Mercurial > hg > openjdk > jdk6 > jaxws

changeset 29:b045b9c5f23b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6536193: Fix the flaw in UTF8XmlOutput Reviewed-by: tbell
author ramap
date Thu, 05 Mar 2009 16:58:37 -0800
parents 08c667c9edc5
children 6d6e84c678bb
files src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java
diffstat 1 files changed, 32 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java	Fri Jan 30 17:21:28 2009 -0800
+++ b/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java	Thu Mar 05 16:58:37 2009 -0800
@@ -32,6 +32,7 @@
 import com.sun.xml.internal.bind.DatatypeConverterImpl;
 import com.sun.xml.internal.bind.v2.runtime.Name;
 import com.sun.xml.internal.bind.v2.runtime.XMLSerializer;
+import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl;
 
 import org.xml.sax.SAXException;
 
@@ -81,6 +82,11 @@
     protected boolean closeStartTagPending = false;
 
     /**
+     * @see MarshallerImpl#header
+     */
+    private String header;
+
+    /**
      *
      * @param localNames
      *      local names encoded in UTF-8.
@@ -92,6 +98,10 @@
             prefixes[i] = new Encoded();
     }
 
+    public void setHeader(String header) {
+        this.header = header;
+    }
+
     @Override
     public void startDocument(XMLSerializer serializer, boolean fragment, int[] nsUriIndex2prefixIndex, NamespaceContextImpl nsContext) throws IOException, SAXException, XMLStreamException {
         super.startDocument(serializer, fragment,nsUriIndex2prefixIndex,nsContext);
@@ -100,6 +110,10 @@
         if(!fragment) {
             write(XML_DECL);
         }
+        if(header!=null) {
+            textBuffer.set(header);
+            textBuffer.write(this);
+        }
     }
 
     public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException {
@@ -383,11 +397,23 @@
         return buf;
     }
 
-    private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\"");
-    private static final byte[] XMLNS_COLON = toBytes(" xmlns:");
-    private static final byte[] EQUALS = toBytes("=\"");
-    private static final byte[] CLOSE_TAG = toBytes("</");
-    private static final byte[] EMPTY_TAG = toBytes("/>");
+    // per instance copy to prevent an attack where malicious OutputStream
+    // rewrites the byte array.
+    private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone();
+    private final byte[] XMLNS_COLON = _XMLNS_COLON.clone();
+    private final byte[] EQUALS = _EQUALS.clone();
+    private final byte[] CLOSE_TAG = _CLOSE_TAG.clone();
+    private final byte[] EMPTY_TAG = _EMPTY_TAG.clone();
+    private final byte[] XML_DECL = _XML_DECL.clone();
+
+    // masters
+    private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\"");
+    private static final byte[] _XMLNS_COLON = toBytes(" xmlns:");
+    private static final byte[] _EQUALS = toBytes("=\"");
+    private static final byte[] _CLOSE_TAG = toBytes("</");
+    private static final byte[] _EMPTY_TAG = toBytes("/>");
+    private static final byte[] _XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
+
+    // no need to copy
     private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
-    private static final byte[] XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
 }