CVE-2010-3860 IcedTea System property information leak via public static

2010-11-24  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/runtime/Boot.java: Remove basedir
     option. Add NETX_ABOUT_FILE.
     (run): Remove call to JNLPRuntime.setBaseDir.
     (getAboutFile): Use the constant in this file, not JNLPRuntime.
     (getBaseDir): Remove obsolete method.
     * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: Remove
     baseDir, USER, HOME_DIR, NETXRC_FILE, NETX_DIR, SECURITY_DIR,
     CERTFICIATES_FILE, JAVA_HOME_DIR, NETX_ABOUT_FILE.
     (initialize): Do not set baseDir.
     (getBaseDir): Remove method.
     (setBaseDir): Likewise.
     (getDefaultBaseDir): Likewise.
     (getProperties): Likewise.
     * netx/net/sourceforge/jnlp/security/SecurityUtil.java
     (getTrustedCertsFilename): Delegate to
     KeyStores.getKeyStoreLocation.
     * plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java
     (PluginAppletSecurityContext): Remove call to obsolete method.

4 files changed, 11 insertions, 127 deletions

diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties b/netx/net/sourceforge/jnlp/resources/Messages.properties
index 0f55bca..ffe5b19 100644
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties
@@ -139,7 +139,6 @@ RConfigurationError=Fatal error while reading the configuration
 # Boot options, message should be shorter than this ---------------->

 BOUsage=javaws [-run-options] <jnlp file>

 BOUsage2=javaws [-control-options]

-BOBasedir   = Directory where the cache is kept.

 BOJnlp      = Location of JNLP file to launch (url or file).

 BOArg       = Adds an application argument before launching.

 BOParam     = Adds an applet parameter before launching.

@@ -232,4 +231,4 @@ KSCerts=Trusted Certificates
 KSJsseCerts=Trusted JSSE Certificates

 KSCaCerts=Trusted Root CA Certificates

 KSJsseCaCerts=Trusted JSSE Root CA Certificates,

-KSClientCerts=Client Authentication Certificates
\ No newline at end of file
+KSClientCerts=Client Authentication Certificates

diff --git a/netx/net/sourceforge/jnlp/runtime/Boot.java b/netx/net/sourceforge/jnlp/runtime/Boot.java
index 69704bb..8883235 100644
--- a/netx/net/sourceforge/jnlp/runtime/Boot.java
+++ b/netx/net/sourceforge/jnlp/runtime/Boot.java
@@ -95,7 +95,6 @@ public final class Boot implements PrivilegedAction<Void> {
         + "  -viewer               "+R("BOViewer")+"\n"
         + "\n"
         + "run-options:"+"\n"
-        + "  -basedir dir          "+R("BOBasedir")+"\n"
         + "  -arg arg              "+R("BOArg")+"\n"
         + "  -param name=value     "+R("BOParam")+"\n"
         + "  -property name=value  "+R("BOProperty")+"\n"
@@ -111,6 +110,11 @@ public final class Boot implements PrivilegedAction<Void> {
         + "  -Xclearcache          "+R("BXclearcache")+"\n"
         + "  -help                 "+R("BOHelp")+"\n";
 
+    /** the JNLP file to open to display the network-based about window */
+    private static final String NETX_ABOUT_FILE = System.getProperty("java.home") + File.separator + "lib"
+            + File.separator + "about.jnlp";
+
+
     private static final String doubleArgs = "-basedir -jnlp -arg -param -property -update";
 
     private static String args[]; // avoid the hot potato
@@ -179,7 +183,6 @@ public final class Boot implements PrivilegedAction<Void> {
      * The privileged part (jdk1.3 compatibility).
      */
     public Void run() {
-        JNLPRuntime.setBaseDir(getBaseDir());
         JNLPRuntime.setSecurityEnabled(null == getOption("-nosecurity"));
         JNLPRuntime.initialize(true);
 
@@ -221,8 +224,8 @@ public final class Boot implements PrivilegedAction<Void> {
      */
     private static String getAboutFile() {
 
-        if (new File(JNLPRuntime.NETX_ABOUT_FILE).exists())
-            return JNLPRuntime.NETX_ABOUT_FILE;
+        if (new File(NETX_ABOUT_FILE).exists())
+            return NETX_ABOUT_FILE;
         else
             return null;
     }
@@ -414,28 +417,4 @@ public final class Boot implements PrivilegedAction<Void> {
         return result.toArray( new String[result.size()] );
     }
 
-    /**
-     * Return the base dir.  If the base dir parameter is not set
-     * the value is read from JNLPRuntime.NETX_ABOUT_FILE file.
-     * If that file does not exist, an install dialog is displayed
-     * to select the base directory.
-     */
-    private static File getBaseDir() {
-        if (getOption("-basedir") != null) {
-            File basedir = new File(getOption("-basedir"));
-
-            if (!basedir.exists() || !basedir.isDirectory())
-                fatalError(R("BNoDir", basedir));
-
-            return basedir;
-        }
-
-        // check .netxrc
-        File basedir = JNLPRuntime.getDefaultBaseDir();
-        if (basedir == null)
-            fatalError(R("BNoBase"));
-
-        return basedir;
-    }
-
 }
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
index 7249375..13feed2 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
@@ -80,9 +80,6 @@ public class JNLPRuntime {
     /** handles all security message to show appropriate security dialogs */
     private static SecurityDialogMessageHandler securityDialogMessageHandler;
 
