Mercurial > hg > release > icedtea-1.9
view patches/security/icedtea-6536193.patch @ 1768:3a122c249dda
Port latest security fixes from IcedTea6.
2009-04-06 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am:
Add new patches.
* patches/security/icedtea-6536193.patch,
* patches/security/icedtea-6610888.patch,
* patches/security/icedtea-6610896.patch,
* patches/security/icedtea-6630639.patch,
* patches/security/icedtea-6632886.patch,
* patches/security/icedtea-6636360.patch,
* patches/security/icedtea-6652463.patch,
* patches/security/icedtea-6656633.patch,
* patches/security/icedtea-6658158.patch,
* patches/security/icedtea-6691246.patch,
* patches/security/icedtea-6717680.patch,
* patches/security/icedtea-6721651.patch,
* patches/security/icedtea-6737315.patch,
* patches/security/icedtea-6792554.patch,
* patches/security/icedtea-6804996.patch,
* patches/security/icedtea-6804997.patch,
* patches/security/icedtea-6804998.patch:
Security patches ported from IcedTea6.
| author | Andrew John Hughes <ahughes@redhat.com> |
|---|---|
| date | Tue, 07 Apr 2009 01:02:17 +0100 |
| parents | |
| children |
line wrap: on
line source
diff -Nru openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java openjdk/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java --- openjdk.orig/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java 2009-04-06 17:03:00.000000000 +0100 +++ openjdk/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java 2009-04-06 17:06:08.000000000 +0100 @@ -33,6 +33,7 @@ import com.sun.xml.internal.bind.DatatypeConverterImpl; import com.sun.xml.internal.bind.v2.runtime.Name; import com.sun.xml.internal.bind.v2.runtime.XMLSerializer; +import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl; import org.xml.sax.SAXException; @@ -82,6 +83,11 @@ protected boolean closeStartTagPending = false; /** + * @see MarshallerImpl#header + */ + private String header; + + /** * * @param localNames * local names encoded in UTF-8. @@ -93,6 +99,9 @@ prefixes[i] = new Encoded(); } + public void setHeader(String header) { + this.header = header; + } public void startDocument(XMLSerializer serializer, boolean fragment, int[] nsUriIndex2prefixIndex, NamespaceContextImpl nsContext) throws IOException, SAXException, XMLStreamException { super.startDocument(serializer, fragment,nsUriIndex2prefixIndex,nsContext); @@ -101,6 +110,10 @@ if(!fragment) { write(XML_DECL); } + if(header!=null) { + textBuffer.set(header); + textBuffer.write(this); + } } public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException { @@ -391,11 +404,23 @@ return buf; } - private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\""); - private static final byte[] XMLNS_COLON = toBytes(" xmlns:"); - private static final byte[] EQUALS = toBytes("=\""); - private static final byte[] CLOSE_TAG = toBytes("</"); - private static final byte[] EMPTY_TAG = toBytes("/>"); + // per instance copy to prevent an attack where malicious OutputStream + // rewrites the byte array. + private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone(); + private final byte[] XMLNS_COLON = _XMLNS_COLON.clone(); + private final byte[] EQUALS = _EQUALS.clone(); + private final byte[] CLOSE_TAG = _CLOSE_TAG.clone(); + private final byte[] EMPTY_TAG = _EMPTY_TAG.clone(); + private final byte[] XML_DECL = _XML_DECL.clone(); + + // masters + private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\""); + private static final byte[] _XMLNS_COLON = toBytes(" xmlns:"); + private static final byte[] _EQUALS = toBytes("=\""); + private static final byte[] _CLOSE_TAG = toBytes("</"); + private static final byte[] _EMPTY_TAG = toBytes("/>"); + private static final byte[] _XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"); + + // no need to copy private static final byte[] EMPTY_BYTE_ARRAY = new byte[0]; - private static final byte[] XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"); }