Mercurial > hg > release > icedtea7-forest-2.0 > jdk
changeset 4574:2d793ad2620f
7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
author | andrew |
---|---|
date | Fri, 14 Oct 2011 01:09:35 +0100 |
parents | 489108f8ddd1 |
children | 2054526dd141 |
files | src/share/classes/com/sun/net/ssl/HttpsURLConnection.java src/share/classes/javax/net/ssl/HttpsURLConnection.java |
diffstat | 2 files changed, 12 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/net/ssl/HttpsURLConnection.java Fri Oct 14 01:09:01 2011 +0100 +++ b/src/share/classes/com/sun/net/ssl/HttpsURLConnection.java Fri Oct 14 01:09:35 2011 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -179,6 +179,12 @@ throw new IllegalArgumentException( "no SSLSocketFactory specified"); } + + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkSetFactory(); + } + sslSocketFactory = sf; }
--- a/src/share/classes/javax/net/ssl/HttpsURLConnection.java Fri Oct 14 01:09:01 2011 +0100 +++ b/src/share/classes/javax/net/ssl/HttpsURLConnection.java Fri Oct 14 01:09:35 2011 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -357,6 +357,10 @@ "no SSLSocketFactory specified"); } + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkSetFactory(); + } sslSocketFactory = sf; }