You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openjpa.apache.org by il...@apache.org on 2016/10/12 06:35:00 UTC
svn commit: r1764389 -
/openjpa/branches/2.4.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java
Author: ilgrosso
Date: Wed Oct 12 06:35:00 2016
New Revision: 1764389
URL: http://svn.apache.org/viewvc?rev=1764389&view=rev
Log:
OPENJPA-2672: ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability
Modified:
openjpa/branches/2.4.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java
Modified: openjpa/branches/2.4.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java
URL: http://svn.apache.org/viewvc/openjpa/branches/2.4.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java?rev=1764389&r1=1764388&r2=1764389&view=diff
==============================================================================
--- openjpa/branches/2.4.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java (original)
+++ openjpa/branches/2.4.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java Wed Oct 12 06:35:00 2016
@@ -187,9 +187,14 @@ public class ConfigurationImpl
// let system properties override other globals
try {
- fromProperties(new HashMap(
- AccessController.doPrivileged(
- J2DoPrivHelper.getPropertiesAction())));
+ Properties systemProperties = AccessController.doPrivileged(
+ J2DoPrivHelper.getPropertiesAction());
+ HashMap sysPropHM = null;
+ synchronized(systemProperties) {
+ // Prevent concurrent modification of systemProperties until HashMap ctor is completed.
+ sysPropHM = new HashMap(systemProperties);
+ }
+ fromProperties(sysPropHM);
} catch (SecurityException se) {
// security manager might disallow
}