From 19a251d0ec8ffb326a8c46a7c66821834dbba8d3 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Sun, 26 Aug 2001 01:06:20 +0000
Subject: [PATCH] >>>>The JDBC driver requires >>>> >>>> permission
 java.net.SocketPermission "host:port", "connect"; >>>> >>>>in the policy file
 of the application using the JDBC driver >>>>in the postgresql.jar file. 
 Since the Socket() call in the >>>>driver is not protected by
 AccessController.doPrivileged() this >>>>permission must also be granted to
 the entire application. >>>> >>>>The attached diff fixes it so that the
 connect permission can be >>>>restricted just the the postgresql.jar codeBase
 if desired.

David Daney
---
 .../jdbc/org/postgresql/PG_Stream.java        | 30 +++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/src/interfaces/jdbc/org/postgresql/PG_Stream.java b/src/interfaces/jdbc/org/postgresql/PG_Stream.java
index 3a6eaebc017..ebee9e95fd9 100644
--- a/src/interfaces/jdbc/org/postgresql/PG_Stream.java
+++ b/src/interfaces/jdbc/org/postgresql/PG_Stream.java
@@ -5,12 +5,13 @@ import java.lang.*;
 import java.net.*;
 import java.util.*;
 import java.sql.*;
+import java.security.*;
 import org.postgresql.*;
 import org.postgresql.core.*;
 import org.postgresql.util.*;
 
 /**
- * $Id: PG_Stream.java,v 1.11 2001/07/30 14:51:19 momjian Exp $
+ * $Id: PG_Stream.java,v 1.12 2001/08/26 01:06:20 momjian Exp $
  *
  * This class is used by Connection & PGlobj for communicating with the
  * backend.
@@ -28,6 +29,25 @@ public class PG_Stream
     BytePoolDim1 bytePoolDim1 = new BytePoolDim1();
     BytePoolDim2 bytePoolDim2 = new BytePoolDim2();
 
+   private static class PrivilegedSocket
+      implements PrivilegedExceptionAction
+   {
+      private String host;
+      private int port;
+
+      PrivilegedSocket(String host, int port)
+      {
+         this.host = host;
+         this.port = port;
+      }
+
+      public Object run() throws Exception
+      {
+         return new Socket(host, port);
+      }
+   }
+
+
   /**
    * Constructor:  Connect to the PostgreSQL back end and return
    * a stream connection.
@@ -38,7 +58,13 @@ public class PG_Stream
    */
   public PG_Stream(String host, int port) throws IOException
   {
-    connection = new Socket(host, port);
+     PrivilegedSocket ps = new PrivilegedSocket(host, port);
+     try {
+        connection = (Socket)AccessController.doPrivileged(ps);
+     }
+     catch(PrivilegedActionException pae){
+        throw (IOException)pae.getException();
+     }
 
     // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed
     // improvement on FreeBSD machines (caused by a bug in their TCP Stack)
-- 
GitLab