6994263: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations
Reviewed-by: xuelei
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Fri Oct 29 23:55:34 2010 +0400
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Mon Nov 01 12:58:38 2010 -0700
@@ -247,6 +247,8 @@ public final class Transform extends Sig
if (!_alreadyInitialized) {
_transformHash = new HashMap(10);
+ // make sure builtin algorithms are all registered first
+ com.sun.org.apache.xml.internal.security.Init.init();
_alreadyInitialized = true;
}
}
@@ -274,19 +276,13 @@ public final class Transform extends Sig
"algorithm.alreadyRegistered", exArgs);
}
- ClassLoader cl = (ClassLoader) AccessController.doPrivileged(
- new PrivilegedAction() {
- public Object run() {
- return Thread.currentThread().getContextClassLoader();
- }
- });
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
try {
Transform._transformHash.put
(algorithmURI, Class.forName(implementingClass, true, cl));
} catch (ClassNotFoundException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
+ throw new RuntimeException(e);
}
}
}