diff --git a/src/main/org/codehaus/groovy/runtime/MethodClosure.java b/src/main/org/codehaus/groovy/runtime/MethodClosure.java
index 828930f..d172df2 100644
--- a/src/main/org/codehaus/groovy/runtime/MethodClosure.java
+++ b/src/main/org/codehaus/groovy/runtime/MethodClosure.java
@@ -19,7 +19,7 @@ import groovy.lang.Closure;
import groovy.lang.MetaMethod;
import java.util.List;
-
+import java.io.IOException;
/**
* Represents a method on an object using a closure which can be invoked
@@ -30,6 +30,8 @@ import java.util.List;
*/
public class MethodClosure extends Closure {
+ public static boolean ALLOW_RESOLVE = false;
+
private String method;
public MethodClosure(Object owner, String method) {
@@ -66,6 +68,16 @@ public class MethodClosure extends Closure {
} else return super.getProperty(property);
}
+
+ // fix for CVE-2016-6814
+ // http://seclists.org/oss-sec/2017/q1/92
+ private void readObject(java.io.ObjectInputStream stream) throws IOException, ClassNotFoundException {
+ if (ALLOW_RESOLVE) {
+ stream.defaultReadObject();
+ }
+ throw new UnsupportedOperationException();
+ }
+
private Object readResolve() {
throw new UnsupportedOperationException();
}
distrib
>
Mageia
>
5
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
a02876f108c6c4f58987fb16886c95f3
>
files
>
1
