← Back to branch summary

~ubuntu-branches/ubuntu/intrepid/openjdk-6/intrepid-updates

« back to all changes in this revision

Viewing changes to patches/icedtea-6484091.patch

  • Committer: Bazaar Package Importer
  • Author(s): Kees Cook
  • Date: 2009-01-25 15:49:31 UTC
  • Revision ID: james.westby@ubuntu.com-20090125154931-yx8m152s774jhiaq
Tags: 6b12-0ubuntu6.1
* SECURITY UPDATE: multiple upstream vulnerabilities.
  - upstream fixes, thanks to Bernhard R. Link:
    -  patches/icedtea-4486841.patch fixes CVE-2008-5351:
       UTF-8 decoder accepts non-shortest form sequences,
    -  patches/icedtea-6484091.patch fixes CVE-2008-5350:
       allows to list files within the user home directory,
    -  patches/icedtea-6497740.patch fixes CVE-2008-5349:
       RSA public key length denial-of-service,
    -  patches/icedtea-6588160.patch fixes CVE-2008-5348:
       Denial-Of-Service in kerberos authentication,
    -  patches/icedtea-6592792.patch fixes CVE-2008-5347:
       applet privilege escalation via JAX package access,
    -  patches/icedtea-6721753.patch fixes CVE-2008-5360:
       temporary files have guessable file names,
    -  patches/icedtea-6726779.patch fixes CVE-2008-5359:
       Buffer overflow in image processing,
    -  patches/icedtea-6733959.patch fixes CVE-2008-5354:
       Privilege escalation in command line applications,
    -  patches/icedtea-6734167.patch fixes CVE-2008-5353:
       calender object deserialization allows privilege escalation,
    -  patches/icedtea-6755943.patch fixes CVE-2008-5352:
       Jar200 Decompression buffer overflow,
    -  patches/icedtea-6766136.patch fixes CVE-2008-5358:
       Buffer Overflow in GIF image processing.
* add debian/patches/donotdelete.diff:
  fix MultipleJRE.sh to remove the link in the error-path, otherwise
  the test-suite removes the whole build/*/j2sdk-image directory on error.

Show diffs side-by-side

added added

removed removed

Lines of Context:
patches/icedtea-6484091.patch
 
1
--- old/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java        Tue Nov 18 10:35:29 2008
 
2
+++ openjdk/jdk/src/share/classes/javax/swing/plaf/metal/MetalFileChooserUI.java        Tue Nov 18 10:35:29 2008
 
3
@@ -38,6 +38,8 @@
 
4
 import java.io.FileNotFoundException;
 
5
 import java.io.IOException;
 
6
 import java.util.*;
 
7
+import java.security.AccessController;
 
8
+import java.security.PrivilegedAction;
 
9
 import javax.accessibility.*;
 
10
 
 
11
 import sun.awt.shell.ShellFolder;
 
12
@@ -957,7 +959,11 @@
 
13
 
 
14
             File[] baseFolders;
 
15
             if (useShellFolder) {
 
16
-                baseFolders = (File[])ShellFolder.get("fileChooserComboBoxFolders");
 
17
+                baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
 
18
+                    public File[] run() {
 
19
+                        return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
 
20
+                    }
 
21
+                });
 
22
             } else {
 
23
                 baseFolders = fsv.getRoots();
 
24
             }
 
25
--- old/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java      Tue Nov 18 10:35:30 2008
 
26
+++ openjdk/jdk/src/share/classes/sun/swing/plaf/synth/SynthFileChooserUIImpl.java      Tue Nov 18 10:35:30 2008
 
27
@@ -29,6 +29,8 @@
 
28
 import java.beans.*;
 
29
 import java.io.*;
 
30
 import java.util.*;
 
31
+import java.security.AccessController;
 
32
+import java.security.PrivilegedAction;
 
33
 
 
34
 import javax.swing.*;
 
35
 import javax.swing.event.*;
 
36
@@ -769,7 +771,11 @@
 
37
 
 
38
             File[] baseFolders;
 
39
             if (useShellFolder) {
 
40
-                baseFolders = (File[])ShellFolder.get("fileChooserComboBoxFolders");
 
