db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r504430 - /db/derby/code/trunk/java/tools/org/apache/derby/tools/JDBCDisplayUtil.java
Date Wed, 07 Feb 2007 04:15:59 GMT
Author: djd
Date: Tue Feb  6 20:15:59 2007
New Revision: 504430

URL: http://svn.apache.org/viewvc?view=rev&rev=504430
Log:
Fix security bug in JDBCDisplayUtil where system properties were accessed through
Boolean.getBoolean() without being wrapped in a privileged block.

Modified:
    db/derby/code/trunk/java/tools/org/apache/derby/tools/JDBCDisplayUtil.java

Modified: db/derby/code/trunk/java/tools/org/apache/derby/tools/JDBCDisplayUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/tools/org/apache/derby/tools/JDBCDisplayUtil.java?view=diff&rev=504430&r1=504429&r2=504430
==============================================================================
--- db/derby/code/trunk/java/tools/org/apache/derby/tools/JDBCDisplayUtil.java (original)
+++ db/derby/code/trunk/java/tools/org/apache/derby/tools/JDBCDisplayUtil.java Tue Feb  6
20:15:59 2007
@@ -27,6 +27,7 @@
 import java.io.FileNotFoundException;
 import java.io.IOException;
 
+import java.security.AccessController;
 import java.sql.Connection;
 import java.sql.SQLException;
 import java.sql.SQLWarning;
@@ -97,7 +98,7 @@
 	static public void ShowSQLException(PrintWriter out, SQLException e) {
 		String errorCode;
 
-		if (Boolean.getBoolean("ij.showErrorCode")) {
+		if (getSystemBoolean("ij.showErrorCode")) {
 			errorCode = LocalizedResource.getMessage("UT_Error0", LocalizedResource.getNumber(e.getErrorCode()));
 		}
 		else {
@@ -703,7 +704,7 @@
 		@param e the exception to display
 	 */
 	static public void doTrace(PrintWriter out, Exception e) {
-		if (Boolean.getBoolean("ij.exceptionTrace")) {
+		if (getSystemBoolean("ij.exceptionTrace")) {
 			e.printStackTrace(out);
 		    out.flush();
 		}
@@ -744,7 +745,7 @@
 	static public void ShowSQLException(PrintStream out, SQLException e) {
 		String errorCode;
 
-		if (Boolean.getBoolean("ij.showErrorCode")) {
+		if (getSystemBoolean("ij.showErrorCode")) {
 			errorCode = " (errorCode = " + e.getErrorCode() + ")";
 		}
 		else {
@@ -1180,7 +1181,7 @@
 	} // DisplayRow
 
 	static public void doTrace(PrintStream out, Exception e) {
-		if (Boolean.getBoolean("ij.exceptionTrace")) {
+		if (getSystemBoolean("ij.exceptionTrace")) {
 			e.printStackTrace(out);
 		    out.flush();
 		}
@@ -1204,6 +1205,24 @@
 	}
 	
 	// ==========================
+    
+    /**
+     * Get an ij boolean system property.
+     *
+     * @param name name of the property
+     */
+    private static boolean getSystemBoolean(final String name) {
+
+        return ((Boolean) AccessController
+                .doPrivileged(new java.security.PrivilegedAction() {
+
+                    public Object run() {
+                        return Boolean.valueOf(Boolean.getBoolean(name));
+
+                    }
+
+                })).booleanValue();
+    }
 }
 
 



Mime
View raw message