Mercurial > hg > release > icedtea-web-1.0
changeset 126:b99f9a9769e0
RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Fri, 15 Jul 2011 15:43:34 -0400 |
parents | b29fdd0f4d04 |
children | 99a3760950c6 |
files | ChangeLog NEWS netx/net/sourceforge/jnlp/services/XExtendedService.java netx/net/sourceforge/jnlp/services/XFileContents.java |
diffstat | 4 files changed, 16 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Jul 15 15:42:38 2011 -0400 +++ b/ChangeLog Fri Jul 15 15:43:34 2011 -0400 @@ -1,3 +1,12 @@ +2011-07-14 Omair Majid <omajid@redhat.com> + + RH718170, CVE-2011-2514: Java Web Start security warning dialog + manipulation + * netx/net/sourceforge/jnlp/services/XExtendedService.java + (openFile): Create XContents based on a copy of the File object to prevent + overloaded File classes from mangling the name. + (XFileContents): Create a separate copy of File object for local use. + 2011-07-14 Omair Majid <omajid@redhat.com> RH718164, CVE-2011-2513: Home directory path disclosure to untrusted
--- a/NEWS Fri Jul 15 15:42:38 2011 -0400 +++ b/NEWS Fri Jul 15 15:43:34 2011 -0400 @@ -11,6 +11,7 @@ New in release 1.0.4 (2011-XX-XX): * Security updates: - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications + - RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation New in release 1.0.3 (2011-06-13): * Plugin
--- a/netx/net/sourceforge/jnlp/services/XExtendedService.java Fri Jul 15 15:42:38 2011 -0400 +++ b/netx/net/sourceforge/jnlp/services/XExtendedService.java Fri Jul 15 15:43:34 2011 -0400 @@ -34,10 +34,12 @@ public FileContents openFile(File file) throws IOException { + File secureFile = new File(file.getPath()); + /* FIXME: this opens a file with read/write mode, not just read or write */ - if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) { + if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) { return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class, - new XFileContents(file)); + new XFileContents(secureFile)); } else { return null; }
--- a/netx/net/sourceforge/jnlp/services/XFileContents.java Fri Jul 15 15:42:38 2011 -0400 +++ b/netx/net/sourceforge/jnlp/services/XFileContents.java Fri Jul 15 15:43:34 2011 -0400 @@ -40,7 +40,8 @@ * Create a file contents implementation for the file. */ protected XFileContents(File file) { - this.file = file; + // create a safe copy + this.file = new File(file.getPath()); } /**