diff options
author | Omair Majid <[email protected]> | 2010-11-24 14:15:11 -0500 |
---|---|---|
committer | Omair Majid <[email protected]> | 2010-11-24 14:15:11 -0500 |
commit | 734d3800792d3b1825eb3101227eae519311871e (patch) | |
tree | 5deb277c81fd7f719ae7bee19f195455665f6c43 /netx/net/sourceforge/jnlp/runtime/Boot.java | |
parent | 5ce4fedba27f4160ed7d1979478886c6546d382c (diff) |
CVE-2010-3860 IcedTea System property information leak via public static
2010-11-24 Omair Majid <[email protected]>
* netx/net/sourceforge/jnlp/runtime/Boot.java: Remove basedir
option. Add NETX_ABOUT_FILE.
(run): Remove call to JNLPRuntime.setBaseDir.
(getAboutFile): Use the constant in this file, not JNLPRuntime.
(getBaseDir): Remove obsolete method.
* netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: Remove
baseDir, USER, HOME_DIR, NETXRC_FILE, NETX_DIR, SECURITY_DIR,
CERTFICIATES_FILE, JAVA_HOME_DIR, NETX_ABOUT_FILE.
(initialize): Do not set baseDir.
(getBaseDir): Remove method.
(setBaseDir): Likewise.
(getDefaultBaseDir): Likewise.
(getProperties): Likewise.
* netx/net/sourceforge/jnlp/security/SecurityUtil.java
(getTrustedCertsFilename): Delegate to
KeyStores.getKeyStoreLocation.
* plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java
(PluginAppletSecurityContext): Remove call to obsolete method.
Diffstat (limited to 'netx/net/sourceforge/jnlp/runtime/Boot.java')
-rw-r--r-- | netx/net/sourceforge/jnlp/runtime/Boot.java | 35 |
1 files changed, 7 insertions, 28 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/Boot.java b/netx/net/sourceforge/jnlp/runtime/Boot.java index 69704bb..8883235 100644 --- a/netx/net/sourceforge/jnlp/runtime/Boot.java +++ b/netx/net/sourceforge/jnlp/runtime/Boot.java @@ -95,7 +95,6 @@ public final class Boot implements PrivilegedAction<Void> { + " -viewer "+R("BOViewer")+"\n" + "\n" + "run-options:"+"\n" - + " -basedir dir "+R("BOBasedir")+"\n" + " -arg arg "+R("BOArg")+"\n" + " -param name=value "+R("BOParam")+"\n" + " -property name=value "+R("BOProperty")+"\n" @@ -111,6 +110,11 @@ public final class Boot implements PrivilegedAction<Void> { + " -Xclearcache "+R("BXclearcache")+"\n" + " -help "+R("BOHelp")+"\n"; + /** the JNLP file to open to display the network-based about window */ + private static final String NETX_ABOUT_FILE = System.getProperty("java.home") + File.separator + "lib" + + File.separator + "about.jnlp"; + + private static final String doubleArgs = "-basedir -jnlp -arg -param -property -update"; private static String args[]; // avoid the hot potato @@ -179,7 +183,6 @@ public final class Boot implements PrivilegedAction<Void> { * The privileged part (jdk1.3 compatibility). */ public Void run() { - JNLPRuntime.setBaseDir(getBaseDir()); JNLPRuntime.setSecurityEnabled(null == getOption("-nosecurity")); JNLPRuntime.initialize(true); @@ -221,8 +224,8 @@ public final class Boot implements PrivilegedAction<Void> { */ private static String getAboutFile() { - if (new File(JNLPRuntime.NETX_ABOUT_FILE).exists()) - return JNLPRuntime.NETX_ABOUT_FILE; + if (new File(NETX_ABOUT_FILE).exists()) + return NETX_ABOUT_FILE; else return null; } @@ -414,28 +417,4 @@ public final class Boot implements PrivilegedAction<Void> { return result.toArray( new String[result.size()] ); } - /** - * Return the base dir. If the base dir parameter is not set - * the value is read from JNLPRuntime.NETX_ABOUT_FILE file. - * If that file does not exist, an install dialog is displayed - * to select the base directory. - */ - private static File getBaseDir() { - if (getOption("-basedir") != null) { - File basedir = new File(getOption("-basedir")); - - if (!basedir.exists() || !basedir.isDirectory()) - fatalError(R("BNoDir", basedir)); - - return basedir; - } - - // check .netxrc - File basedir = JNLPRuntime.getDefaultBaseDir(); - if (basedir == null) - fatalError(R("BNoBase")); - - return basedir; - } - } |