From: Uwe Schindler <uschindler@apache.org>
Date: Wed, 11 Nov 2015 11:36:44 +0000 (+0000)
Subject: #58597: Add more AccessController.doPrivileged. We should fix them later!
X-Git-Tag: REL_3_14_BETA1~128
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=d929ea3aae4625117a3fef913184e9dd8c1f4d34;p=poi.git

#58597: Add more AccessController.doPrivileged. We should fix them later!


git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1713813 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/ooxml/java/org/apache/poi/openxml4j/util/ZipSecureFile.java b/src/ooxml/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
index 375982b876..5a841ddfc3 100644
--- a/src/ooxml/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
+++ b/src/ooxml/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
@@ -23,6 +23,8 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.PushbackInputStream;
 import java.lang.reflect.Field;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.zip.InflaterInputStream;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipException;
@@ -31,6 +33,7 @@ import java.util.zip.ZipInputStream;
 
 import org.apache.poi.util.POILogFactory;
 import org.apache.poi.util.POILogger;
+import org.apache.poi.util.SuppressForbidden;
 
 /**
  * This class wraps a {@link ZipFile} in order to check the
@@ -163,20 +166,27 @@ public class ZipSecureFile extends ZipFile {
         return addThreshold(zipIS);
     }
 
-    @SuppressWarnings("resource")
-    public static ThresholdInputStream addThreshold(InputStream zipIS) throws IOException {
+    public static ThresholdInputStream addThreshold(final InputStream zipIS) throws IOException {
         ThresholdInputStream newInner;
         if (zipIS instanceof InflaterInputStream) {
-            try {
-                Field f = FilterInputStream.class.getDeclaredField("in");
-                f.setAccessible(true);
-                InputStream oldInner = (InputStream)f.get(zipIS);
-                newInner = new ThresholdInputStream(oldInner, null);
-                f.set(zipIS, newInner);
-            } catch (Exception ex) {
-                logger.log(POILogger.WARN, "SecurityManager doesn't allow manipulation via reflection for zipbomb detection - continue with original input stream", ex);
-                newInner = null;
-            }
+            newInner = AccessController.doPrivileged(new PrivilegedAction<ThresholdInputStream>() {
+                @SuppressForbidden("TODO: Fix this to not use reflection (it will break in Java 9)! " +
+                        "Better would be to wrap *before* instead of tyring to insert wrapper afterwards.")
+                public ThresholdInputStream run() {
+                    ThresholdInputStream newInner = null;
+                    try {
+                        Field f = FilterInputStream.class.getDeclaredField("in");
+                        f.setAccessible(true);
+                        InputStream oldInner = (InputStream)f.get(zipIS);
+                        newInner = new ThresholdInputStream(oldInner, null);
+                        f.set(zipIS, newInner);
+                    } catch (Exception ex) {
+                        logger.log(POILogger.WARN, "SecurityManager doesn't allow manipulation via reflection for zipbomb detection - continue with original input stream", ex);
+                        newInner = null;
+                    }
+                    return newInner;
+                }
+            });
         } else {
             // the inner stream is a ZipFileInputStream, i.e. the data wasn't compressed
             newInner = null;
diff --git a/src/ooxml/java/org/apache/poi/util/OOXMLLite.java b/src/ooxml/java/org/apache/poi/util/OOXMLLite.java
index c8aa21c214..de19cb0ed9 100644
--- a/src/ooxml/java/org/apache/poi/util/OOXMLLite.java
+++ b/src/ooxml/java/org/apache/poi/util/OOXMLLite.java
@@ -25,7 +25,9 @@ import java.io.OutputStream;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.net.URL;
+import java.security.AccessController;
 import java.security.CodeSource;
+import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
 import java.util.ArrayList;
 import java.util.Enumeration;
@@ -49,7 +51,6 @@ import org.junit.runner.JUnitCore;import org.junit.runner.Result;
  * @author Yegor Kozlov
  */
 public final class OOXMLLite {
-    private static Field _classes;
 
     /**
      * Destination directory to copy filtered classes
@@ -214,12 +215,19 @@ public final class OOXMLLite {
         // make the field accessible, we defer this from static initialization to here to 
         // allow JDKs which do not have this field (e.g. IBM JDK) to at least load the class
         // without failing, see https://issues.apache.org/bugzilla/show_bug.cgi?id=56550
-        try {
-            _classes = ClassLoader.class.getDeclaredField("classes");
-            _classes.setAccessible(true);
-        } catch (Exception e) {
-            throw new RuntimeException(e);
-        }
+        final Field _classes = AccessController.doPrivileged(new PrivilegedAction<Field>() {
+            @SuppressForbidden("TODO: Reflection works until Java 8 on Oracle/Sun JDKs, but breaks afterwards (different classloader types, access checks)")
+            public Field run() {
+                try {
+                    Field fld = ClassLoader.class.getDeclaredField("classes");
+                    fld.setAccessible(true);
+                    return fld;
+                } catch (Exception e) {
+                    throw new RuntimeException(e);
+                }
+
+            }
+        });
 
         ClassLoader appLoader = ClassLoader.getSystemClassLoader();
         try {