aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net/sourceforge
diff options
context:
space:
mode:
authorJiri Vanek <[email protected]>2013-04-17 14:30:05 +0200
committerJiri Vanek <[email protected]>2013-04-17 14:30:05 +0200
commit6325a345014f6fce359637aab3ce6c6a969cf655 (patch)
tree20bc154ed69647497e7341954ea1baba6dad5532 /netx/net/sourceforge
parent72ac500dc654bbc82332712022cca573db0bc3e6 (diff)
Fixed CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
Diffstat (limited to 'netx/net/sourceforge')
-rw-r--r--netx/net/sourceforge/jnlp/NetxPanel.java6
-rw-r--r--netx/net/sourceforge/jnlp/PluginBridge.java2
-rw-r--r--netx/net/sourceforge/jnlp/PluginParameters.java12
3 files changed, 9 insertions, 11 deletions
diff --git a/netx/net/sourceforge/jnlp/NetxPanel.java b/netx/net/sourceforge/jnlp/NetxPanel.java
index 8a51566..e9647c8 100644
--- a/netx/net/sourceforge/jnlp/NetxPanel.java
+++ b/netx/net/sourceforge/jnlp/NetxPanel.java
@@ -72,7 +72,7 @@ public class NetxPanel extends AppletViewerPanel implements SplashController {
this.parameters = params;
- String uniqueKey = params.getUniqueKey();
+ String uniqueKey = params.getUniqueKey(getCodeBase());
synchronized(TGMapMutex) {
if (!uKeyToTG.containsKey(uniqueKey)) {
ThreadGroup tg = new ThreadGroup(Launcher.mainGroup, this.documentURL.toString());
@@ -199,7 +199,7 @@ public class NetxPanel extends AppletViewerPanel implements SplashController {
public ThreadGroup getThreadGroup() {
synchronized(TGMapMutex) {
- return uKeyToTG.get(parameters.getUniqueKey());
+ return uKeyToTG.get(parameters.getUniqueKey(getCodeBase()));
}
}
@@ -209,7 +209,7 @@ public class NetxPanel extends AppletViewerPanel implements SplashController {
}
// only create a new context if one hasn't already been created for the
// applets with this unique key.
- if (null == appContextCreated.putIfAbsent(parameters.getUniqueKey(), Boolean.TRUE)) {
+ if (null == appContextCreated.putIfAbsent(parameters.getUniqueKey(getCodeBase()), Boolean.TRUE)) {
SunToolkit.createNewAppContext();
}
}
diff --git a/netx/net/sourceforge/jnlp/PluginBridge.java b/netx/net/sourceforge/jnlp/PluginBridge.java
index 98dee8e..d069479 100644
--- a/netx/net/sourceforge/jnlp/PluginBridge.java
+++ b/netx/net/sourceforge/jnlp/PluginBridge.java
@@ -188,7 +188,7 @@ public class PluginBridge extends JNLPFile {
else
security = null;
- this.uniqueKey = params.getUniqueKey();
+ this.uniqueKey = params.getUniqueKey(codebase);
usePack = false;
useVersion = false;
String jargs = params.getJavaArguments();
diff --git a/netx/net/sourceforge/jnlp/PluginParameters.java b/netx/net/sourceforge/jnlp/PluginParameters.java
index 06b1b3c..fa4e8fa 100644
--- a/netx/net/sourceforge/jnlp/PluginParameters.java
+++ b/netx/net/sourceforge/jnlp/PluginParameters.java
@@ -37,6 +37,7 @@ exception statement from your version. */
package net.sourceforge.jnlp;
+import java.net.URL;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Map;
@@ -97,10 +98,6 @@ public class PluginParameters {
}
}
- public String getCodebase() {
- return getDefaulted("codebase", ".");
- }
-
public boolean useCodebaseLookup() {
return Boolean.valueOf(getDefaulted("codebase_lookup", "true"));
}
@@ -164,7 +161,7 @@ public class PluginParameters {
parameters.put("height", Integer.toString(height));
}
- public String getUniqueKey() {
+ public String getUniqueKey(URL codebase) {
/* According to http://download.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/applet-compatibility.html,
* classloaders are shared iff these properties match:
* codebase, cache_archive, java_archive, archive
@@ -173,8 +170,9 @@ public class PluginParameters {
* always in the same order. The initial "<NAME>=" parts ensure a
* bad tag cannot trick the loader into getting shared with another.
*/
- return "codebase=" + getCodebase() + "cache_archive=" + getCacheArchive() +
- "java_archive=" + getJavaArchive() + "archive=" + getArchive();
+ return "codebase=" + codebase.toExternalForm() + "cache_archive="
+ + getCacheArchive() + "java_archive=" + getJavaArchive()
+ + "archive=" + getArchive();
}
/**