Commit 87c267fe authored by hpi1's avatar hpi1

JSM: compare only canonicalized paths

parent 593a6d60
......@@ -22,7 +22,9 @@ package org.videolan;
import java.io.FilePermission;
import java.io.File;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
final class BDJSecurityManager extends SecurityManager {
......@@ -100,6 +102,9 @@ final class BDJSecurityManager extends SecurityManager {
}
public void checkRead(String file) {
file = getCanonPath(file);
//super.checkRead(file);
if (usingUdf) {
BDJLoader.accessFile(file);
......@@ -123,6 +128,8 @@ final class BDJSecurityManager extends SecurityManager {
public void checkWrite(String file) {
BDJXletContext ctx = BDJXletContext.getCurrentContext();
file = getCanonPath(file);
if (ctx != null) {
// Xlet can write to persistent storage and binding unit
if (canReadWrite(file)) {
......@@ -141,6 +148,24 @@ final class BDJSecurityManager extends SecurityManager {
throw new SecurityException("write access denied");
}
private String getCanonPath(final String path)
{
String cpath = (String)AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
return new File(path).getCanonicalPath();
} catch (Exception ioe) {
logger.error("error canonicalizing " + path + ": " + ioe);
return null;
}
}
});
if (cpath == null) {
throw new SecurityException("cant canonicalize " + path);
}
return cpath;
}
/*
*
*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment