svn commit: r1589997 - /tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java

Fri, 25 Apr 2014 04:25:26 -0700 

Author: markt
Date: Fri Apr 25 11:24:47 2014
New Revision: 1589997

URL: http://svn.apache.org/r1589997
Log:
More defensive coding around some XML activities that are triggered by web 
applications and are therefore at potential risk of a memory leak.

Modified:
    tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java

Modified: tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java?rev=1589997&r1=1589996&r2=1589997&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java Fri 
Apr 25 11:24:47 2014
@@ -18,6 +18,7 @@ package org.apache.jasper.xmlparser;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.AccessController;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -29,6 +30,8 @@ import org.apache.jasper.compiler.Locali
 import org.apache.tomcat.util.descriptor.DigesterFactory;
 import org.apache.tomcat.util.descriptor.LocalResolver;
 import org.apache.tomcat.util.descriptor.XmlErrorHandler;
+import org.apache.tomcat.util.security.PrivilegedGetTccl;
+import org.apache.tomcat.util.security.PrivilegedSetTccl;
 import org.w3c.dom.Comment;
 import org.w3c.dom.Document;
 import org.w3c.dom.NamedNodeMap;
@@ -92,7 +95,23 @@ public class ParserUtils {
         Document document = null;
 
         // Perform an XML parse of this document, via JAXP
+        ClassLoader original;
+        if (Constants.IS_SECURITY_ENABLED) {
+            PrivilegedGetTccl pa = new PrivilegedGetTccl();
+            original = AccessController.doPrivileged(pa);
+        } else {
+            original = Thread.currentThread().getContextClassLoader();
+        }
         try {
+            if (Constants.IS_SECURITY_ENABLED) {
+                PrivilegedSetTccl pa =
+                        new 
PrivilegedSetTccl(ParserUtils.class.getClassLoader());
+                AccessController.doPrivileged(pa);
+            } else {
+                Thread.currentThread().setContextClassLoader(
+                        ParserUtils.class.getClassLoader());
+            }
+            
             DocumentBuilderFactory factory =
                 DocumentBuilderFactory.newInstance();
             factory.setNamespaceAware(true);
@@ -132,6 +151,13 @@ public class ParserUtils {
         } catch (IOException io) {
             throw new JasperException
                 (Localizer.getMessage("jsp.error.parse.xml", location), io);
+        } finally {
+            if (Constants.IS_SECURITY_ENABLED) {
+                PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
+                AccessController.doPrivileged(pa);
+            } else {
+                Thread.currentThread().setContextClassLoader(original);
+            }
         }
 
         // Convert the resulting document to a graph of TreeNodes



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to