6536193: Fix the flaw in UTF8XmlOutput
authorramap
Mon, 09 Mar 2009 15:32:10 -0700 (2009-03-09)
changeset 2675 91fc59916eb4
parent 2093 5da0e6b9f4f1
child 2676 e22d7be9f23a
6536193: Fix the flaw in UTF8XmlOutput Reviewed-by: tbell
jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java
--- a/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java	Wed Jul 05 16:48:21 2017 +0200
+++ b/jaxws/src/share/classes/com/sun/xml/internal/bind/v2/runtime/output/UTF8XmlOutput.java	Mon Mar 09 15:32:10 2009 -0700
@@ -22,7 +22,6 @@
  * CA 95054 USA or visit www.sun.com if you need additional information or
  * have any questions.
  */
-
 package com.sun.xml.internal.bind.v2.runtime.output;
 
 import java.io.IOException;
@@ -33,6 +32,7 @@
 import com.sun.xml.internal.bind.DatatypeConverterImpl;
 import com.sun.xml.internal.bind.v2.runtime.Name;
 import com.sun.xml.internal.bind.v2.runtime.XMLSerializer;
+import com.sun.xml.internal.bind.v2.runtime.MarshallerImpl;
 
 import org.xml.sax.SAXException;
 
@@ -82,6 +82,11 @@
     protected boolean closeStartTagPending = false;
 
     /**
+     * @see MarshallerImpl#header
+     */
+    private String header;
+
+    /**
      *
      * @param localNames
      *      local names encoded in UTF-8.
@@ -93,6 +98,10 @@
             prefixes[i] = new Encoded();
     }
 
+    public void setHeader(String header) {
+        this.header = header;
+    }
+
     @Override
     public void startDocument(XMLSerializer serializer, boolean fragment, int[] nsUriIndex2prefixIndex, NamespaceContextImpl nsContext) throws IOException, SAXException, XMLStreamException {
         super.startDocument(serializer, fragment,nsUriIndex2prefixIndex,nsContext);
@@ -101,6 +110,10 @@
         if(!fragment) {
             write(XML_DECL);
         }
+        if(header!=null) {
+            textBuffer.set(header);
+            textBuffer.write(this);
+        }
     }
 
     public void endDocument(boolean fragment) throws IOException, SAXException, XMLStreamException {
@@ -377,13 +390,6 @@
         octetBufferIndex = 0;
     }
 
-    public void flush() throws IOException {
-        flushBuffer();
-        out.flush();
-    }
-
-
-
     static byte[] toBytes(String s) {
         byte[] buf = new byte[s.length()];
         for( int i=s.length()-1; i>=0; i-- )
@@ -391,11 +397,23 @@
         return buf;
     }
 
-    private static final byte[] XMLNS_EQUALS = toBytes(" xmlns=\"");
-    private static final byte[] XMLNS_COLON = toBytes(" xmlns:");
-    private static final byte[] EQUALS = toBytes("=\"");
-    private static final byte[] CLOSE_TAG = toBytes("</");
-    private static final byte[] EMPTY_TAG = toBytes("/>");
+    // per instance copy to prevent an attack where malicious OutputStream
+    // rewrites the byte array.
+    private final byte[] XMLNS_EQUALS = _XMLNS_EQUALS.clone();
+    private final byte[] XMLNS_COLON = _XMLNS_COLON.clone();
+    private final byte[] EQUALS = _EQUALS.clone();
+    private final byte[] CLOSE_TAG = _CLOSE_TAG.clone();
+    private final byte[] EMPTY_TAG = _EMPTY_TAG.clone();
+    private final byte[] XML_DECL = _XML_DECL.clone();
+
+    // masters
+    private static final byte[] _XMLNS_EQUALS = toBytes(" xmlns=\"");
+    private static final byte[] _XMLNS_COLON = toBytes(" xmlns:");
+    private static final byte[] _EQUALS = toBytes("=\"");
+    private static final byte[] _CLOSE_TAG = toBytes("</");
+    private static final byte[] _EMPTY_TAG = toBytes("/>");
+    private static final byte[] _XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
+
+    // no need to copy
     private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
-    private static final byte[] XML_DECL = toBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
 }