aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net/sourceforge/jnlp/security
diff options
context:
space:
mode:
authorOmair Majid <[email protected]>2010-11-24 14:15:11 -0500
committerOmair Majid <[email protected]>2010-11-24 14:15:11 -0500
commit734d3800792d3b1825eb3101227eae519311871e (patch)
tree5deb277c81fd7f719ae7bee19f195455665f6c43 /netx/net/sourceforge/jnlp/security
parent5ce4fedba27f4160ed7d1979478886c6546d382c (diff)
CVE-2010-3860 IcedTea System property information leak via public static
2010-11-24 Omair Majid <[email protected]> * netx/net/sourceforge/jnlp/runtime/Boot.java: Remove basedir option. Add NETX_ABOUT_FILE. (run): Remove call to JNLPRuntime.setBaseDir. (getAboutFile): Use the constant in this file, not JNLPRuntime. (getBaseDir): Remove obsolete method. * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: Remove baseDir, USER, HOME_DIR, NETXRC_FILE, NETX_DIR, SECURITY_DIR, CERTFICIATES_FILE, JAVA_HOME_DIR, NETX_ABOUT_FILE. (initialize): Do not set baseDir. (getBaseDir): Remove method. (setBaseDir): Likewise. (getDefaultBaseDir): Likewise. (getProperties): Likewise. * netx/net/sourceforge/jnlp/security/SecurityUtil.java (getTrustedCertsFilename): Delegate to KeyStores.getKeyStoreLocation. * plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java (PluginAppletSecurityContext): Remove call to obsolete method.
Diffstat (limited to 'netx/net/sourceforge/jnlp/security')
-rw-r--r--netx/net/sourceforge/jnlp/security/SecurityUtil.java11
1 files changed, 3 insertions, 8 deletions
diff --git a/netx/net/sourceforge/jnlp/security/SecurityUtil.java b/netx/net/sourceforge/jnlp/security/SecurityUtil.java
index 2a63a21..ebdab60 100644
--- a/netx/net/sourceforge/jnlp/security/SecurityUtil.java
+++ b/netx/net/sourceforge/jnlp/security/SecurityUtil.java
@@ -43,20 +43,15 @@ import java.io.FileOutputStream;
import java.security.KeyStore;
import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.security.KeyStores.Level;
+import net.sourceforge.jnlp.security.KeyStores.Type;
public class SecurityUtil {
private static final char[] password = "changeit".toCharArray();
public static String getTrustedCertsFilename() throws Exception{
-
- String homeDir = JNLPRuntime.HOME_DIR;
-
- if (homeDir == null) {
- throw new Exception("Could not access home directory");
- } else {
- return JNLPRuntime.CERTIFICATES_FILE;
- }
+ return KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS);
}
public static char[] getTrustedCertsPassword() {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 04:31:13 +0000