[icedtea-web] RFC: check for nulls in JNLPPolicy.isSystemJar
Deepak Bhole
dbhole at redhat.com
Tue Mar 1 13:48:25 PST 2011
* Omair Majid <omajid at redhat.com> [2011-03-01 16:41]:
> Hi,
>
> The attached patch adds a null check in JNLPPolicy.isSystemJar. It's
> needed as PluginAppletSecurityContext.getAccessControlContext
> creates CodeSources with null locations.
>
Why is this needed? The function is only called from getPermissions()
which does a check on source prior to calling:
if (source.equals(systemSource) || source.equals(shellSource))
return getAllPermissions();
Cheers,
Deepak
> ChangeLog:
> 2011-03-01 Omair Majid <omajid at redhat.com>
>
> * netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java (isSystemJar):
> Check for nulls.
>
> Okay to commit?
>
> Cheers,
> Omair
> diff -r c4b91b61f88e netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java Mon Feb 28 17:29:31 2011 -0500
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java Tue Mar 01 16:31:13 2011 -0500
> @@ -137,6 +137,10 @@
> * it's part of the JRE.
> */
> private boolean isSystemJar(CodeSource source) {
> + if (source == null || source.getLocation() == null) {
> + return false;
> + }
> +
> // anything in JRE/lib/ext is a system jar and has full permissions
> String sourceProtocol = source.getLocation().getProtocol();
> String sourcePath = source.getLocation().getPath();
More information about the distro-pkg-dev
mailing list