From 83341c99886a7e0d82a84f4dd46bdc601e8a9a7e Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE1987@gmx.net>
Date: Sun, 31 Jul 2016 14:17:07 +0200
Subject: [PATCH] chg: Proper runtime type checking for retrieved forms

Change-Id: Ie24b93bb189ec7a25620c45922a4ad1e5922230b
---
 src/org/cacert/gigi/output/template/Form.java | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/org/cacert/gigi/output/template/Form.java b/src/org/cacert/gigi/output/template/Form.java
index f2219581..3f7ab6d1 100644
--- a/src/org/cacert/gigi/output/template/Form.java
+++ b/src/org/cacert/gigi/output/template/Form.java
@@ -104,6 +104,7 @@ public abstract class Form implements Outputable {
      * @throws CSRFException
      *             if no CSRF-token is found or the token is wrong.
      */
+    @SuppressWarnings("unchecked")
     public static <T extends Form> T getForm(HttpServletRequest req, Class<T> target) throws CSRFException {
         String csrf = req.getParameter(CSRF_FIELD);
         if (csrf == null) {
@@ -113,10 +114,17 @@ public abstract class Form implements Outputable {
         if (hs == null) {
             throw new CSRFException();
         }
-        Form f = (Form) hs.getAttribute("form/" + target.getName() + "/" + csrf);
+        Object f = hs.getAttribute("form/" + target.getName() + "/" + csrf);
         if (f == null) {
             throw new CSRFException();
         }
+        if ( !(f instanceof Form)) {
+            throw new CSRFException();
+        }
+        if ( !target.isInstance(f)) {
+            throw new CSRFException();
+        }
+        // Dynamic Cast checked by previous if statement
         return (T) f;
     }
 
-- 
2.39.2