/hg/icedtea-web: Added salt to plugin-java pipes' directory (fix...

jvanek at icedtea.classpath.org jvanek at icedtea.classpath.org
Wed Feb 5 04:10:28 PST 2014 

changeset 228e3652214a in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=228e3652214a
author: Jiri Vanek <jvanek at redhat.com>
date: Wed Feb 05 13:10:13 2014 +0100

	Added salt to plugin-java pipes' directory (fixing RH1010958)


diffstat:

 ChangeLog                           |   9 +++
 NEWS                                |   1 +
 plugin/icedteanp/IcedTeaNPPlugin.cc |  84 ++++++++++++++++++++++--------------
 plugin/icedteanp/IcedTeaNPPlugin.h  |   2 +-
 4 files changed, 63 insertions(+), 33 deletions(-)

diffs (206 lines):

diff -r 09bd9dee7256 -r 228e3652214a ChangeLog
--- a/ChangeLog	Tue Feb 04 23:57:56 2014 +0100
+++ b/ChangeLog	Wed Feb 05 13:10:13 2014 +0100
@@ -1,3 +1,12 @@
+2014-02-05  Jiri Vanek  <jvanek at redhat.com>
+
+	Added salt to plugin-java pipes' directory (fixing RH1010958)
+	* plugin/icedteanp/IcedTeaNPPlugin.cc: (cleanUpDir) new utility method
+	to clean up pipes directory. (start_jvm_if_needed) is now returning 
+	error status and creating salt in directory name. (initialize_data_directory)
+	now add salt to the name.
+	* plugin/icedteanp/IcedTeaNPPlugin.h: changed declaration of (start_jvm_if_needed)
+
 2014-02-04  Jacob Wisor  <gitne at gmx.de>
 
 	Added missing PL localized messages
diff -r 09bd9dee7256 -r 228e3652214a NEWS
--- a/NEWS	Tue Feb 04 23:57:56 2014 +0100
+++ b/NEWS	Wed Feb 05 13:10:13 2014 +0100
@@ -34,6 +34,7 @@
   - RH976833: Multiple applets on one page cause deadlock
   - Pipes moved into XDG_RUNTIME_DIR
   - Added debug to file
+  - RH1010958: insecure temporary file use flaw in LiveConnect implementation
 * Common
   - PR1474: Can't get javaws to use SOCKS proxy
 * Security Updates
diff -r 09bd9dee7256 -r 228e3652214a plugin/icedteanp/IcedTeaNPPlugin.cc
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc	Tue Feb 04 23:57:56 2014 +0100
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc	Wed Feb 05 13:10:13 2014 +0100
@@ -38,6 +38,9 @@
 
 // System includes.
 #include <dlfcn.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <dirent.h>
 #include <errno.h>
 #include <libgen.h>
 #include <stdio.h>
@@ -121,6 +124,7 @@
 
 // Data directory for plugin.
 static std::string data_directory;
+static DIR *data_directory_descriptor;
 
 // Fully-qualified appletviewer default  executable and rt.jar
 static const char* appletviewer_default_executable = ICEDTEA_WEB_JRE "/bin/java";
@@ -285,7 +289,21 @@
       return appletviewer_default_rtjar;      
 }
 
-
+static void cleanUpDir(){
+  //free data_directory descriptor 
+  if (data_directory_descriptor != NULL) {
+    closedir(data_directory_descriptor);
+  }
+  //clean up pipes directory
+  PLUGIN_DEBUG ("Removing runtime directory %s \n", data_directory.c_str());
+  int removed = rmdir(data_directory.c_str());
+  if (removed != 0) {
+    PLUGIN_ERROR ("Failed to remove runtime directory %s, because of  %s \n", data_directory.c_str(), strerror(errno));
+  } else {
+    PLUGIN_DEBUG ("Removed runtime directory %s \n", data_directory.c_str());
+  }
+  data_directory_descriptor = NULL;
+}
 /* 
  * Find first member in GHashTable* depending on version of glib
  */
@@ -356,7 +374,7 @@
     }
 
   // start the jvm if needed
-  start_jvm_if_needed();
+   NPError startup_error = start_jvm_if_needed();
 
   // Initialize data->instance_id.
   //
@@ -421,7 +439,7 @@
 }
 
 // Starts the JVM if it is not already running
-void start_jvm_if_needed()
+NPError start_jvm_if_needed()
 {
 
