Mercurial > hg > release > icedtea6-1.6
view patches/security/icedtea-6824265.patch @ 1693:15ba41d0ff2e
Add remaining security patches.
2009-11-09 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am:
Add remaining security patches.
* NEWS: Updated with security patches.
* patches/security/icedtea-6631533.patch,
* patches/security/icedtea-6632445.patch,
* patches/security/icedtea-6636650.patch,
* patches/security/icedtea-6657026.patch,
* patches/security/icedtea-6657138.patch,
* patches/security/icedtea-6664512.patch,
* patches/security/icedtea-6822057.patch,
* patches/security/icedtea-6824265.patch,
* patches/security/icedtea-6861062.patch,
* patches/security/icedtea-6872358.patch:
New security patches.
| author | Andrew John Hughes <ahughes@redhat.com> |
|---|---|
| date | Mon, 09 Nov 2009 17:42:27 +0000 |
| parents | |
| children | c3605faebe92 |
line wrap: on
line source
diff -Nru openjdk.orig/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java openjdk/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java --- openjdk.orig/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java 2009-11-08 23:11:42.000000000 +0000 +++ openjdk/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java 2009-11-08 23:25:32.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -465,10 +465,7 @@ */ public static final byte TAG_TZDataVersion = 68; - // Cached location of the TZDATA files - private static final String JAVAZI_DIR = setup_JAVAZI_DIR(); - - private static String setup_JAVAZI_DIR() { + private static String setupJavaZIDir() { try { final String dir = AccessController.doPrivileged (new sun.security.action.GetPropertyAction("user.zoneinfo.dir")); @@ -493,6 +490,21 @@ private static Map<String, ZoneInfo> zoneInfoObjects = null; + private static final String ziDir; + static { + String zi = setupJavaZIDir(); + if (zi == null) { + zi = AccessController.doPrivileged( + new sun.security.action.GetPropertyAction("java.home")) + + File.separator + "lib" + File.separator + "zi"; + } + try { + zi = new File(zi).getCanonicalPath(); + } catch (Exception e) { + } + ziDir = zi; + } + /** * Converts the given time zone ID to a platform dependent path * name. For example, "America/Los_Angeles" is converted to @@ -597,20 +609,7 @@ return null; } - int index; - for (index = 0; index < JAVAZI_LABEL.length; index++) { - if (buf[index] != JAVAZI_LABEL[index]) { - System.err.println("ZoneInfo: wrong magic number: " + id); - return null; - } - } - - if (buf[index++] > JAVAZI_VERSION) { - System.err.println("ZoneInfo: incompatible version (" - + buf[index - 1] + "): " + id); - return null; - } - + int index = 0; int filesize = buf.length; int rawOffset = 0; int dstSavings = 0; @@ -621,6 +620,18 @@ int[] simpleTimeZoneParams = null; try { + for (index = 0; index < JAVAZI_LABEL.length; index++) { + if (buf[index] != JAVAZI_LABEL[index]) { + System.err.println("ZoneInfo: wrong magic number: " + id); + return null; + } + } + if (buf[index++] > JAVAZI_VERSION) { + System.err.println("ZoneInfo: incompatible version (" + + buf[index - 1] + "): " + id); + return null; + } + while (index < filesize) { byte tag = buf[index++]; int len = ((buf[index++] & 0xFF) << 8) + (buf[index++] & 0xFF); @@ -1038,36 +1049,34 @@ * Reads the specified file under <java.home>/lib/zi into a buffer. * @return the buffer, or null if any I/O error occurred. */ - private static byte[] readZoneInfoFile(String fileName) { + private static byte[] readZoneInfoFile(final String fileName) { byte[] buffer = null; try { - String zi_dir = JAVAZI_DIR; - if (zi_dir == null) { - // Fall back to JDK-supplied tzdata - String homeDir = (String) AccessController.doPrivileged(new sun.security.action.GetPropertyAction("java.home")); - zi_dir = homeDir + File.separator + "lib" + File.separator - + "zi"; - } - - final String fname = zi_dir + File.separator + fileName; - buffer = (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction() { + buffer = (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws IOException { - File file = new File(fname); - if (!file.canRead()) { + File file = new File(ziDir, fileName); + if (!file.exists() || !file.isFile()) { return null; } - int filesize = (int)file.length(); - byte[] buf = new byte[filesize]; - - FileInputStream fis = new FileInputStream(file); - - if (fis.read(buf) != filesize) { - fis.close(); - throw new IOException("read error on " + fname); + file = file.getCanonicalFile(); + String path = file.getCanonicalPath(); + byte[] buf = null; + if (path != null && path.startsWith(ziDir)) { + int filesize = (int)file.length(); + if (filesize > 0) { + FileInputStream fis = new FileInputStream(file); + buf = new byte[filesize]; + try { + if (fis.read(buf) != filesize) { + throw new IOException("read error on " + fileName); + } + } finally { + fis.close(); + } + } } - fis.close(); return buf; } });