Mercurial > hg > release > icedtea-web-1.2

changeset 266:7dd63058c234

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation
author Deepak Bhole <dbhole@redhat.com>
date Fri, 15 Jul 2011 16:02:00 -0400
parents a9061a71cfc7
children 6bfd819570c1
files ChangeLog NEWS netx/net/sourceforge/jnlp/services/XExtendedService.java netx/net/sourceforge/jnlp/services/XFileContents.java
diffstat 4 files changed, 16 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Fri Jul 15 15:44:56 2011 -0400
+++ b/ChangeLog	Fri Jul 15 16:02:00 2011 -0400
@@ -130,6 +130,15 @@
 
 2011-07-14  Omair Majid  <omajid@redhat.com>
 
+	RH718170, CVE-2011-2514: Java Web Start security warning dialog
+	manipulation
+	* netx/net/sourceforge/jnlp/services/XExtendedService.java
+	(openFile): Create XContents based on a copy of the File object to prevent
+	overloaded File classes from mangling the name.
+	(XFileContents): Create a separate copy of File object for local use.
+
+2011-07-14  Omair Majid  <omajid@redhat.com>
+
 	RH718164, CVE-2011-2513: Home directory path disclosure to untrusted
 	applications
 	* netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java: New file.
--- a/NEWS	Fri Jul 15 15:44:56 2011 -0400
+++ b/NEWS	Fri Jul 15 16:02:00 2011 -0400
@@ -11,6 +11,7 @@
 New in release 1.2 (2011-XX-XX):
 * Security updates:
 	- RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications
+	- RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation
 
 New in release 1.1 (2011-XX-XX):
 * Security updates
--- a/netx/net/sourceforge/jnlp/services/XExtendedService.java	Fri Jul 15 15:44:56 2011 -0400
+++ b/netx/net/sourceforge/jnlp/services/XExtendedService.java	Fri Jul 15 16:02:00 2011 -0400
@@ -34,10 +34,12 @@
 
     public FileContents openFile(File file) throws IOException {
 
+        File secureFile = new File(file.getPath());
+
         /* FIXME: this opens a file with read/write mode, not just read or write */
-        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) {
+        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) {
             return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class,
-                    new XFileContents(file));
+                    new XFileContents(secureFile));
         } else {
             return null;
         }
--- a/netx/net/sourceforge/jnlp/services/XFileContents.java	Fri Jul 15 15:44:56 2011 -0400
+++ b/netx/net/sourceforge/jnlp/services/XFileContents.java	Fri Jul 15 16:02:00 2011 -0400
@@ -34,7 +34,8 @@
      * Create a file contents implementation for the file.
      */
     protected XFileContents(File file) {
-        this.file = file;
+        // create a safe copy
+        this.file = new File(file.getPath());
     }
 
     /**