Overview

File icedtea-web-1.1-CVE-2011-2514.patch of Package icedtea-web.import4910

diff -r af1ed34483d1 netx/net/sourceforge/jnlp/services/XExtendedService.java
--- a/netx/net/sourceforge/jnlp/services/XExtendedService.java	Tue May 31 12:00:01 2011 -0400
+++ b/netx/net/sourceforge/jnlp/services/XExtendedService.java	Wed Jun 01 18:41:18 2011 -0400
@@ -34,10 +34,12 @@
 
     public FileContents openFile(File file) throws IOException {
 
+        File secureFile = new File(file.getPath());
+
         /* FIXME: this opens a file with read/write mode, not just read or write */
-        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) {
+        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) {
             return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class,
-                    new XFileContents(file));
+                    new XFileContents(secureFile));
         } else {
             return null;
         }
diff -r af1ed34483d1 netx/net/sourceforge/jnlp/services/XFileContents.java
--- a/netx/net/sourceforge/jnlp/services/XFileContents.java	Tue May 31 12:00:01 2011 -0400
+++ b/netx/net/sourceforge/jnlp/services/XFileContents.java	Wed Jun 01 18:41:18 2011 -0400
@@ -34,7 +34,8 @@
      * Create a file contents implementation for the file.
      */
     protected XFileContents(File file) {
-        this.file = file;
+        // create a safe copy
+        this.file = new File(file.getPath());
     }
 
     /**
openSUSE Build Service is sponsored by
Places