Return copies of the URL array rather than the original. This facilitated CVE-2010...

author markt <markt@13f79535-47bb-0310-9956-ffa450edef68>

Wed, 21 Jul 2010 16:09:41 +0000 (16:09 +0000)

committer markt <markt@13f79535-47bb-0310-9956-ffa450edef68>

Wed, 21 Jul 2010 16:09:41 +0000 (16:09 +0000)
author markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Wed, 21 Jul 2010 16:09:41 +0000 (16:09 +0000)
committer markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Wed, 21 Jul 2010 16:09:41 +0000 (16:09 +0000)
diff --git a/java/org/apache/catalina/loader/WebappClassLoader.java b/java/org/apache/catalina/loader/WebappClassLoader.java

index 85ccaab..8090e90 100644 (file)
--- a/java/org/apache/catalina/loader/WebappClassLoader.java
+++ b/java/org/apache/catalina/loader/WebappClassLoader.java
@@ -1709,7 +1709,7 @@ public class WebappClassLoader
      public URL[] getURLs() {
  
          if (repositoryURLs != null) {
-            return repositoryURLs;
+            return repositoryURLs.clone();
          }
  
          URL[] external = super.getURLs();
@@ -1749,7 +1749,7 @@ public class WebappClassLoader
              repositoryURLs = new URL[0];
          }
  
-        return repositoryURLs;
+        return repositoryURLs.clone();
  
      }
author	markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
	Wed, 21 Jul 2010 16:09:41 +0000 (16:09 +0000)
committer	markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
	Wed, 21 Jul 2010 16:09:41 +0000 (16:09 +0000)