Mercurial > hg > release > icedtea-1.9
view patches/security/icedtea-6737315.patch @ 1768:3a122c249dda
Port latest security fixes from IcedTea6.
2009-04-06 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am:
Add new patches.
* patches/security/icedtea-6536193.patch,
* patches/security/icedtea-6610888.patch,
* patches/security/icedtea-6610896.patch,
* patches/security/icedtea-6630639.patch,
* patches/security/icedtea-6632886.patch,
* patches/security/icedtea-6636360.patch,
* patches/security/icedtea-6652463.patch,
* patches/security/icedtea-6656633.patch,
* patches/security/icedtea-6658158.patch,
* patches/security/icedtea-6691246.patch,
* patches/security/icedtea-6717680.patch,
* patches/security/icedtea-6721651.patch,
* patches/security/icedtea-6737315.patch,
* patches/security/icedtea-6792554.patch,
* patches/security/icedtea-6804996.patch,
* patches/security/icedtea-6804997.patch,
* patches/security/icedtea-6804998.patch:
Security patches ported from IcedTea6.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Tue, 07 Apr 2009 01:02:17 +0100 |
parents | |
children |
line wrap: on
line source
--- old/./src/share/classes/com/sun/jndi/ldap/VersionHelper12.java Tue Mar 10 17:35:37 2009 +++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/VersionHelper12.java Tue Mar 10 17:35:36 2009 @@ -1,5 +1,5 @@ /* - * Copyright 1999 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,12 +33,33 @@ final class VersionHelper12 extends VersionHelper { + // System property to control whether classes may be loaded from an + // arbitrary URL code base. + private static final String TRUST_URL_CODEBASE_PROPERTY = + "com.sun.jndi.ldap.object.trustURLCodebase"; + + // Determine whether classes may be loaded from an arbitrary URL code base. + private static final String trustURLCodebase = + AccessController.doPrivileged( + new PrivilegedAction<String>() { + public String run() { + return System.getProperty(TRUST_URL_CODEBASE_PROPERTY, + "false"); + } + } + ); + VersionHelper12() {} // Disallow external from creating one of these. ClassLoader getURLClassLoader(String[] url) throws MalformedURLException { ClassLoader parent = getContextClassLoader(); - if (url != null) { + /* + * Classes may only be loaded from an arbitrary URL code base when + * the system property com.sun.jndi.ldap.object.trustURLCodebase + * has been set to "true". + */ + if (url != null && "true".equalsIgnoreCase(trustURLCodebase)) { return URLClassLoader.newInstance(getUrlArray(url), parent); } else { return parent;