packages/hsqldb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
hsqldb/CVE-2022-41853.patch
starlet-dx a1e65a8368 Fix CVE-2022-41853
2023-12-07 14:08:42 +08:00

62 lines
2.3 KiB
Diff
Raw Permalink Blame History

From: Markus Koschany <apo@debian.org>
Date: Wed, 7 Dec 2022 13:00:46 +0100
Subject: CVE-2022-41853
Bug-Debian: https://bugs.debian.org/1023573
Origin: https://sourceforge.net/p/hsqldb/svn/6614/
---
src/org/hsqldb/persist/HsqlDatabaseProperties.java | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/src/org/hsqldb/persist/HsqlDatabaseProperties.java b/src/org/hsqldb/persist/HsqlDatabaseProperties.java
index bc03e82..bee0ea6 100644
--- a/src/org/hsqldb/persist/HsqlDatabaseProperties.java
+++ b/src/org/hsqldb/persist/HsqlDatabaseProperties.java
@@ -51,28 +51,28 @@ import org.hsqldb.lib.StringUtil;
*/
public class HsqlDatabaseProperties extends HsqlProperties {
- private static final String hsqldb_method_class_names =
+ public static final String hsqldb_method_class_names =
"hsqldb.method_class_names";
public static final String textdb_allow_full_path =
"textdb.allow_full_path";
- private static HashSet accessibleJavaMethodNames;
+ public static String methodClassNames;
+ private static final HashSet accessibleJavaMethodNames = new HashSet();
private static boolean allowFullPath;
static {
try {
- String prop = System.getProperty(hsqldb_method_class_names);
+ methodClassNames = System.getProperty(hsqldb_method_class_names);
- if (prop != null) {
- accessibleJavaMethodNames = new HashSet();
+ if (methodClassNames != null) {
- String[] names = StringUtil.split(prop, ";");
+ String[] names = StringUtil.split(methodClassNames, ";");
for (int i = 0; i < names.length; i++) {
accessibleJavaMethodNames.add(names[i]);
}
}
- prop = System.getProperty(textdb_allow_full_path);
+ String prop = System.getProperty(textdb_allow_full_path);
if (prop != null) {
if (Boolean.valueOf(prop)) {
@@ -97,10 +97,6 @@ public class HsqlDatabaseProperties extends HsqlProperties {
*/
public static boolean supportsJavaMethod(String name) {
- if (accessibleJavaMethodNames == null) {
- return true;
- }
-
if (name.startsWith("java.lang.Math.")) {
return true;
}
Reference in New Issue View Git Blame Copy Permalink