From: Markus Koschany <apo@debian.org>
Date: Wed, 7 Dec 2022 13:00:46 +0100
Subject: CVE-2022-41853

Bug-Debian: https://bugs.debian.org/1023573
Origin: https://sourceforge.net/p/hsqldb/svn/6614/
---
 src/org/hsqldb/persist/HsqlDatabaseProperties.java | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/src/org/hsqldb/persist/HsqlDatabaseProperties.java b/src/org/hsqldb/persist/HsqlDatabaseProperties.java
index bc03e82..bee0ea6 100644
--- a/src/org/hsqldb/persist/HsqlDatabaseProperties.java
+++ b/src/org/hsqldb/persist/HsqlDatabaseProperties.java
@@ -51,28 +51,28 @@ import org.hsqldb.lib.StringUtil;
  */
 public class HsqlDatabaseProperties extends HsqlProperties {
 
-    private static final String hsqldb_method_class_names =
+    public static final String hsqldb_method_class_names =
         "hsqldb.method_class_names";
     public static final String textdb_allow_full_path =
         "textdb.allow_full_path";
-    private static HashSet accessibleJavaMethodNames;
+    public static String methodClassNames;
+    private static final HashSet accessibleJavaMethodNames = new HashSet();
     private static boolean allowFullPath;
 
     static {
         try {
-            String prop = System.getProperty(hsqldb_method_class_names);
+            methodClassNames = System.getProperty(hsqldb_method_class_names);
 
-            if (prop != null) {
-                accessibleJavaMethodNames = new HashSet();
+            if (methodClassNames != null) {
 
-                String[] names = StringUtil.split(prop, ";");
+                String[] names = StringUtil.split(methodClassNames, ";");
 
                 for (int i = 0; i < names.length; i++) {
                     accessibleJavaMethodNames.add(names[i]);
                 }
             }
 
-            prop = System.getProperty(textdb_allow_full_path);
+            String prop = System.getProperty(textdb_allow_full_path);
 
             if (prop != null) {
                 if (Boolean.valueOf(prop)) {
@@ -97,10 +97,6 @@ public class HsqlDatabaseProperties extends HsqlProperties {
      */
     public static boolean supportsJavaMethod(String name) {
 
-        if (accessibleJavaMethodNames == null) {
-            return true;
-        }
-
         if (name.startsWith("java.lang.Math.")) {
             return true;
         }