Mercurial > hg > release > icedtea6-1.5
view patches/security/icedtea-6801497.patch @ 1560:3b93da7c778a icedtea6-1.5.1
2009-08-07 Lillian Angel <langel@redhat.com>
* NEWS: Updated.
* Makefile.am: Added new security patches.
* plugin/icedtea/netscape/javascript/JSObject.java: Security patch
applied to disallow the ability to run unsigned code as
signed under some cases.
* plugin/icedtea/sun/applet/PluginAppletSecurityContext.java:
* Likewise.
* rt/net/sourceforge/jnlp/SecurityDesc.java: Likewise.
* rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: Likewise.
* plugin/icedtea/netscape/javascript/JSObjectCreatePermission.java:
* Likewise.
* rt/netscape/javascript/JSObjectCreatePermission.java: Likewise.
* patches/security/icedtea-6588003.patch,
patches/security/icedtea-6656586.patch,
patches/security/icedtea-6656610.patch,
patches/security/icedtea-6656625.patch,
patches/security/icedtea-6657133.patch,
patches/security/icedtea-6657619.patch,
patches/security/icedtea-6657625.patch,
patches/security/icedtea-6657695.patch,
patches/security/icedtea-6660049.patch,
patches/security/icedtea-6660539.patch,
patches/security/icedtea-6736293.patch,
patches/security/icedtea-6738524.patch,
patches/security/icedtea-6777448.patch,
patches/security/icedtea-6777487.patch,
patches/security/icedtea-6801071.patch,
patches/security/icedtea-6801497.patch,
patches/security/icedtea-6813167.patch,
patches/security/icedtea-6823373.patch,
patches/security/icedtea-6824440.patch,
patches/security/icedtea-6830335.patch,
patches/security/icedtea-6845701.patch: New security patches.
| author | langel |
|---|---|
| date | Fri, 07 Aug 2009 10:05:32 -0400 |
| parents | |
| children |
line wrap: on
line source
--- old/src/share/classes/java/net/Socket.java Thu Apr 30 16:27:37 2009 +++ openjdk/jdk/src/share/classes/java/net/Socket.java Thu Apr 30 16:27:37 2009 @@ -114,9 +114,14 @@ * @since 1.5 */ public Socket(Proxy proxy) { - if (proxy != null && proxy.type() == Proxy.Type.SOCKS) { + // Create a copy of Proxy as a security measure + if (proxy == null) { + throw new IllegalArgumentException("Invalid Proxy"); + } + Proxy p = proxy == Proxy.NO_PROXY ? Proxy.NO_PROXY : new Proxy(proxy.type(), proxy.address()); + if (p.type() == Proxy.Type.SOCKS) { SecurityManager security = System.getSecurityManager(); - InetSocketAddress epoint = (InetSocketAddress) proxy.address(); + InetSocketAddress epoint = (InetSocketAddress) p.address(); if (security != null) { if (epoint.isUnresolved()) epoint = new InetSocketAddress(epoint.getHostName(), epoint.getPort()); @@ -127,10 +132,10 @@ security.checkConnect(epoint.getAddress().getHostAddress(), epoint.getPort()); } - impl = new SocksSocketImpl(proxy); + impl = new SocksSocketImpl(p); impl.setSocket(this); } else { - if (proxy == Proxy.NO_PROXY) { + if (p == Proxy.NO_PROXY) { if (factory == null) { impl = new PlainSocketImpl(); impl.setSocket(this); --- old/src/share/classes/java/net/URL.java Thu Apr 30 16:27:37 2009 +++ openjdk/jdk/src/share/classes/java/net/URL.java Thu Apr 30 16:27:37 2009 @@ -998,9 +998,11 @@ throw new IllegalArgumentException("proxy can not be null"); } + // Create a copy of Proxy as a security measure + Proxy p = proxy == Proxy.NO_PROXY ? Proxy.NO_PROXY : new Proxy(proxy.type(), proxy.address()); SecurityManager sm = System.getSecurityManager(); - if (proxy.type() != Proxy.Type.DIRECT && sm != null) { - InetSocketAddress epoint = (InetSocketAddress) proxy.address(); + if (p.type() != Proxy.Type.DIRECT && sm != null) { + InetSocketAddress epoint = (InetSocketAddress) p.address(); if (epoint.isUnresolved()) sm.checkConnect(epoint.getHostName(), epoint.getPort()); else @@ -1007,7 +1009,7 @@ sm.checkConnect(epoint.getAddress().getHostAddress(), epoint.getPort()); } - return handler.openConnection(this, proxy); + return handler.openConnection(this, p); } /**