Mercurial > hg > release > icedtea-web-1.0
changeset 99:af8d359d6daa
Fixed S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Mon, 14 Feb 2011 13:59:55 -0500 |
parents | cc8c67ed615e |
children | 9199a6ec1f0c |
files | ChangeLog NEWS launcher/java_md.c |
diffstat | 3 files changed, 11 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Feb 10 11:19:53 2011 -0500 +++ b/ChangeLog Mon Feb 14 13:59:55 2011 -0500 @@ -1,3 +1,10 @@ +2011-02-11 Deepak Bhole <dbhole@redhat.com> + + Fix S6983554, CVE-2010-4450: Launcher incorrect processing of empty + library path entries + * NEWS: Updated. + * launcher/java_md.c: Ignore empty LD_LIBRARY_PATH. + 2011-02-10 Deepak Bhole <dbhole@redhat.com> * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
--- a/NEWS Thu Feb 10 11:19:53 2011 -0500 +++ b/NEWS Mon Feb 14 13:59:55 2011 -0500 @@ -10,6 +10,9 @@ New in release 1.0.1 (2011-XX-XX): +* Security updates + - S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries + New in release 1.0 (2011-02-02): * Initial release of IcedTea-Web
--- a/launcher/java_md.c Thu Feb 10 11:19:53 2011 -0500 +++ b/launcher/java_md.c Mon Feb 14 13:59:55 2011 -0500 @@ -484,7 +484,7 @@ * LD_LIBRARY_PATH. Note that this prevents any possible infinite * loop of execv() because we test for the prefix, above. */ - if (runpath != 0) { + if (runpath != 0 && (runpath[0] != '\0')) { strcat(new_runpath, ":"); strcat(new_runpath, runpath); }