Mercurial > hg > release > icedtea-web-1.2
changeset 266:7dd63058c234
RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Fri, 15 Jul 2011 16:02:00 -0400 |
parents | a9061a71cfc7 |
children | 6bfd819570c1 |
files | ChangeLog NEWS netx/net/sourceforge/jnlp/services/XExtendedService.java netx/net/sourceforge/jnlp/services/XFileContents.java |
diffstat | 4 files changed, 16 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Jul 15 15:44:56 2011 -0400 +++ b/ChangeLog Fri Jul 15 16:02:00 2011 -0400 @@ -130,6 +130,15 @@ 2011-07-14 Omair Majid <omajid@redhat.com> + RH718170, CVE-2011-2514: Java Web Start security warning dialog + manipulation + * netx/net/sourceforge/jnlp/services/XExtendedService.java + (openFile): Create XContents based on a copy of the File object to prevent + overloaded File classes from mangling the name. + (XFileContents): Create a separate copy of File object for local use. + +2011-07-14 Omair Majid <omajid@redhat.com> + RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications * netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java: New file.
--- a/NEWS Fri Jul 15 15:44:56 2011 -0400 +++ b/NEWS Fri Jul 15 16:02:00 2011 -0400 @@ -11,6 +11,7 @@ New in release 1.2 (2011-XX-XX): * Security updates: - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications + - RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation New in release 1.1 (2011-XX-XX): * Security updates
--- a/netx/net/sourceforge/jnlp/services/XExtendedService.java Fri Jul 15 15:44:56 2011 -0400 +++ b/netx/net/sourceforge/jnlp/services/XExtendedService.java Fri Jul 15 16:02:00 2011 -0400 @@ -34,10 +34,12 @@ public FileContents openFile(File file) throws IOException { + File secureFile = new File(file.getPath()); + /* FIXME: this opens a file with read/write mode, not just read or write */ - if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) { + if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) { return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class, - new XFileContents(file)); + new XFileContents(secureFile)); } else { return null; }
--- a/netx/net/sourceforge/jnlp/services/XFileContents.java Fri Jul 15 15:44:56 2011 -0400 +++ b/netx/net/sourceforge/jnlp/services/XFileContents.java Fri Jul 15 16:02:00 2011 -0400 @@ -34,7 +34,8 @@ * Create a file contents implementation for the file. */ protected XFileContents(File file) { - this.file = file; + // create a safe copy + this.file = new File(file.getPath()); } /**