diff options
| author | Deepak Bhole <[email protected]> | 2011-02-01 10:53:44 -0500 |
|---|---|---|
| committer | Deepak Bhole <[email protected]> | 2011-02-01 10:53:44 -0500 |
| commit | 1a96cc8537ee8a6e9aff7465568ba76b949b1535 (patch) | |
| tree | 24c7eea3467d44d5c722509164318270b466ff83 /netx/net/sourceforge/jnlp/runtime | |
| parent | f64c8bd3c5ad5b3e12c2f767008944df7a79eea0 (diff) | |
RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
Fixes JAR signature handling so that multiply/partially signed jars
are correctly handled.
Diffstat (limited to 'netx/net/sourceforge/jnlp/runtime')
| -rw-r--r-- | netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java index ebea041..acadde0 100644 --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java @@ -430,7 +430,7 @@ public class JNLPClassLoader extends URLClassLoader { } //Case when at least one jar has some signing - if (js.anyJarsSigned()) { + if (js.anyJarsSigned() && js.isFullySignedByASingleCert()) { signing = true; if (!js.allJarsSigned() && |