Mercurial > hg > icedtea9-forest > jaxws

changeset 39:e9a89ac171c7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix for 6536193.
author andrew
date Tue, 14 Apr 2009 16:20:59 +0100
parents 41a66a42791b
children 7ec1c2555929
files src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java
diffstat 1 files changed, 31 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java	Mon Mar 09 13:34:04 2009 -0700
+++ b/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java	Tue Apr 14 16:20:59 2009 +0100
@@ -33,6 +33,7 @@
 import com.sun.xml.internal.bind.DatatypeConverterImpl;
 import com.sun.xml.internal.bind.v2.runtime.Name;
 import com.sun.xml.internal.bind.v2.runtime.XMLSerializer;
+import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl;
 
 import org.xml.sax.SAXException;
 
@@ -82,6 +83,11 @@
     protected boolean closeStartTagPending = false;
 
     /**
+     * @see MarshallerImpl#header
+     */
+    private String header;
+
+    /**
      *
      * @param localNames
      *      local names encoded in UTF-8.
@@ -101,6 +107,10 @@
         if(!fragment) {
             write(XML_DECL);
         }
+        if(header!=null) {
+            textBuffer.set(header);
+            textBuffer.write(this);
+        }
     }
 
     public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException {
@@ -382,6 +392,9 @@
         out.flush();
     }
 
+    public void setHeader(String header) {
+        this.header = header;
+    }
 
 
     static byte[] toBytes(String s) {
@@ -391,11 +404,23 @@
         return buf;
     }
 
-    private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\"");
-    private static final byte[] XMLNS_COLON = toBytes(" xmlns:");
-    private static final byte[] EQUALS = toBytes("=\"");
-    private static final byte[] CLOSE_TAG = toBytes("</");
-    private static final byte[] EMPTY_TAG = toBytes("/>");
+    // per instance copy to prevent an attack where malicious OutputStream
+    // rewrites the byte array.
+    private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone();
+    private final byte[] XMLNS_COLON = _XMLNS_COLON.clone();
+    private final byte[] EQUALS = _EQUALS.clone();
+    private final byte[] CLOSE_TAG = _CLOSE_TAG.clone();
+    private final byte[] EMPTY_TAG = _EMPTY_TAG.clone();
+    private final byte[] XML_DECL = _XML_DECL.clone();
+
+    // masters
+    private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\"");
+    private static final byte[] _XMLNS_COLON = toBytes(" xmlns:");
+    private static final byte[] _EQUALS = toBytes("=\"");
+    private static final byte[] _CLOSE_TAG = toBytes("</");
+    private static final byte[] _EMPTY_TAG = toBytes("/>");
+    private static final byte[] _XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
+
+    // no need to copy
     private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
-    private static final byte[] XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
 }