6994263: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations

Reviewed-by: xuelei
2026-02-17 05:45:05 +00:00 · 2010-11-01 11:32:50 -04:00 · 2010-11-01 11:32:50 -04:00 · bb1d39eef8
commit bb1d39eef8
parent 5d95cda553
1 changed files with 3 additions and 6 deletions
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
@ -210,6 +210,8 @@ public final class Transform extends SignatureElementProxy {
    public static void init() {
        if (!alreadyInitialized) {
            transformClassHash = new HashMap(10);
+            // make sure builtin algorithms are all registered first
+            com.sun.org.apache.xml.internal.security.Init.init();
            alreadyInitialized = true;
        }
    }
@ -236,12 +238,7 @@ public final class Transform extends SignatureElementProxy {
               "algorithm.alreadyRegistered", exArgs);
        }

-        ClassLoader cl = (ClassLoader) AccessController.doPrivileged(
-            new PrivilegedAction() {
-                public Object run() {
-                    return Thread.currentThread().getContextClassLoader();
-                }
-            });
+        ClassLoader cl = Thread.currentThread().getContextClassLoader();

        try {
            transformClassHash.put