From 1d15474227d3983b563dc8ca541adf04fdb7c62c Mon Sep 17 00:00:00 2001 From: glewis Date: Thu, 12 May 2005 04:14:52 +0000 Subject: . Ensure that when files are extracted that their fully resolved path lies in or below the current working directory. Fixes a security problem with jar(1). This fix may change to be compatible with whatever fix Sun applies when they release the next version of 1.5. . Bump PORTREVISION for this fix. Security: http://vuxml.FreeBSD.org/18e5428f-ae7c-11d9-837d-000e0c2e438a.html Reviewed by: maintainer timeout --- java/jdk15/Makefile | 2 +- java/jdk15/files/patch-j2se-jar-Main.java | 58 ++++++++++++++++++++++ .../files/patch-j2se-resources-jar.properties | 13 +++++ java/jdk16/Makefile | 2 +- java/jdk16/files/patch-j2se-jar-Main.java | 58 ++++++++++++++++++++++ .../files/patch-j2se-resources-jar.properties | 13 +++++ 6 files changed, 144 insertions(+), 2 deletions(-) create mode 100644 java/jdk15/files/patch-j2se-jar-Main.java create mode 100644 java/jdk15/files/patch-j2se-resources-jar.properties create mode 100644 java/jdk16/files/patch-j2se-jar-Main.java create mode 100644 java/jdk16/files/patch-j2se-resources-jar.properties diff --git a/java/jdk15/Makefile b/java/jdk15/Makefile index b5923da5d899..4e42219c7c5c 100644 --- a/java/jdk15/Makefile +++ b/java/jdk15/Makefile @@ -7,7 +7,7 @@ PORTNAME= jdk PORTVERSION= ${JDK_VERSION}p${JDK_PATCHSET_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= java devel MASTER_SITES= # http://www.sun.com/software/java2/download.html # http://www.eyesbeyond.com/freebsddom/java/jdk15.html diff --git a/java/jdk15/files/patch-j2se-jar-Main.java b/java/jdk15/files/patch-j2se-jar-Main.java new file mode 100644 index 000000000000..eaba6461ff01 --- /dev/null +++ b/java/jdk15/files/patch-j2se-jar-Main.java @@ -0,0 +1,58 @@ +$FreeBSD$ + +--- ../../j2se/src/share/classes/sun/tools/jar/Main.java 8 Nov 2004 22:27:32 -0000 1.1.1.1 ++++ ../../j2se/src/share/classes/sun/tools/jar/Main.java 20 Apr 2005 16:50:17 -0000 +@@ -31,6 +31,7 @@ + Hashtable filesTable = new Hashtable(); + Vector paths = new Vector(); + Vector v; ++ String cwd; + CRC32 crc32 = new CRC32(); + /* cflag: create + * uflag: update +@@ -670,6 +671,19 @@ + * Extracts specified entries from JAR file. + */ + void extract(InputStream in, String files[]) throws IOException { ++ // Current working directory ++ ++ cwd = System.getProperty("user.dir"); ++ if (cwd == null) { ++ fatalError(getMsg("error.no.cwd")); ++ } ++ cwd = (new File(cwd)).getCanonicalPath(); ++ if (!cwd.endsWith(File.separator)) { ++ cwd += File.separator; ++ } ++ ++ // Extract the files ++ + ZipInputStream zis = new ZipInputStream(in); + ZipEntry e; + while ((e = zis.getNextEntry()) != null) { +@@ -694,6 +708,10 @@ + void extractFile(ZipInputStream zis, ZipEntry e) throws IOException { + String name = e.getName(); + File f = new File(e.getName().replace('/', File.separatorChar)); ++ if (!f.getCanonicalPath().startsWith(cwd)) { ++ output(formatMsg("out.ignore.entry", name)); ++ return; ++ } + if (e.isDirectory()) { + if (!f.exists() && !f.mkdirs() || !f.isDirectory()) { + throw new IOException(formatMsg("error.create.dir", f.getPath())); +@@ -704,6 +722,10 @@ + } else { + if (f.getParent() != null) { + File d = new File(f.getParent()); ++ if (!d.getCanonicalPath().startsWith(cwd)) { ++ output(formatMsg("out.ignore.entry", name)); ++ return; ++ } + if (!d.exists() && !d.mkdirs() || !d.isDirectory()) { + throw new IOException(formatMsg("error.create.dir", d.getPath())); + } +Index: j2se/src/share/classes/sun/tools/jar/resources/jar.properties +=================================================================== +RCS file: /var/jcvs/javasrc_1_5_scsl/j2se/src/share/classes/sun/tools/jar/resources/jar.properties,v +retrieving revision 1.1.1.1 diff --git a/java/jdk15/files/patch-j2se-resources-jar.properties b/java/jdk15/files/patch-j2se-resources-jar.properties new file mode 100644 index 000000000000..9f28eb7c045a --- /dev/null +++ b/java/jdk15/files/patch-j2se-resources-jar.properties @@ -0,0 +1,13 @@ +$FreeBSD$ + +--- ../../j2se/src/share/classes/sun/tools/jar/resources/jar.properties 8 Nov 2004 22:27:32 -0000 1.1.1.1 ++++ ../../j2se/src/share/classes/sun/tools/jar/resources/jar.properties 20 Apr 2005 15:50:41 -0000 +@@ -30,6 +30,8 @@ + {0} : could not create directory + error.incorrect.length=\ + incorrect length while processing: {0} ++error.no.cwd=\ ++ {0} : could not determine current working directory + out.added.manifest=\ + added manifest + out.update.manifest=\ diff --git a/java/jdk16/Makefile b/java/jdk16/Makefile index b5923da5d899..4e42219c7c5c 100644 --- a/java/jdk16/Makefile +++ b/java/jdk16/Makefile @@ -7,7 +7,7 @@ PORTNAME= jdk PORTVERSION= ${JDK_VERSION}p${JDK_PATCHSET_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= java devel MASTER_SITES= # http://www.sun.com/software/java2/download.html # http://www.eyesbeyond.com/freebsddom/java/jdk15.html diff --git a/java/jdk16/files/patch-j2se-jar-Main.java b/java/jdk16/files/patch-j2se-jar-Main.java new file mode 100644 index 000000000000..eaba6461ff01 --- /dev/null +++ b/java/jdk16/files/patch-j2se-jar-Main.java @@ -0,0 +1,58 @@ +$FreeBSD$ + +--- ../../j2se/src/share/classes/sun/tools/jar/Main.java 8 Nov 2004 22:27:32 -0000 1.1.1.1 ++++ ../../j2se/src/share/classes/sun/tools/jar/Main.java 20 Apr 2005 16:50:17 -0000 +@@ -31,6 +31,7 @@ + Hashtable filesTable = new Hashtable(); + Vector paths = new Vector(); + Vector v; ++ String cwd; + CRC32 crc32 = new CRC32(); + /* cflag: create + * uflag: update +@@ -670,6 +671,19 @@ + * Extracts specified entries from JAR file. + */ + void extract(InputStream in, String files[]) throws IOException { ++ // Current working directory ++ ++ cwd = System.getProperty("user.dir"); ++ if (cwd == null) { ++ fatalError(getMsg("error.no.cwd")); ++ } ++ cwd = (new File(cwd)).getCanonicalPath(); ++ if (!cwd.endsWith(File.separator)) { ++ cwd += File.separator; ++ } ++ ++ // Extract the files ++ + ZipInputStream zis = new ZipInputStream(in); + ZipEntry e; + while ((e = zis.getNextEntry()) != null) { +@@ -694,6 +708,10 @@ + void extractFile(ZipInputStream zis, ZipEntry e) throws IOException { + String name = e.getName(); + File f = new File(e.getName().replace('/', File.separatorChar)); ++ if (!f.getCanonicalPath().startsWith(cwd)) { ++ output(formatMsg("out.ignore.entry", name)); ++ return; ++ } + if (e.isDirectory()) { + if (!f.exists() && !f.mkdirs() || !f.isDirectory()) { + throw new IOException(formatMsg("error.create.dir", f.getPath())); +@@ -704,6 +722,10 @@ + } else { + if (f.getParent() != null) { + File d = new File(f.getParent()); ++ if (!d.getCanonicalPath().startsWith(cwd)) { ++ output(formatMsg("out.ignore.entry", name)); ++ return; ++ } + if (!d.exists() && !d.mkdirs() || !d.isDirectory()) { + throw new IOException(formatMsg("error.create.dir", d.getPath())); + } +Index: j2se/src/share/classes/sun/tools/jar/resources/jar.properties +=================================================================== +RCS file: /var/jcvs/javasrc_1_5_scsl/j2se/src/share/classes/sun/tools/jar/resources/jar.properties,v +retrieving revision 1.1.1.1 diff --git a/java/jdk16/files/patch-j2se-resources-jar.properties b/java/jdk16/files/patch-j2se-resources-jar.properties new file mode 100644 index 000000000000..9f28eb7c045a --- /dev/null +++ b/java/jdk16/files/patch-j2se-resources-jar.properties @@ -0,0 +1,13 @@ +$FreeBSD$ + +--- ../../j2se/src/share/classes/sun/tools/jar/resources/jar.properties 8 Nov 2004 22:27:32 -0000 1.1.1.1 ++++ ../../j2se/src/share/classes/sun/tools/jar/resources/jar.properties 20 Apr 2005 15:50:41 -0000 +@@ -30,6 +30,8 @@ + {0} : could not create directory + error.incorrect.length=\ + incorrect length while processing: {0} ++error.no.cwd=\ ++ {0} : could not determine current working directory + out.added.manifest=\ + added manifest + out.update.manifest=\ -- cgit