From fad20c1db5bf1f1f1a5d583a805d6c5d5553a439 Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Tue, 1 Mar 2011 18:22:17 -0500
Subject: Check for nulls in JNLPPolicy.isSystemJar

It is possible to have CodeSource.getLocation() return null. For example,
sun.applet.AppletPanel (line 1071) queries the policy using a null Location
p.getPermissions(new CodeSource(null, (java.security.cert.Certificate[]) null))

2011-03-01  Omair Majid  <omajid@redhat.com>

    * netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java (isSystemJar): Check
    for nulls.
---
 netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'netx/net')

diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java b/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java
index 13f72e6..ba9b53e 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java
@@ -137,6 +137,10 @@ public class JNLPPolicy extends Policy {
      * it's part of the JRE.
      */
     private boolean isSystemJar(CodeSource source) {
+        if (source == null || source.getLocation() == null) {
+            return false;
+        }
+
         // anything in JRE/lib/ext is a system jar and has full permissions
         String sourceProtocol = source.getLocation().getProtocol();
         String sourcePath = source.getLocation().getPath();
-- 
cgit v1.2.3