loader StandardClassLoader.java WebappClassLoader.java WebappLoader.java

jfarcand Wed, 16 Oct 2002 08:42:23 -0700

jfarcand    2002/10/16 09:08:29

  Modified:    catalina/src/share/org/apache/catalina/loader
                        StandardClassLoader.java WebappClassLoader.java
                        WebappLoader.java
  Log:
  Security Audit. Protect the findRepositories public method by cloning the String[] 
values. This method is no used right now. Should I remove it instead of protecting it?
  
  Revision  Changes    Path
  1.5       +7 -6      
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java
  
  Index: StandardClassLoader.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- StandardClassLoader.java  11 Oct 2002 16:08:59 -0000      1.4
  +++ StandardClassLoader.java  16 Oct 2002 16:08:28 -0000      1.5
  @@ -429,11 +429,12 @@
       /**
        * Return a String array of the current repositories for this class
        * loader.  If there are no repositories, a zero-length array is
  -     * returned.
  +     * returned. For security reason, returns a clone of the Array (since 
  +     * String are immutable).
        */
       public String[] findRepositories() {
   
  -        return (repositories);
  +        return ((String[])repositories.clone());
   
       }
   
  
  
  
  1.10      +7 -6      
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
  
  Index: WebappClassLoader.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- WebappClassLoader.java    11 Oct 2002 15:52:01 -0000      1.9
  +++ WebappClassLoader.java    16 Oct 2002 16:08:29 -0000      1.10
  @@ -668,11 +668,12 @@
       /**
        * Return a String array of the current repositories for this class
        * loader.  If there are no repositories, a zero-length array is
  -     * returned.
  +     * returned.For security reason, returns a clone of the Array (since 
  +     * String are immutable).
        */
       public String[] findRepositories() {
   
  -        return (repositories);
  +        return ((String[])repositories.clone());
   
       }
   
  
  
  
  1.5       +7 -5      
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/loader/WebappLoader.java
  
  Index: WebappLoader.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/loader/WebappLoader.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- WebappLoader.java 20 Sep 2002 21:22:31 -0000      1.4
  +++ WebappLoader.java 16 Oct 2002 16:08:29 -0000      1.5
  @@ -536,10 +536,12 @@
       /**
        * Return the set of repositories defined for this class loader.
        * If none are defined, a zero-length array is returned.
  +     * For security reason, returns a clone of the Array (since 
  +     * String are immutable).
        */
       public String[] findRepositories() {
   
  -        return (repositories);
  +        return ((String[])repositories.clone());
   
       }


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/loader StandardClassLoader.java WebappClassLoader.java WebappLoader.java

Reply via email to