6994263: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations
Reviewed-by: xuelei
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Sat Oct 30 00:24:45 2010 +0400
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Mon Nov 01 11:32:50 2010 -0400
@@ -210,6 +210,8 @@
public static void init() {
if (!alreadyInitialized) {
transformClassHash = new HashMap(10);
+ // make sure builtin algorithms are all registered first
+ com.sun.org.apache.xml.internal.security.Init.init();
alreadyInitialized = true;
}
}
@@ -236,12 +238,7 @@
"algorithm.alreadyRegistered", exArgs);
}
- ClassLoader cl = (ClassLoader) AccessController.doPrivileged(
- new PrivilegedAction() {
- public Object run() {
- return Thread.currentThread().getContextClassLoader();
- }
- });
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
try {
transformClassHash.put