/hg/icedtea-web: 2 new changesets

jvanek at icedtea.classpath.org jvanek at icedtea.classpath.org
Mon Sep 16 01:50:18 PDT 2013 

changeset dbd98f24eebb in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=dbd98f24eebb
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Sep 16 10:09:57 2013 +0200

	CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet


changeset 838dea89725a in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=838dea89725a
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Sep 16 10:39:33 2013 +0200

	Makefile.am: returned modified (EXTRA_DIST) variable. It is enriched  for netx-dist-tests-whitelist and NEW_LINE_IFS to enable reproducers tests in dist tarball


diffstat:

 ChangeLog                                         |  13 +++++++++++++
 Makefile.am                                       |   3 +++
 NEWS                                              |   2 ++
 plugin/icedteanp/IcedTeaScriptablePluginObject.cc |  18 +++---------------
 4 files changed, 21 insertions(+), 15 deletions(-)

diffs (87 lines):

diff -r 14082a0be646 -r 838dea89725a ChangeLog
--- a/ChangeLog	Fri Sep 13 09:28:03 2013 -0400
+++ b/ChangeLog	Mon Sep 16 10:39:33 2013 +0200
@@ -1,3 +1,16 @@
+2013-09-16  Jiri Vanek  <jvanek at redhat.com>
+
+	* Makefile.am: returned modified (EXTRA_DIST) variable. It is enriched  for
+	netx-dist-tests-whitelist and NEW_LINE_IFS to enable reproducers tests
+	in dist tarball.
+
+2013-09-16  Deepak Bhole <dbhole at redhat.com>
+
+	CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event
+	attached to applet
+	* plugin/icedteanp/IcedTeaScriptablePluginObject.cc: Removed unnecessary
+	heap allocations.
+
 2013-09-13  Andrew Azores  <aazores at redhat.com>
 
 	* tests/test-extensions/net/sourceforge/jnlp/tools/MessageProperties.java:
diff -r 14082a0be646 -r 838dea89725a Makefile.am
--- a/Makefile.am	Fri Sep 13 09:28:03 2013 -0400
+++ b/Makefile.am	Mon Sep 16 10:39:33 2013 +0200
@@ -191,6 +191,9 @@
 
 export PLUGIN_VERSION = IcedTea-Web $(FULL_VERSION)
 
+export EXTRA_DIST = $(top_srcdir)/netx $(top_srcdir)/plugin javaws.png javaws.desktop.in launcher \
+ itweb-settings.desktop.in $(top_srcdir)/tests html-gen.sh netx-dist-tests-whitelist NEW_LINE_IFS
+
 # reproducers `D`shortcuts
 export DTEST_SERVER=-Dtest.server.dir=$(REPRODUCERS_TESTS_SERVER_DEPLOYDIR)
 export DJAVAWS_BUILD=-Djavaws.build.bin=$(DESTDIR)$(bindir)/$(javaws)
diff -r 14082a0be646 -r 838dea89725a NEWS
--- a/NEWS	Fri Sep 13 09:28:03 2013 -0400
+++ b/NEWS	Mon Sep 16 10:39:33 2013 +0200
@@ -21,6 +21,8 @@
 * Plugin
   - PR854: Resizing an applet several times causes 100% CPU load
   - PR1271: icedtea-web does not handle 'javascript:'-protocol URLs
+* Security Updates
+  - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet
 
 New in release 1.4 (2013-XX-XX):
 * Added cs localization
diff -r 14082a0be646 -r 838dea89725a plugin/icedteanp/IcedTeaScriptablePluginObject.cc
--- a/plugin/icedteanp/IcedTeaScriptablePluginObject.cc	Fri Sep 13 09:28:03 2013 -0400
+++ b/plugin/icedteanp/IcedTeaScriptablePluginObject.cc	Mon Sep 16 10:39:33 2013 +0200
@@ -618,10 +618,7 @@
 
     if (java_result->error_occurred)
     {
-        // error message must be allocated on heap
-        char* error_msg = (char*) malloc(java_result->error_msg->length()*sizeof(char));
-        strcpy(error_msg, java_result->error_msg->c_str());
-        browser_functions.setexception(npobj, error_msg);
+        browser_functions.setexception(npobj, java_result->error_msg->c_str());
         return false;
     }
 
@@ -874,11 +871,7 @@
         createJavaObjectFromVariant(instance, args[i], &id);
         if (id == "0")
         {
-            // error message must be allocated on heap
-            char* error_msg = (char*) malloc(1024*sizeof(char));
-            strcpy(error_msg, "Unable to create argument on Java side");
-
-            browser_functions.setexception(npobj, error_msg);
+            browser_functions.setexception(npobj, "Unable to create argument on Java side");
             return false;
         }
 
@@ -892,12 +885,7 @@
 
     if (java_result->error_occurred)
     {
-        // error message must be allocated on heap
-        int length = java_result->error_msg->length();
-        char* error_msg = (char*) malloc((length+1)*sizeof(char));
-        strcpy(error_msg, java_result->error_msg->c_str());
-
-        browser_functions.setexception(npobj, error_msg);
+        browser_functions.setexception(npobj, java_result->error_msg->c_str());
         return false;
     }

More information about the distro-pkg-dev mailing list