Mercurial > hg > release > icedtea6-1.7
view patches/security/20101012/6981426.patch @ 1993:1cdd796efef3
Second batch of security updates.
2010-10-11 Andrew John Hughes <ahughes@redhat.com>
* patches/icedtea-timerqueue.patch:
Dropped; superceded by 6623943.
* Makefile.am: Add new security patches.
* NEWS: List new security patches.
* patches/security/20101012/6622002.patch,
* patches/security/20101012/6623943.patch,
* patches/security/20101012/6952017.patch,
* patches/security/20101012/6952603.patch,
* patches/security/20101012/6961084.patch,
* patches/security/20101012/6963285.patch,
* patches/security/20101012/6981426.patch,
* patches/security/20101012/6990437.patch:
Added.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Mon, 11 Oct 2010 21:52:05 +0100 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User michaelm # Date 1285257398 25200 # Node ID c4573f15b0f8f304cf5fd5653e2c4d7cd8ccd61b # Parent 6e389e6349c94fd9576657adcd2656a6e868acb1 6981426: limit use of TRACE method in HttpURLConnection Reviewed-by: chegar diff --git a/src/share/classes/java/net/HttpURLConnection.java b/src/share/classes/java/net/HttpURLConnection.java --- openjdk.orig/jdk/src/share/classes/java/net/HttpURLConnection.java +++ openjdk/jdk/src/share/classes/java/net/HttpURLConnection.java @@ -344,6 +344,12 @@ abstract public class HttpURLConnection for (int i = 0; i < methods.length; i++) { if (methods[i].equals(method)) { + if (method.equals("TRACE")) { + SecurityManager s = System.getSecurityManager(); + if (s != null) { + s.checkPermission(new NetPermission("allowHttpTrace")); + } + } this.method = method; return; }