diff options
| author | Omair Majid <[email protected]> | 2012-10-05 23:02:53 -0400 |
|---|---|---|
| committer | Omair Majid <[email protected]> | 2012-10-05 23:02:53 -0400 |
| commit | ab6aca7146d2f436672f7766fc3d50a228aad5f5 (patch) | |
| tree | fd675df6bf3f3fb46522e9fc121d50cc9ba2ab46 /netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | |
| parent | ee45e9d0d23bcecbc08f44b838999201cebce2ad (diff) | |
PR1145: IcedTea-Web can cause ClassCircularityError
It is possible for the ClassLoader to encounter a ClassCircularityError.
This can happen when the ClassLoader detects that checking if a class
'A' has been loaded triggers another check of whether 'A' has been
loaded before the first check has completed. This can happen easily when
trying to load Policy or Permission classes, which lie in our code path
that checks whether a class has been loaded.
One possible fix is to ensure these classes are not in the path of code
that gets executed when we are trying to check for a class. This can be
done by removing the call to getAccessControlContextForClassLoading. The
javadocs for ClassLoader.findLoadedClass do not mention any
permissions required to call the method nor do they mention that the
method can throw a SecurityException. The native code that implements
findLoadedClass does not have any security checks either. The
doProvileged block is probably not needed here and removing it breaks
the circularity.
Diffstat (limited to 'netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java')
| -rw-r--r-- | netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 14 |
1 files changed, 1 insertions, 13 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java index 7e28e02..523d9bd 100644 --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java @@ -1494,17 +1494,7 @@ public class JNLPClassLoader extends URLClassLoader { Class result = null; if (loaders[i] == this) { - final String fName = name; - try { - result = AccessController.doPrivileged( - new PrivilegedExceptionAction<Class<?>>() { - public Class<?> run() { - return JNLPClassLoader.super.findLoadedClass(fName); - } - }, getAccessControlContextForClassLoading()); - } catch (PrivilegedActionException pae) { - result = null; - } + result = JNLPClassLoader.super.findLoadedClass(name); } else { result = loaders[i].findLoadedClassAll(name); } @@ -2154,8 +2144,6 @@ public class JNLPClassLoader extends URLClassLoader { return context; // If context already has all permissions, don't bother } catch (AccessControlException ace) { // continue below - } catch (ClassCircularityError cce) { - // continue below } // Since this is for class-loading, technically any class from one jar |