   // This is asynchronized function. It must
@@ -436,7 +454,7 @@
   if (jvm_up)
   {
       PLUGIN_DEBUG("JVM is up. Returning.\n");
-      return;
+      return  NPERR_NO_ERROR;
   }
 
   PLUGIN_DEBUG("No JVM is running. Attempting to start one...\n");
@@ -681,11 +699,13 @@
   g_free (in_pipe_name);
   in_pipe_name = NULL;
 
+  cleanUpDir();
  done:
 
   IcedTeaPluginUtilities::printDebugStatus();
   // Now other threads may re-enter.. unlock the mutex
   g_mutex_unlock(vm_start_mutex);
+  return np_error;
 
 }
 
@@ -1910,35 +1930,29 @@
 {
 
   data_directory = IcedTeaPluginUtilities::getRuntimePath() + "/icedteaplugin-";
-  if (getenv("USER") != NULL)
-    data_directory += getenv("USER");
-
+  if (getenv("USER") != NULL) {
+    data_directory = data_directory + getenv("USER") + "-";
+  }
+  data_directory += "XXXXXX";
   // Now create a icedteaplugin subdir
-  if (!g_file_test (data_directory.c_str(),
-                    (GFileTest) (G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)))
-  {
-    int file_error = 0;
-
-    file_error = g_mkdir (data_directory.c_str(), 0700);
-    if (file_error != 0)
-    {
-      PLUGIN_ERROR ("Failed to create data directory %s, %s\n",
-                          data_directory.c_str(),
-                          strerror (errno));
-      return NPERR_GENERIC_ERROR;
-    }
-  }
-
-
-  // If data directory doesn't exist by this point, bail
-  if (!g_file_test (data_directory.c_str(),
-                    (GFileTest) (G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)))
-  {
-    PLUGIN_ERROR ("Temp directory does not exist %s, %s \n",
+  char fileName[data_directory.length()+1];
+  std::strcpy (fileName, data_directory.c_str());
+  fileName = mkdtemp(fileName);
+  if (fileName == NULL) {
+    PLUGIN_ERROR ("Failed to create data directory %s, %s\n",
                         data_directory.c_str(),
                         strerror (errno));
     return NPERR_GENERIC_ERROR;
   }
+  data_directory = std::string(fileName);
+
+  //open uniques icedteaplugin subdir for one single run  
+  data_directory_descriptor = opendir(data_directory.c_str());
+  if (data_directory_descriptor == NULL) {
+      PLUGIN_ERROR ("Failed to open data directory %s %s\n",
+                      data_directory.c_str(), strerror (errno));
+      return NPERR_GENERIC_ERROR;
+  }
 
   return NPERR_NO_ERROR;
 }
@@ -2009,10 +2023,14 @@
   if (initialized)
     return NPERR_NO_ERROR;
 
-  NPError np_error = NPERR_NO_ERROR;
-
-  initialize_data_directory();
-
+  // create directory for pipes
+  NPError np_error =  initialize_data_directory();
+  if (np_error != NPERR_NO_ERROR)
+    {
+      PLUGIN_ERROR("Unable create data directory %s\n");
+      return np_error;
+    }
+    
   // Set appletviewer_executable.
   PLUGIN_DEBUG("Executing java at %s\n", get_plugin_executable().c_str());
   np_error = plugin_test_appletviewer ();
@@ -2221,6 +2239,8 @@
   delete plugin_to_java_bus;
   //delete internal_bus;
 
+  cleanUpDir();
+  
   PLUGIN_DEBUG ("NP_Shutdown return\n");
   
   if (plugin_debug_to_file){
diff -r 09bd9dee7256 -r 228e3652214a plugin/icedteanp/IcedTeaNPPlugin.h
--- a/plugin/icedteanp/IcedTeaNPPlugin.h	Tue Feb 04 23:57:56 2014 +0100
+++ b/plugin/icedteanp/IcedTeaNPPlugin.h	Wed Feb 05 13:10:13 2014 +0100
@@ -104,7 +104,7 @@
 void plugin_data_destroy (NPP instance);
 
 NPError initialize_data_directory();
-void start_jvm_if_needed();
+NPError start_jvm_if_needed();
 
 // Condition on which the queue processor waits
 extern pthread_cond_t cond_message_available;

More information about the distro-pkg-dev mailing list