RH663680, CVE-2010-4351: JNLP SecurityManager bypass

2010-12-16 Omair Majid <[email protected]> RH663680, CVE-2010-4351: * NEWS: List issue. * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java: Make sure SecurityException is thrown if necessary.
author: Deepak Bhole <[email protected]> 2011-01-18 12:07:45 -0500
committer: Deepak Bhole <[email protected]> 2011-01-18 12:07:45 -0500
commit: 63a8b837179b933d7cf9a2ae08de63b1c7c88439 (patch)
tree: 28fb3dbc7461c6e3a3ef2235857560ed87b027b9 /netx
parent: e9f1f6b9df10ddcb59335321329fdb5ef13cf8e9 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
index 174221f..8807c58 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
@@ -308,6 +308,7 @@ class JNLPSecurityManager extends AWTSecurityManager {
                     }
 
                 } else if (perm instanceof SecurityPermission) {
+                    tmpPerm = perm;
 
                     // JCE's initialization requires putProviderProperty permission
                     if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
@@ -317,6 +318,7 @@ class JNLPSecurityManager extends AWTSecurityManager {
                     }
 
                 } else if (perm instanceof RuntimePermission) {
+                    tmpPerm = perm;
 
                     // KeyGenerator's init method requires internal spec access
                     if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
author	Deepak Bhole <[email protected]>	2011-01-18 12:07:45 -0500
committer	Deepak Bhole <[email protected]>	2011-01-18 12:07:45 -0500
commit	63a8b837179b933d7cf9a2ae08de63b1c7c88439 (patch)
tree	28fb3dbc7461c6e3a3ef2235857560ed87b027b9 /netx
parent	e9f1f6b9df10ddcb59335321329fdb5ef13cf8e9 (diff)