RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation

author: Deepak Bhole <dbhole@redhat.com> 2011-07-15 16:02:00 -0400
committer: Deepak Bhole <dbhole@redhat.com> 2011-07-15 16:02:00 -0400
commit: 8cb2c53528494478cf3cdfd0d23d84bc7f04ab93 (patch)
tree: 428496c169b7d6c20ad00c6b416161bf1d98e12a /netx/net/sourceforge/jnlp/services/XExtendedService.java
parent: dadfb2447d1764e39d7aafb8035e6dba00be7627 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/netx/net/sourceforge/jnlp/services/XExtendedService.java b/netx/net/sourceforge/jnlp/services/XExtendedService.java
index f03c199..1ac6ed8 100644
--- a/netx/net/sourceforge/jnlp/services/XExtendedService.java
+++ b/netx/net/sourceforge/jnlp/services/XExtendedService.java
@@ -34,10 +34,12 @@ public class XExtendedService implements ExtendedService {
 
     public FileContents openFile(File file) throws IOException {
 
+        File secureFile = new File(file.getPath());
+
         /* FIXME: this opens a file with read/write mode, not just read or write */
-        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) {
+        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) {
             return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class,
-                    new XFileContents(file));
+                    new XFileContents(secureFile));
         } else {
             return null;
         }
author	Deepak Bhole <dbhole@redhat.com>	2011-07-15 16:02:00 -0400
committer	Deepak Bhole <dbhole@redhat.com>	2011-07-15 16:02:00 -0400
commit	8cb2c53528494478cf3cdfd0d23d84bc7f04ab93 (patch)
tree	428496c169b7d6c20ad00c6b416161bf1d98e12a /netx/net/sourceforge/jnlp/services/XExtendedService.java
parent	dadfb2447d1764e39d7aafb8035e6dba00be7627 (diff)