RH663680, CVE-2010-4351: JNLP SecurityManager bypass

2010-12-16 Omair Majid <[email protected]> RH663680, CVE-2010-4351: * NEWS: List issue. * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java: Make sure SecurityException is thrown if necessary.
author: Deepak Bhole <[email protected]> 2011-01-18 12:07:45 -0500
committer: Deepak Bhole <[email protected]> 2011-01-18 12:07:45 -0500
commit: 63a8b837179b933d7cf9a2ae08de63b1c7c88439 (patch)
tree: 28fb3dbc7461c6e3a3ef2235857560ed87b027b9
parent: e9f1f6b9df10ddcb59335321329fdb5ef13cf8e9 (diff)
3 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 1eb9f37..5bc6f42 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -249,6 +249,13 @@
 	* netx/net/sourceforge/jnlp/services/ServiceUtil.java
 	(shouldPromptUser): Likewise.
 
+2010-12-16 Omair Majid <[email protected]>
+
+	RH663680, CVE-2010-4351:
+	* NEWS: List issue.
+	* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
+	Make sure SecurityException is thrown if necessary. 
+
 2010-12-15  Omair Majid  <[email protected]>
 
 	* Makefile.am
diff --git a/NEWS b/NEWS
index 787561f..eb6391e 100644
--- a/NEWS
+++ b/NEWS
@@ -28,5 +28,6 @@ New in release 1.0 (2010-XX-XX):
   - Add a new option -Xclearcache
   - Interfaces javax.jnlp.IntegrationService and javax.jnlp.DownloadService2 are now available
   - PR592: NetX can create invalid desktop entry files
+  - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
 * Control Panel
   - Modifications to deployments.properties file can now be done through a GUI
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
index 174221f..8807c58 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
@@ -308,6 +308,7 @@ class JNLPSecurityManager extends AWTSecurityManager {
                     }
 
                 } else if (perm instanceof SecurityPermission) {
+                    tmpPerm = perm;
 
                     // JCE's initialization requires putProviderProperty permission
                     if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
@@ -317,6 +318,7 @@ class JNLPSecurityManager extends AWTSecurityManager {
                     }
 
                 } else if (perm instanceof RuntimePermission) {
+                    tmpPerm = perm;
 
                     // KeyGenerator's init method requires internal spec access
                     if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
author	Deepak Bhole <[email protected]>	2011-01-18 12:07:45 -0500
committer	Deepak Bhole <[email protected]>	2011-01-18 12:07:45 -0500
commit	63a8b837179b933d7cf9a2ae08de63b1c7c88439 (patch)
tree	28fb3dbc7461c6e3a3ef2235857560ed87b027b9
parent	e9f1f6b9df10ddcb59335321329fdb5ef13cf8e9 (diff)