aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net/sourceforge/jnlp/runtime/Boot.java
diff options
context:
space:
mode:
authorOmair Majid <[email protected]>2010-11-24 14:15:11 -0500
committerOmair Majid <[email protected]>2010-11-24 14:15:11 -0500
commit734d3800792d3b1825eb3101227eae519311871e (patch)
tree5deb277c81fd7f719ae7bee19f195455665f6c43 /netx/net/sourceforge/jnlp/runtime/Boot.java
parent5ce4fedba27f4160ed7d1979478886c6546d382c (diff)
CVE-2010-3860 IcedTea System property information leak via public static
2010-11-24 Omair Majid <[email protected]> * netx/net/sourceforge/jnlp/runtime/Boot.java: Remove basedir option. Add NETX_ABOUT_FILE. (run): Remove call to JNLPRuntime.setBaseDir. (getAboutFile): Use the constant in this file, not JNLPRuntime. (getBaseDir): Remove obsolete method. * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: Remove baseDir, USER, HOME_DIR, NETXRC_FILE, NETX_DIR, SECURITY_DIR, CERTFICIATES_FILE, JAVA_HOME_DIR, NETX_ABOUT_FILE. (initialize): Do not set baseDir. (getBaseDir): Remove method. (setBaseDir): Likewise. (getDefaultBaseDir): Likewise. (getProperties): Likewise. * netx/net/sourceforge/jnlp/security/SecurityUtil.java (getTrustedCertsFilename): Delegate to KeyStores.getKeyStoreLocation. * plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java (PluginAppletSecurityContext): Remove call to obsolete method.
Diffstat (limited to 'netx/net/sourceforge/jnlp/runtime/Boot.java')
-rw-r--r--netx/net/sourceforge/jnlp/runtime/Boot.java35
1 files changed, 7 insertions, 28 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/Boot.java b/netx/net/sourceforge/jnlp/runtime/Boot.java
index 69704bb..8883235 100644
--- a/netx/net/sourceforge/jnlp/runtime/Boot.java
+++ b/netx/net/sourceforge/jnlp/runtime/Boot.java
@@ -95,7 +95,6 @@ public final class Boot implements PrivilegedAction<Void> {
+ " -viewer "+R("BOViewer")+"\n"
+ "\n"
+ "run-options:"+"\n"
- + " -basedir dir "+R("BOBasedir")+"\n"
+ " -arg arg "+R("BOArg")+"\n"
+ " -param name=value "+R("BOParam")+"\n"
+ " -property name=value "+R("BOProperty")+"\n"
@@ -111,6 +110,11 @@ public final class Boot implements PrivilegedAction<Void> {
+ " -Xclearcache "+R("BXclearcache")+"\n"
+ " -help "+R("BOHelp")+"\n";
+ /** the JNLP file to open to display the network-based about window */
+ private static final String NETX_ABOUT_FILE = System.getProperty("java.home") + File.separator + "lib"
+ + File.separator + "about.jnlp";
+
+
private static final String doubleArgs = "-basedir -jnlp -arg -param -property -update";
private static String args[]; // avoid the hot potato
@@ -179,7 +183,6 @@ public final class Boot implements PrivilegedAction<Void> {
* The privileged part (jdk1.3 compatibility).
*/
public Void run() {
- JNLPRuntime.setBaseDir(getBaseDir());
JNLPRuntime.setSecurityEnabled(null == getOption("-nosecurity"));
JNLPRuntime.initialize(true);
@@ -221,8 +224,8 @@ public final class Boot implements PrivilegedAction<Void> {
*/
private static String getAboutFile() {
- if (new File(JNLPRuntime.NETX_ABOUT_FILE).exists())
- return JNLPRuntime.NETX_ABOUT_FILE;
+ if (new File(NETX_ABOUT_FILE).exists())
+ return NETX_ABOUT_FILE;
else
return null;
}
@@ -414,28 +417,4 @@ public final class Boot implements PrivilegedAction<Void> {
return result.toArray( new String[result.size()] );
}
- /**
- * Return the base dir. If the base dir parameter is not set
- * the value is read from JNLPRuntime.NETX_ABOUT_FILE file.
- * If that file does not exist, an install dialog is displayed
- * to select the base directory.
- */
- private static File getBaseDir() {
- if (getOption("-basedir") != null) {
- File basedir = new File(getOption("-basedir"));
-
- if (!basedir.exists() || !basedir.isDirectory())
- fatalError(R("BNoDir", basedir));
-
- return basedir;
- }
-
- // check .netxrc
- File basedir = JNLPRuntime.getDefaultBaseDir();
- if (basedir == null)
- fatalError(R("BNoBase"));
-
- return basedir;
- }
-
}