#58597: Add more AccessController.doPrivileged. We should fix them later!

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1713813 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Uwe Schindler 2015-11-11 11:36:44 +00:00
parent b62cc549fe
commit da19b14670
2 changed files with 37 additions and 19 deletions

View File

@ -23,6 +23,8 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.PushbackInputStream;
import java.lang.reflect.Field;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.zip.InflaterInputStream;
import java.util.zip.ZipEntry;
import java.util.zip.ZipException;
@ -31,6 +33,7 @@ import java.util.zip.ZipInputStream;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.apache.poi.util.SuppressForbidden;
/**
* This class wraps a {@link ZipFile} in order to check the
@ -163,20 +166,27 @@ public class ZipSecureFile extends ZipFile {
return addThreshold(zipIS);
}
@SuppressWarnings("resource")
public static ThresholdInputStream addThreshold(InputStream zipIS) throws IOException {
public static ThresholdInputStream addThreshold(final InputStream zipIS) throws IOException {
ThresholdInputStream newInner;
if (zipIS instanceof InflaterInputStream) {
try {
Field f = FilterInputStream.class.getDeclaredField("in");
f.setAccessible(true);
InputStream oldInner = (InputStream)f.get(zipIS);
newInner = new ThresholdInputStream(oldInner, null);
f.set(zipIS, newInner);
} catch (Exception ex) {
logger.log(POILogger.WARN, "SecurityManager doesn't allow manipulation via reflection for zipbomb detection - continue with original input stream", ex);
newInner = null;
}
newInner = AccessController.doPrivileged(new PrivilegedAction<ThresholdInputStream>() {
@SuppressForbidden("TODO: Fix this to not use reflection (it will break in Java 9)! " +
"Better would be to wrap *before* instead of tyring to insert wrapper afterwards.")
public ThresholdInputStream run() {
ThresholdInputStream newInner = null;
try {
Field f = FilterInputStream.class.getDeclaredField("in");
f.setAccessible(true);
InputStream oldInner = (InputStream)f.get(zipIS);
newInner = new ThresholdInputStream(oldInner, null);
f.set(zipIS, newInner);
} catch (Exception ex) {
logger.log(POILogger.WARN, "SecurityManager doesn't allow manipulation via reflection for zipbomb detection - continue with original input stream", ex);
newInner = null;
}
return newInner;
}
});
} else {
// the inner stream is a ZipFileInputStream, i.e. the data wasn't compressed
newInner = null;

View File

@ -25,7 +25,9 @@ import java.io.OutputStream;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Enumeration;
@ -49,7 +51,6 @@ import org.junit.runner.JUnitCore;import org.junit.runner.Result;
* @author Yegor Kozlov
*/
public final class OOXMLLite {
private static Field _classes;
/**
* Destination directory to copy filtered classes
@ -214,12 +215,19 @@ public final class OOXMLLite {
// make the field accessible, we defer this from static initialization to here to
// allow JDKs which do not have this field (e.g. IBM JDK) to at least load the class
// without failing, see https://issues.apache.org/bugzilla/show_bug.cgi?id=56550
try {
_classes = ClassLoader.class.getDeclaredField("classes");
_classes.setAccessible(true);
} catch (Exception e) {
throw new RuntimeException(e);
}
final Field _classes = AccessController.doPrivileged(new PrivilegedAction<Field>() {
@SuppressForbidden("TODO: Reflection works until Java 8 on Oracle/Sun JDKs, but breaks afterwards (different classloader types, access checks)")
public Field run() {
try {
Field fld = ClassLoader.class.getDeclaredField("classes");
fld.setAccessible(true);
return fld;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
});
ClassLoader appLoader = ClassLoader.getSystemClassLoader();
try {