41
+                baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
 
42
+                    public File[] run() {
 
43
+                        return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
 
44
+                    }
 
45
+                });
 
46
             } else {
 
47
                 baseFolders = fsv.getRoots();
 
48
             }
 
49
--- old/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java     Tue Nov 18 10:35:31 2008
 
50
+++ openjdk/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java     Tue Nov 18 10:35:31 2008
 
51
@@ -39,6 +39,8 @@
 
52
 import java.io.FileNotFoundException;
 
53
 import java.io.IOException;
 
54
 import java.util.*;
 
55
+import java.security.AccessController;
 
56
+import java.security.PrivilegedAction;
 
57
 
 
58
 import sun.awt.shell.ShellFolder;
 
59
 import sun.awt.OSInfo;
 
60
@@ -1165,7 +1167,11 @@
 
61
 
 
62
             File[] baseFolders;
 
63
             if (useShellFolder) {
 
64
-                baseFolders = (File[])ShellFolder.get("fileChooserComboBoxFolders");
 
65
+                baseFolders = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
 
66
+                    public File[] run() {
 
67
+                        return (File[]) ShellFolder.get("fileChooserComboBoxFolders");
 
68
+                    }
 
69
+                });
 
70
             } else {
 
71
                 baseFolders = fsv.getRoots();
 
72
             }
 
73
--- old/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java        Tue Nov 18 10:35:32 2008
 
74
+++ openjdk/jdk/src/windows/classes/sun/awt/shell/Win32ShellFolder2.java        Tue Nov 18 10:35:32 2008
 
75
 
 
76
@@ -657,6 +657,10 @@
 
77
      *         <code>null</code> if this shellfolder does not denote a directory.
 
78
      */
 
79
     public File[] listFiles(final boolean includeHiddenFiles) {
 
80
+        SecurityManager security = System.getSecurityManager();
 
81
+        if (security != null) {
 
82
+            security.checkRead(getPath());
 
83
+        }
 
84
 
 
85
         return new ComTask<File[]>() {
 
86
             public File[] call() throws Exception {
 
87
--- /dev/null   Tue Nov 18 10:35:33 2008
 
88
+++ openjdk/jdk/test/javax/swing/JFileChooser/6484091/bug6484091.java   Tue Nov 18 10:35:33 2008
 
89
@@ -0,0 +1,40 @@
 
90
+/* @test @(#)bug6484091.java   1.1 08/11/18
 
91
+ * @bug 6484091
 
92
+ * @summary FileSystemView leaks directory info
 
93
+ * @author Pavel Porvatov
 
94
+   @run main bug6484091
 
95
+ */
 
96
+
 
97
+import java.io.*;
 
98
+import java.security.AccessControlException;
 
99
+import javax.swing.filechooser.FileSystemView;
 
100
+import javax.swing.*;
 
101
+
 
102
+import sun.awt.shell.ShellFolder;
 
103
+
 
104
+public class bug6484091 {
 
105
+    public static void main(String[] args) {
 
106
+        ShellFolder dir = (ShellFolder) FileSystemView.getFileSystemView().getDefaultDirectory();
 
107
+
 
108
+        printDirContent(dir);
 
109
+
 
110
+        System.setSecurityManager(new SecurityManager());
 
111
+
 
112
+        // The next test cases use 'dir' obtained without SecurityManager
 
113
+        try {
 
114
+            printDirContent(dir);
 
115
+
 
116
+            throw new RuntimeException("Dir content was derived bypass SecurityManager");
 
117
+        } catch (AccessControlException e) {
 
118
+            // It's a successful situation
 
119
+        }
 
120
+    }
 
121
+
 
122
+    private static void printDirContent(File dir) {
 
123
+        System.out.println("Files in " + dir.getAbsolutePath() + ":");
 
124
+
 
125
+        for (File file : dir.listFiles()) {
 
126
+            System.out.println(file.getName());
 
127
+        }
 
128
+    }
 
129
+}