svn commit: r1589990 - /tomcat/trunk/java/org/apache/tomcat/util/descriptor/tld/TldParser.java

Fri, 25 Apr 2014 04:05:00 -0700 

Author: markt
Date: Fri Apr 25 11:04:24 2014
New Revision: 1589990

URL: http://svn.apache.org/r1589990
Log:
More defensive coding around some XML activities that are triggered by web 
applications and are therefore at potential risk of a memory leak.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/descriptor/tld/TldParser.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/descriptor/tld/TldParser.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/descriptor/tld/TldParser.java?rev=1589990&r1=1589989&r2=1589990&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/descriptor/tld/TldParser.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/descriptor/tld/TldParser.java Fri 
Apr 25 11:04:24 2014
@@ -18,13 +18,17 @@ package org.apache.tomcat.util.descripto
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.AccessController;
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.descriptor.Constants;
 import org.apache.tomcat.util.descriptor.DigesterFactory;
 import org.apache.tomcat.util.descriptor.XmlErrorHandler;
 import org.apache.tomcat.util.digester.Digester;
 import org.apache.tomcat.util.digester.RuleSet;
+import org.apache.tomcat.util.security.PrivilegedGetTccl;
+import org.apache.tomcat.util.security.PrivilegedSetTccl;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
@@ -47,7 +51,20 @@ public class TldParser {
     }
 
     public TaglibXml parse(TldResourcePath path) throws IOException, 
SAXException {
+        ClassLoader original;
+        if (Constants.IS_SECURITY_ENABLED) {
+            PrivilegedGetTccl pa = new PrivilegedGetTccl();
+            original = AccessController.doPrivileged(pa);
+        } else {
+            original = Thread.currentThread().getContextClassLoader();
+        }
         try (InputStream is = path.openStream()) {
+            if (Constants.IS_SECURITY_ENABLED) {
+                PrivilegedSetTccl pa = new 
PrivilegedSetTccl(TldParser.class.getClassLoader());
+                AccessController.doPrivileged(pa);
+            } else {
+                
Thread.currentThread().setContextClassLoader(TldParser.class.getClassLoader());
+            }
             XmlErrorHandler handler = new XmlErrorHandler();
             digester.setErrorHandler(handler);
 
@@ -67,6 +84,12 @@ public class TldParser {
             return taglibXml;
         } finally {
             digester.reset();
+            if (Constants.IS_SECURITY_ENABLED) {
+                PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
+                AccessController.doPrivileged(pa);
+            } else {
+                Thread.currentThread().setContextClassLoader(original);
+            }
         }
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to