More defensive coding around some XML activities that are triggered b…

…y web applications and are therefore at potential risk of a memory leak. This is part 6 of 7 of the fix for CVE-2014-0119 git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1589990 13f79535-47bb-0310-9956-ffa450edef68
apache · Apr 25, 2014 · 77e014c · 77e014c
1 parent 7223e81
commit 77e014c
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/java/org/apache/tomcat/util/descriptor/tld/TldParser.java b/java/org/apache/tomcat/util/descriptor/tld/TldParser.java
@@ -18,13 +18,17 @@
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.AccessController;
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.descriptor.Constants;
 import org.apache.tomcat.util.descriptor.DigesterFactory;
 import org.apache.tomcat.util.descriptor.XmlErrorHandler;
 import org.apache.tomcat.util.digester.Digester;
 import org.apache.tomcat.util.digester.RuleSet;
+import org.apache.tomcat.util.security.PrivilegedGetTccl;
+import org.apache.tomcat.util.security.PrivilegedSetTccl;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
@@ -47,7 +51,20 @@ public TldParser(boolean namespaceAware, boolean validation, RuleSet ruleSet,
     }
 
     public TaglibXml parse(TldResourcePath path) throws IOException, SAXException {
+        ClassLoader original;
+        if (Constants.IS_SECURITY_ENABLED) {
+            PrivilegedGetTccl pa = new PrivilegedGetTccl();
+            original = AccessController.doPrivileged(pa);
+        } else {
+            original = Thread.currentThread().getContextClassLoader();
+        }
         try (InputStream is = path.openStream()) {
+            if (Constants.IS_SECURITY_ENABLED) {
+                PrivilegedSetTccl pa = new PrivilegedSetTccl(TldParser.class.getClassLoader());
+                AccessController.doPrivileged(pa);
+            } else {
+                Thread.currentThread().setContextClassLoader(TldParser.class.getClassLoader());
+            }
             XmlErrorHandler handler = new XmlErrorHandler();
             digester.setErrorHandler(handler);
 
@@ -67,6 +84,12 @@ public TaglibXml parse(TldResourcePath path) throws IOException, SAXException {
             return taglibXml;
         } finally {
             digester.reset();
+            if (Constants.IS_SECURITY_ENABLED) {
+                PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
+                AccessController.doPrivileged(pa);
+            } else {
+                Thread.currentThread().setContextClassLoader(original);
+            }
         }
     }