# HG changeset patch # User ramap # Date 1236637930 25200 # Node ID 91fc59916eb4503ba1e2a037769a7393171f3177 # Parent 5da0e6b9f4f18ef483c977337214b12ee0e1fc8f 6536193: Fix the flaw in UTF8XmlOutput Reviewed-by: tbell diff -r 5da0e6b9f4f1 -r 91fc59916eb4 jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java --- a/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Wed Jul 05 16:48:21 2017 +0200 +++ b/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java Mon Mar 09 15:32:10 2009 -0700 @@ -22,7 +22,6 @@ * CA 95054 USA or visit www.sun.com if you need additional information or * have any questions. */ - package com.sun.xml.internal.bind.v2.runtime.output; import java.io.IOException; @@ -33,6 +32,7 @@ import com.sun.xml.internal.bind.DatatypeConverterImpl; import com.sun.xml.internal.bind.v2.runtime.Name; import com.sun.xml.internal.bind.v2.runtime.XMLSerializer; +import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl; import org.xml.sax.SAXException; @@ -82,6 +82,11 @@ protected boolean closeStartTagPending = false; /** + * @see MarshallerImpl#header + */ + private String header; + + /** * * @param localNames * local names encoded in UTF-8. @@ -93,6 +98,10 @@ prefixes[i] = new Encoded(); } + public void setHeader(String header) { + this.header = header; + } + @Override public void startDocument(XMLSerializer serializer, boolean fragment, int[] nsUriIndex2prefixIndex, NamespaceContextImpl nsContext) throws IOException, SAXException, XMLStreamException { super.startDocument(serializer, fragment,nsUriIndex2prefixIndex,nsContext); @@ -101,6 +110,10 @@ if(!fragment) { write(XML_DECL); } + if(header!=null) { + textBuffer.set(header); + textBuffer.write(this); + } } public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException { @@ -377,13 +390,6 @@ octetBufferIndex = 0; } - public void flush() throws IOException { - flushBuffer(); - out.flush(); - } - - - static byte[] toBytes(String s) { byte[] buf = new byte[s.length()]; for( int i=s.length()-1; i>=0; i-- ) @@ -391,11 +397,23 @@ return buf; } - private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\""); - private static final byte[] XMLNS_COLON = toBytes(" xmlns:"); - private static final byte[] EQUALS = toBytes("=\""); - private static final byte[] CLOSE_TAG = toBytes(""); + // per instance copy to prevent an attack where malicious OutputStream + // rewrites the byte array. + private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone(); + private final byte[] XMLNS_COLON = _XMLNS_COLON.clone(); + private final byte[] EQUALS = _EQUALS.clone(); + private final byte[] CLOSE_TAG = _CLOSE_TAG.clone(); + private final byte[] EMPTY_TAG = _EMPTY_TAG.clone(); + private final byte[] XML_DECL = _XML_DECL.clone(); + + // masters + private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\""); + private static final byte[] _XMLNS_COLON = toBytes(" xmlns:"); + private static final byte[] _EQUALS = toBytes("=\""); + private static final byte[] _CLOSE_TAG = toBytes(""); + private static final byte[] _XML_DECL = toBytes(""); + + // no need to copy private static final byte[] EMPTY_BYTE_ARRAY = new byte[0]; - private static final byte[] XML_DECL = toBytes(""); }