Mercurial > hg > release > icedtea-web-1.0

changeset 126:b99f9a9769e0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation
author Deepak Bhole <dbhole@redhat.com>
date Fri, 15 Jul 2011 15:43:34 -0400
parents b29fdd0f4d04
children 99a3760950c6
files ChangeLog NEWS netx/net/sourceforge/jnlp/services/XExtendedService.java netx/net/sourceforge/jnlp/services/XFileContents.java
diffstat 4 files changed, 16 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Fri Jul 15 15:42:38 2011 -0400
+++ b/ChangeLog	Fri Jul 15 15:43:34 2011 -0400
@@ -1,3 +1,12 @@
+2011-07-14  Omair Majid  <omajid@redhat.com>
+
+	RH718170, CVE-2011-2514: Java Web Start security warning dialog
+	manipulation
+	* netx/net/sourceforge/jnlp/services/XExtendedService.java
+	(openFile): Create XContents based on a copy of the File object to prevent
+	overloaded File classes from mangling the name.
+	(XFileContents): Create a separate copy of File object for local use.
+
 2011-07-14  Omair Majid  <omajid@redhat.com>
 
 	RH718164, CVE-2011-2513: Home directory path disclosure to untrusted
--- a/NEWS	Fri Jul 15 15:42:38 2011 -0400
+++ b/NEWS	Fri Jul 15 15:43:34 2011 -0400
@@ -11,6 +11,7 @@
 New in release 1.0.4 (2011-XX-XX):
 * Security updates:
 	- RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications
+	- RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation
 
 New in release 1.0.3 (2011-06-13):
 * Plugin
--- a/netx/net/sourceforge/jnlp/services/XExtendedService.java	Fri Jul 15 15:42:38 2011 -0400
+++ b/netx/net/sourceforge/jnlp/services/XExtendedService.java	Fri Jul 15 15:43:34 2011 -0400
@@ -34,10 +34,12 @@
 
     public FileContents openFile(File file) throws IOException {
 
+        File secureFile = new File(file.getPath());
+
         /* FIXME: this opens a file with read/write mode, not just read or write */
-        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) {
+        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) {
             return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class,
-                    new XFileContents(file));
+                    new XFileContents(secureFile));
         } else {
             return null;
         }
--- a/netx/net/sourceforge/jnlp/services/XFileContents.java	Fri Jul 15 15:42:38 2011 -0400
+++ b/netx/net/sourceforge/jnlp/services/XFileContents.java	Fri Jul 15 15:43:34 2011 -0400
@@ -40,7 +40,8 @@
      * Create a file contents implementation for the file.
      */
     protected XFileContents(File file) {
-        this.file = file;
+        // create a safe copy
+        this.file = new File(file.getPath());
     }
 
     /**