Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
icedtea-web.import4910
icedtea-web-1.1-CVE-2011-2514.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File icedtea-web-1.1-CVE-2011-2514.patch of Package icedtea-web.import4910
diff -r af1ed34483d1 netx/net/sourceforge/jnlp/services/XExtendedService.java --- a/netx/net/sourceforge/jnlp/services/XExtendedService.java Tue May 31 12:00:01 2011 -0400 +++ b/netx/net/sourceforge/jnlp/services/XExtendedService.java Wed Jun 01 18:41:18 2011 -0400 @@ -34,10 +34,12 @@ public FileContents openFile(File file) throws IOException { + File secureFile = new File(file.getPath()); + /* FIXME: this opens a file with read/write mode, not just read or write */ - if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) { + if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) { return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class, - new XFileContents(file)); + new XFileContents(secureFile)); } else { return null; } diff -r af1ed34483d1 netx/net/sourceforge/jnlp/services/XFileContents.java --- a/netx/net/sourceforge/jnlp/services/XFileContents.java Tue May 31 12:00:01 2011 -0400 +++ b/netx/net/sourceforge/jnlp/services/XFileContents.java Wed Jun 01 18:41:18 2011 -0400 @@ -34,7 +34,8 @@ * Create a file contents implementation for the file. */ protected XFileContents(File file) { - this.file = file; + // create a safe copy + this.file = new File(file.getPath()); } /**
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor