From ab6aca7146d2f436672f7766fc3d50a228aad5f5 Mon Sep 17 00:00:00 2001 From: Omair Majid Date: Fri, 5 Oct 2012 23:02:53 -0400 Subject: PR1145: IcedTea-Web can cause ClassCircularityError It is possible for the ClassLoader to encounter a ClassCircularityError. This can happen when the ClassLoader detects that checking if a class 'A' has been loaded triggers another check of whether 'A' has been loaded before the first check has completed. This can happen easily when trying to load Policy or Permission classes, which lie in our code path that checks whether a class has been loaded. One possible fix is to ensure these classes are not in the path of code that gets executed when we are trying to check for a class. This can be done by removing the call to getAccessControlContextForClassLoading. The javadocs for ClassLoader.findLoadedClass do not mention any permissions required to call the method nor do they mention that the method can throw a SecurityException. The native code that implements findLoadedClass does not have any security checks either. The doProvileged block is probably not needed here and removing it breaks the circularity. --- netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) (limited to 'netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java') diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java index 7e28e02..523d9bd 100644 --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java @@ -1494,17 +1494,7 @@ public class JNLPClassLoader extends URLClassLoader { Class result = null; if (loaders[i] == this) { - final String fName = name; - try { - result = AccessController.doPrivileged( - new PrivilegedExceptionAction>() { - public Class run() { - return JNLPClassLoader.super.findLoadedClass(fName); - } - }, getAccessControlContextForClassLoading()); - } catch (PrivilegedActionException pae) { - result = null; - } + result = JNLPClassLoader.super.findLoadedClass(name); } else { result = loaders[i].findLoadedClassAll(name); } @@ -2154,8 +2144,6 @@ public class JNLPClassLoader extends URLClassLoader { return context; // If context already has all permissions, don't bother } catch (AccessControlException ace) { // continue below - } catch (ClassCircularityError cce) { - // continue below } // Since this is for class-loading, technically any class from one jar -- cgit v1.2.3