6994263: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations

Reviewed-by: xuelei

6994263: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations
Reviewed-by: xuelei
99d10947 · mullan · 198c02c6 · 99d10947
显示空白变更内容
内联并排

Showing with 3 addition and 6 deletion

src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java ...rg/apache/xml/internal/security/transforms/Transform.java +3 -6

未找到文件。
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
@@ -210,6 +210,8 @@ public final class Transform extends SignatureElementProxy {
    public static void init() {
        if (!alreadyInitialized) {
            transformClassHash = new HashMap(10);
+            // make sure builtin algorithms are all registered first
+            com.sun.org.apache.xml.internal.security.Init.init();
            alreadyInitialized = true;
        }
    }
@@ -236,12 +238,7 @@ public final class Transform extends SignatureElementProxy {
               "algorithm.alreadyRegistered", exArgs);
        }
-        ClassLoader cl = (ClassLoader) AccessController.doPrivileged(
+        ClassLoader cl = Thread.currentThread().getContextClassLoader();
-            new PrivilegedAction() {
-                public Object run() {
-                    return Thread.currentThread().getContextClassLoader();
-                }
-            });
        try {
            transformClassHash.put