From 8cb2c53528494478cf3cdfd0d23d84bc7f04ab93 Mon Sep 17 00:00:00 2001
From: Deepak Bhole <dbhole@redhat.com>
Date: Fri, 15 Jul 2011 16:02:00 -0400
Subject: RH718170, CVE-2011-2514: Java Web Start security warning dialog
 manipulation

---
 netx/net/sourceforge/jnlp/services/XExtendedService.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'netx/net/sourceforge/jnlp/services/XExtendedService.java')

diff --git a/netx/net/sourceforge/jnlp/services/XExtendedService.java b/netx/net/sourceforge/jnlp/services/XExtendedService.java
index f03c199..1ac6ed8 100644
--- a/netx/net/sourceforge/jnlp/services/XExtendedService.java
+++ b/netx/net/sourceforge/jnlp/services/XExtendedService.java
@@ -34,10 +34,12 @@ public class XExtendedService implements ExtendedService {
 
     public FileContents openFile(File file) throws IOException {
 
+        File secureFile = new File(file.getPath());
+
         /* FIXME: this opens a file with read/write mode, not just read or write */
-        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { file.getAbsolutePath() })) {
+        if (ServiceUtil.checkAccess(AccessType.READ_FILE, new Object[] { secureFile.getAbsolutePath() })) {
             return (FileContents) ServiceUtil.createPrivilegedProxy(FileContents.class,
-                    new XFileContents(file));
+                    new XFileContents(secureFile));
         } else {
             return null;
         }
-- 
cgit v1.2.3