diff options
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java | 70 |
3 files changed, 10 insertions, 69 deletions
@@ -6,6 +6,14 @@ * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJars): Continue with other jars if the first jar can't be used. +2011-10-28 Deepak Bhole <[email protected]> + + RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and + suffix domain SOP bypass + * NEWS: Updated + * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java + (checkPermission): Remove special case for SocketPermission. + 2011-10-27 Deepak Bhole <[email protected]> PR778: Jar download and server certificate verification deadlock @@ -12,6 +12,7 @@ New in release 1.2 (2011-XX-XX): * Security updates: - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications - RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation + - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass * NetX - PR618: Can't install OpenDJ, JavaWebStart fails with Input stream is null error - PR765: JNLP file with all resource jars marked as 'lazy' fails to validate signature and stops the launch of application diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java index a6a4ea7..bf39ef5 100644 --- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java +++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java @@ -281,75 +281,7 @@ class JNLPSecurityManager extends AWTSecurityManager { // } // } - try { - super.checkPermission(perm); - } catch (SecurityException se) { - - //This section is a special case for dealing with SocketPermissions. - if (JNLPRuntime.isDebug()) - System.err.println("Requesting permission: " + perm.toString()); - - //Change this SocketPermission's action to connect and accept - //(and resolve). This is to avoid asking for connect permission - //on every address resolve. - Permission tmpPerm = null; - if (perm instanceof SocketPermission) { - tmpPerm = new SocketPermission(perm.getName(), - SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION); - - // before proceeding, check if we are trying to connect to same origin - ApplicationInstance app = getApplication(); - JNLPFile file = app.getJNLPFile(); - - String srcHost = file.getSourceLocation().getAuthority(); - String destHost = name; - - // host = abc.xyz.com or abc.xyz.com:<port> - if (destHost.indexOf(':') >= 0) - destHost = destHost.substring(0, destHost.indexOf(':')); - - // host = abc.xyz.com - String[] hostComponents = destHost.split("\\."); - - int length = hostComponents.length; - if (length >= 2) { - - // address is in xxx.xxx.xxx format - destHost = hostComponents[length - 2] + "." + hostComponents[length - 1]; - - // host = xyz.com i.e. origin - boolean isDestHostName = false; - - // make sure that it is not an ip address - try { - Integer.parseInt(hostComponents[length - 1]); - } catch (NumberFormatException e) { - isDestHostName = true; - } - - if (isDestHostName) { - // okay, destination is hostname. Now figure out if it is a subset of origin - if (srcHost.endsWith(destHost)) { - addPermission(tmpPerm); - return; - } - } - } - } else { - tmpPerm = perm; - } - - if (tmpPerm != null) { - //askPermission will only prompt the user on SocketPermission - //meaning we're denying all other SecurityExceptions that may arise. - if (askPermission(tmpPerm)) { - addPermission(tmpPerm); - //return quietly. - } else { - throw se; - } - } - } + super.checkPermission(perm); } catch (SecurityException ex) { if (JNLPRuntime.isDebug()) { System.out.println("Denying permission: " + perm); |