changeset 481:db9f076b2aed

6994263: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations Reviewed-by: xuelei
author mullan
date Mon, 01 Nov 2010 12:58:38 -0700
parents 5e70dbac6a7d
children e4d58ab3cda2
files src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
diffstat 1 files changed, 4 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java	Fri Oct 29 23:55:34 2010 +0400
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java	Mon Nov 01 12:58:38 2010 -0700
@@ -247,6 +247,8 @@
 
       if (!_alreadyInitialized) {
          _transformHash = new HashMap(10);
+         // make sure builtin algorithms are all registered first
+         com.sun.org.apache.xml.internal.security.Init.init();
          _alreadyInitialized = true;
       }
    }
@@ -274,19 +276,13 @@
                "algorithm.alreadyRegistered", exArgs);
          }
 
-         ClassLoader cl = (ClassLoader) AccessController.doPrivileged(
-             new PrivilegedAction() {
-                 public Object run() {
-                     return Thread.currentThread().getContextClassLoader();
-                 }
-             });
+         ClassLoader cl = Thread.currentThread().getContextClassLoader();
 
          try {
              Transform._transformHash.put
                  (algorithmURI, Class.forName(implementingClass, true, cl));
          } catch (ClassNotFoundException e) {
-             // TODO Auto-generated catch block
-             e.printStackTrace();
+             throw new RuntimeException(e);
          }
       }
    }