3 files changed, 10 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 49cf1a8..1a21151 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,13 @@
 	(TimedHashMap): Moved to...
 	* netx/net/sourceforge/jnlp/util/TimedHashMap.java: New file.
 
+2011-02-11  Deepak Bhole <[email protected]>
+
+	Fix S6983554, CVE-2010-4450: Launcher incorrect processing of empty
+	library path entries
+	* NEWS: Updated.
+	* launcher/java_md.c: Ignore empty LD_LIBRARY_PATH.
+
 2011-02-11  Omair Majid  <[email protected]>
 
 	* netx/net/sourceforge/jnlp/PluginBridge.java
diff --git a/NEWS b/NEWS
index 8689aac..6fbd247 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,8 @@ GX  - http://bugs.gentoo.org/show_bug.cgi?id=X
 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
 New in release 1.1 (2011-XX-XX):
+* Security updates
+  - S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries 
 * NetX
   - Use Firefox's proxy settings if possible
   - RH669942: javaws fails to download version/packed files (missing support for jnlp.packEnabled and jnlp.versionEnabled)
diff --git a/launcher/java_md.c b/launcher/java_md.c
index e3e5e6f..2e0e96b 100644
--- a/launcher/java_md.c
+++ b/launcher/java_md.c
@@ -484,7 +484,7 @@ CreateExecutionEnvironment(int *_argcp,
        * LD_LIBRARY_PATH.  Note that this prevents any possible infinite
        * loop of execv() because we test for the prefix, above.
        */
-      if (runpath != 0) {
+      if (runpath != 0 && (runpath[0] != '\0')) {
         strcat(new_runpath, ":");
         strcat(new_runpath, runpath);
       }