|
Marking this issue as "blocking"
Finally got around to looking at the patch. It's generally correct, but you probably want to catch the PrivilegedExceptionAction and unwrap it. Then if there's an i/o error accessing the DTD it won't appear as a possible security exception to the user.
The other general rule with privileged blocks is to put as little code as possible into the priv block, I'm not sure what code requires the privilege block, but here's an example re-write. final InputSource is = new InputSource(new StringReader(xmlAsText)); aList.add( java.security.AccessController.doPrivileged( new java.security.PrivilegedExceptionAction() { public Object run() throws Exception { return dBuilder.parse(is); } })); Attaching a second patch, d2131_rewrite_v1.patch, that rewrites the privileged block (which has already been committed) to account for Dan's suggestions.
Regarding "you probably want to catch the PrivilegedExceptionAction and unwrap it. ". I did some quick looking at other places in the Derby code where PrivilegedExceptions are caught and it seems like unwrapping the exception is simply a matter of using the result of "PrivilegedException.getException()"--so in this case, we throw the result of "getException()" instead of throwing the PrivilegedException itself. If this was too simple of an interpretation (ex. if the unwrapping needs to be more extensive or should be selective to i/o errors), please let me know and I can try again... DocumentBuilder.parse() is documented to throw these exceptions: SAXException, IOException but the run() method declares itself as throwing Exception. WOuld it not be better to have the specific errors?
Attaching a patch to port this fix back to 10.2. I ran the old "xmlSuite" on 10.2 jars with this patch applied and they ran without problem. I'm running derbyall now just to be safe and will commit the patch to 10.2 if all goes well.
d2131_10_2.patch was created as follows: svn merge -r 481116:481117 https://svn.apache.org/repos/asf/db/derby/code/trunk svn merge -r 482302:482303 https://svn.apache.org/repos/asf/db/derby/code/truk svn diff > d2131_10_2.patch |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Bug
Closed
Major
External DTD files are accessed without a privileged block when Derby parses XML values that reference such DTDs.
DERBY-1758to confirm that the patch solves the reported problem (i.e. that assignment of "read" permission to the JAXP parser allows successful execution of XMLPARSE). I also ran derbyall on Red Hat Linux using ibm142 with no failures. The "XMLSuite" JUnit suite also ran without error.The patch doesn't include any tests; however, relevant test cases will be enabled as part of
DERBY-1758to verify the behavior.I am very new to the notion of security managers and privileged blocks, so while this is a small patch, I would appreciate it if someone could review it to make sure that the changes make sense...