Mercurial > hg > release > icedtea7-forest-2.5 > jdk
changeset 7221:8a60b069f9cd
Merge
author | asaha |
---|---|
date | Thu, 31 Oct 2013 14:40:59 -0700 |
parents | ec12a8266386 (current diff) 07004bb53c3c (diff) |
children | 8afbbdc15c3c |
files | |
diffstat | 1 files changed, 27 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java Tue Oct 29 09:09:11 2013 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java Thu Oct 31 14:40:59 2013 -0700 @@ -63,6 +63,9 @@ public abstract class CanonicalizerBase extends CanonicalizerSpi { //Constants to be outputed, In char array form, so //less garbage is generate when outputed. + // + // Make sure you clone the following mutable arrays before passing to + // potentially untrusted objects such as OutputStreams. private static final byte[] _END_PI = {'?','>'}; private static final byte[] _BEGIN_PI = {'<','?'}; private static final byte[] _END_COMM = {'-','-','>'}; @@ -75,10 +78,11 @@ private static final byte[] _LT_ = {'&','l','t',';'}; private static final byte[] _END_TAG = {'<','/'}; private static final byte[] _AMP_ = {'&','a','m','p',';'}; + private static final byte[] _EQUALS_STR = {'=','\"'}; + final static AttrCompare COMPARE=new AttrCompare(); final static String XML="xml"; final static String XMLNS="xmlns"; - final static byte[] equalsStr= {'=','\"'}; static final int NODE_BEFORE_DOCUMENT_ELEMENT = -1; static final int NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT = 0; static final int NODE_AFTER_DOCUMENT_ELEMENT = 1; @@ -302,7 +306,7 @@ writer.write('>'); sibling= currentNode.getFirstChild(); if (sibling==null) { - writer.write(_END_TAG); + writer.write(_END_TAG.clone()); UtfHelpper.writeStringToUtf8(name,writer); writer.write('>'); //We fineshed with this level, pop to the previous definitions. @@ -316,7 +320,7 @@ break; } while (sibling==null && parentNode!=null) { - writer.write(_END_TAG); + writer.write(_END_TAG.clone()); UtfHelpper.writeByte(((Element)parentNode).getTagName(),writer,cache); writer.write('>'); //We fineshed with this level, pop to the previous definitions. @@ -472,7 +476,7 @@ if (sibling==null) { if (currentNodeIsVisible) { - writer.write(_END_TAG); + writer.write(_END_TAG.clone()); UtfHelpper.writeByte(name,writer,cache); writer.write('>'); //We fineshed with this level, pop to the previous definitions. @@ -490,7 +494,7 @@ } while (sibling==null && parentNode!=null) { if (isVisible(parentNode)) { - writer.write(_END_TAG); + writer.write(_END_TAG.clone()); UtfHelpper.writeByte(((Element)parentNode).getTagName(),writer,cache); writer.write('>'); //We fineshed with this level, pop to the previous definitions. @@ -653,7 +657,7 @@ final Map cache) throws IOException { writer.write(' '); UtfHelpper.writeByte(name,writer,cache); - writer.write(equalsStr); + writer.write(_EQUALS_STR.clone()); byte []toWrite; final int length = value.length(); int i=0; @@ -663,27 +667,27 @@ switch (c) { case '&' : - toWrite=_AMP_; + toWrite=_AMP_.clone(); break; case '<' : - toWrite=_LT_; + toWrite=_LT_.clone(); break; case '"' : - toWrite=_QUOT_; + toWrite=_QUOT_.clone(); break; case 0x09 : // '\t' - toWrite=__X9_; + toWrite=__X9_.clone(); break; case 0x0A : // '\n' - toWrite=__XA_; + toWrite=__XA_.clone(); break; case 0x0D : // '\r' - toWrite=__XD_; + toWrite=__XD_.clone(); break; default : @@ -712,7 +716,7 @@ if (position == NODE_AFTER_DOCUMENT_ELEMENT) { writer.write('\n'); } - writer.write(_BEGIN_PI); + writer.write(_BEGIN_PI.clone()); final String target = currentPI.getTarget(); int length = target.length(); @@ -720,7 +724,7 @@ for (int i = 0; i < length; i++) { char c=target.charAt(i); if (c==0x0D) { - writer.write(__XD_); + writer.write(__XD_.clone()); } else { if (c < 0x80) { writer.write(c); @@ -740,14 +744,14 @@ for (int i = 0; i < length; i++) { char c=data.charAt(i); if (c==0x0D) { - writer.write(__XD_); + writer.write(__XD_.clone()); } else { UtfHelpper.writeCharToUtf8(c,writer); } } } - writer.write(_END_PI); + writer.write(_END_PI.clone()); if (position == NODE_BEFORE_DOCUMENT_ELEMENT) { writer.write('\n'); } @@ -764,7 +768,7 @@ if (position == NODE_AFTER_DOCUMENT_ELEMENT) { writer.write('\n'); } - writer.write(_BEGIN_COMM); + writer.write(_BEGIN_COMM.clone()); final String data = currentComment.getData(); final int length = data.length(); @@ -772,7 +776,7 @@ for (int i = 0; i < length; i++) { char c=data.charAt(i); if (c==0x0D) { - writer.write(__XD_); + writer.write(__XD_.clone()); } else { if (c < 0x80) { writer.write(c); @@ -782,7 +786,7 @@ } } - writer.write(_END_COMM); + writer.write(_END_COMM.clone()); if (position == NODE_BEFORE_DOCUMENT_ELEMENT) { writer.write('\n'); } @@ -804,19 +808,19 @@ switch (c) { case '&' : - toWrite=_AMP_; + toWrite=_AMP_.clone(); break; case '<' : - toWrite=_LT_; + toWrite=_LT_.clone(); break; case '>' : - toWrite=_GT_; + toWrite=_GT_.clone(); break; case 0xD : - toWrite=__XD_; + toWrite=__XD_.clone(); break; default :