-    /** the base dir for cache, etc */
-    private static File baseDir;
-
     /** a default launch handler */
     private static LaunchHandler handler = null;
 
@@ -128,33 +125,6 @@ public class JNLPRuntime {
     public static final String STDERR_FILE = "java.stderr";
     public static final String STDOUT_FILE = "java.stdout";
 
-    /** Username */
-    public static final String USER = System.getProperty("user.name");
-
-    /** User's home directory */
-    public static final String HOME_DIR = System.getProperty("user.home");
-
-    /** the ~/.netxrc file containing netx settings */
-    public static final String NETXRC_FILE = HOME_DIR + File.separator + ".netxrc";
-
-    /** the ~/.netx directory containing user-specific data */
-    public static final String NETX_DIR = HOME_DIR + File.separator + ".netx";
-
-    /** the ~/.netx/security directory containing security related information */
-    public static final String SECURITY_DIR = NETX_DIR + File.separator + "security";
-
-    /** the ~/.netx/security/trusted.certs file containing trusted certificates */
-    public static final String CERTIFICATES_FILE = SECURITY_DIR + File.separator + "trusted.certs";
-
-    /** the java.home directory */
-    public static final String JAVA_HOME_DIR = System.getProperty("java.home");
-
-    /** the JNLP file to open to display the network-based about window */
-    public static final String NETX_ABOUT_FILE = JAVA_HOME_DIR + File.separator + "lib"
-            + File.separator + "about.jnlp";
-
-
-
     /**
      * Returns whether the JNLP runtime environment has been
      * initialized.  Once initialized, some properties such as the
@@ -213,12 +183,6 @@ public class JNLPRuntime {
         if (handler == null)
             handler = new DefaultLaunchHandler();
 
-        if (baseDir == null)
-            baseDir = getDefaultBaseDir();
-
-        if (baseDir == null)
-            throw new IllegalStateException(JNLPRuntime.getMessage("BNoBase"));
-
         ServiceManager.setServiceManagerStub(new XServiceManagerStub()); // ignored if we're running under Web Start
 
         policy = new JNLPPolicy();
@@ -395,25 +359,6 @@ public class JNLPRuntime {
     }
 
     /**
-     * Return the base directory containing the cache, persistence
-     * store, etc.
-     */
-    public static File getBaseDir() {
-        return baseDir;
-    }
-
-    /**
-     * Sets the base directory containing the cache, persistence
-     * store, etc.
-     *
-     * @throws IllegalStateException if caller is not the exit class
-     */
-    public static void setBaseDir(File baseDirectory) {
-        checkInitialized();
-        baseDir = baseDirectory;
-    }
-
-    /**
      * Returns whether the secure runtime environment is enabled.
      */
     public static boolean isSecurityEnabled() {
@@ -452,31 +397,6 @@ public class JNLPRuntime {
     }
 
     /**
-     * Returns the system default base dir for or if not set,
-     * prompts the user for the location.
-     *
-     * @return the base dir, or null if the user canceled the dialog
-     * @throws IOException if there was an io exception
-     */
-    public static File getDefaultBaseDir() {
-        PropertiesFile props = JNLPRuntime.getProperties();
-
-        String baseStr = props.getProperty("basedir");
-        if (baseStr != null)
-            return new File(baseStr);
-
-        String homeDir = HOME_DIR;
-        File baseDir = new File(NETX_DIR);
-        if (homeDir == null || (!baseDir.isDirectory() && !baseDir.mkdir()))
-            return null;
-
-        props.setProperty("basedir", baseDir.toString());
-        props.store();
-
-        return baseDir;
-    }
-
-    /**
      * Set a class that can exit the JVM; if not set then any class
      * can exit the JVM.
      *
@@ -505,15 +425,6 @@ public class JNLPRuntime {
     }
 
     /**
-     * Return a PropertiesFile object backed by the runtime's
-     * properties file.
-     */
-    public static PropertiesFile getProperties() {
-        File netxrc = new File(NETXRC_FILE);
-        return new PropertiesFile(netxrc);
-    }
-
-    /**
      * Return whether debug statements for the JNLP client code
      * should be printed.
      */
diff --git a/netx/net/sourceforge/jnlp/security/SecurityUtil.java b/netx/net/sourceforge/jnlp/security/SecurityUtil.java
index 2a63a21..ebdab60 100644
--- a/netx/net/sourceforge/jnlp/security/SecurityUtil.java
+++ b/netx/net/sourceforge/jnlp/security/SecurityUtil.java
@@ -43,20 +43,15 @@ import java.io.FileOutputStream;
 import java.security.KeyStore;
 
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.security.KeyStores.Level;
+import net.sourceforge.jnlp.security.KeyStores.Type;
 
 public class SecurityUtil {
 
         private static final char[] password = "changeit".toCharArray();
 
         public static String getTrustedCertsFilename() throws Exception{
-
-                String homeDir = JNLPRuntime.HOME_DIR;
-
-                if (homeDir == null) {
-                        throw new Exception("Could not access home directory");
-                } else {
-                        return JNLPRuntime.CERTIFICATES_FILE;
-                }
+                return KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS);
         }
 
         public static char[] getTrustedCertsPassword() {