
trunk/user/src/com/google/gwt/user/server/rpc/impl/ServerSerializationStreamReader.java
Log:
Add additional RPC sanity checks.
Patch by: meder
Review by: bobv
Modified: trunk/user/src/com/google/gwt/user/server/rpc/RPC.java
==============================================================================
--- trunk/user/src/com/google/gwt/user/server/rpc/RPC.java (original)
+++ trunk/user/src/com/google/gwt/user/server/rpc/RPC.java Mon Jun 15
14:00:16 2009
@@ -269,6 +269,9 @@
String serviceMethodName = streamReader.readString();
int paramCount = streamReader.readInt();
+ if (paramCount > streamReader.getNumberOfTokens()) {
+ throw new IncompatibleRemoteServiceException("Invalid number of
parameters");
+ }
Class<?>[] parameterTypes = new Class[paramCount];
for (int i = 0; i < parameterTypes.length; i++) {
Modified:
trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java
==============================================================================
--- trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java
(original)
+++ trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java
Mon Jun 15 14:00:16 2009
@@ -177,6 +177,9 @@
*/
public String processCall(String payload) throws SerializationException {
try {
+ if (getPermutationStrongName() == null) {
+ throw new SecurityException("Blocked request without GWT
permutation header(XSRF attack?)");
+ }
RPCRequest rpcRequest = RPC.decodeRequest(payload, this.getClass(),
this);
onAfterRequestDeserialized(rpcRequest);
return RPC.invokeAndEncodeResponse(this, rpcRequest.getMethod(),
Modified:
trunk/user/src/com/google/gwt/user/server/rpc/impl/ServerSerializationStreamReader.java
==============================================================================
---
trunk/user/src/com/google/gwt/user/server/rpc/impl/ServerSerializationStreamReader.java
(original)
+++
trunk/user/src/com/google/gwt/user/server/rpc/impl/ServerSerializationStreamReader.java
Mon Jun 15 14:00:16 2009
@@ -373,6 +373,10 @@
}
}
+ public int getNumberOfTokens() {
+ return tokenList.size();
+ }
+
public SerializationPolicy getSerializationPolicy() {
return serializationPolicy;
}
--~--~---------~--~----~------------~-------~--~----~
http://groups.google.com/group/Google-Web-Toolkit-Contributors
-~----------~----~----~----~------~----~------~--~---