1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From: Markus Koschany <apo@debian.org>
Date: Mon, 30 Jan 2017 17:47:46 +0100
Subject: CVE-2016-6814
Bug-Debian: https://bugs.debian.org/851408
Origin: http://seclists.org/oss-sec/2017/q1/92
---
src/main/org/codehaus/groovy/runtime/MethodClosure.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/main/org/codehaus/groovy/runtime/MethodClosure.java b/src/main/org/codehaus/groovy/runtime/MethodClosure.java
index 8e4fac8..6fceb3d 100644
--- a/src/main/org/codehaus/groovy/runtime/MethodClosure.java
+++ b/src/main/org/codehaus/groovy/runtime/MethodClosure.java
@@ -19,6 +19,7 @@ import groovy.lang.Closure;
import groovy.lang.MetaMethod;
import java.util.List;
+import java.io.IOException;
/**
@@ -69,6 +70,14 @@ public class MethodClosure extends Closure {
throw new UnsupportedOperationException();
}
+ private void readObject(java.io.ObjectInputStream stream) throws
+ IOException, ClassNotFoundException {
+ if (ALLOW_RESOLVE) {
+ stream.defaultReadObject();
+ }
+ throw new UnsupportedOperationException();
+ }
+
public Object getProperty(String property) {
if ("method".equals(property)) {
return getMethod();
|
