diff options
| author | Thomas Watson | 2013-04-10 15:34:29 +0000 |
|---|---|---|
| committer | Thomas Watson | 2013-04-10 15:34:29 +0000 |
| commit | 5ad325360d09f89d8cb3766164e9340041aec535 (patch) | |
| tree | ea4d5cfad19301c69be003cda277001dd4c75745 | |
| parent | 7591e36abd6786ae4b6a3e57e9d3d07f4be3cad2 (diff) | |
| download | rt.equinox.framework-5ad325360d09f89d8cb3766164e9340041aec535.tar.gz rt.equinox.framework-5ad325360d09f89d8cb3766164e9340041aec535.tar.xz rt.equinox.framework-5ad325360d09f89d8cb3766164e9340041aec535.zip | |
Bug 395274 - Equinox returns valid bundle entries for invalid paths
- additional fix to properly use canonical paths for the basefile
3 files changed, 22 insertions, 12 deletions
diff --git a/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/baseadaptor/bundlefile/DirBundleFile.java b/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/baseadaptor/bundlefile/DirBundleFile.java index 295a8667e..890104a4e 100644 --- a/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/baseadaptor/bundlefile/DirBundleFile.java +++ b/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/baseadaptor/bundlefile/DirBundleFile.java @@ -28,9 +28,6 @@ public class DirBundleFile extends BundleFile { private static final String POINTER_SAME_DIRECTORY_2 = "//";//$NON-NLS-1$ private static final String POINTER_UPPER_DIRECTORY = "..";//$NON-NLS-1$ - private static final String PROPERTY_STRICT_BUNDLE_ENTRY_PATH = "osgi.strictBundleEntryPath";//$NON-NLS-1$ - private static final String PROPERTY_STRICT_BUNDLE_ENTRY_PATH_DEFAULT_VALUE = "false";//$NON-NLS-1$ - private final boolean enableStrictBundleEntryPath; /** @@ -38,12 +35,16 @@ public class DirBundleFile extends BundleFile { * @param basefile the base file * @throws IOException */ - public DirBundleFile(File basefile) throws IOException { - super(basefile); + public DirBundleFile(File basefile, boolean enableStrictBundleEntryPath) throws IOException { + super(getBaseFile(basefile, enableStrictBundleEntryPath)); if (!BundleFile.secureAction.exists(basefile) || !BundleFile.secureAction.isDirectory(basefile)) { throw new IOException(NLS.bind(AdaptorMsg.ADAPTOR_DIRECTORY_EXCEPTION, basefile)); } - this.enableStrictBundleEntryPath = Boolean.parseBoolean(BundleFile.secureAction.getProperty(PROPERTY_STRICT_BUNDLE_ENTRY_PATH, PROPERTY_STRICT_BUNDLE_ENTRY_PATH_DEFAULT_VALUE)); + this.enableStrictBundleEntryPath = enableStrictBundleEntryPath; + } + + private static File getBaseFile(File basefile, boolean enableStrictBundleEntryPath) throws IOException { + return enableStrictBundleEntryPath ? secureAction.getCanonicalFile(basefile) : basefile; } public File getFile(String path, boolean nativeCode) { @@ -54,6 +55,7 @@ public class DirBundleFile extends BundleFile { } if (!enableStrictBundleEntryPath) { + // must do an extra check to make sure file is within the bundle (bug 320546) if (checkInBundle) { try { if (!BundleFile.secureAction.getCanonicalPath(file).startsWith(BundleFile.secureAction.getCanonicalPath(basefile))) diff --git a/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/internal/baseadaptor/BaseStorage.java b/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/internal/baseadaptor/BaseStorage.java index 982b8162a..d4c1b874e 100644 --- a/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/internal/baseadaptor/BaseStorage.java +++ b/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/internal/baseadaptor/BaseStorage.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2005, 2011 IBM Corporation and others. + * Copyright (c) 2005, 2013 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at @@ -16,6 +16,7 @@ import java.io.*; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.net.*; +import java.security.AccessController; import java.util.*; import org.eclipse.core.runtime.adaptor.EclipseStarter; import org.eclipse.core.runtime.adaptor.LocationManager; @@ -31,6 +32,7 @@ import org.eclipse.osgi.framework.internal.core.*; import org.eclipse.osgi.framework.internal.core.Constants; import org.eclipse.osgi.framework.log.FrameworkLogEntry; import org.eclipse.osgi.framework.util.KeyedHashSet; +import org.eclipse.osgi.framework.util.SecureAction; import org.eclipse.osgi.internal.loader.BundleLoader; import org.eclipse.osgi.internal.loader.BundleLoaderProxy; import org.eclipse.osgi.service.datalocation.Location; @@ -49,6 +51,10 @@ public class BaseStorage implements SynchronousBundleListener { private static final String OPTION_RESOLVER_READER = RUNTIME_ADAPTOR + "/resolver/reader/timing"; //$NON-NLS-1$ private static final String PROP_FRAMEWORK_EXTENSIONS = "osgi.framework.extensions"; //$NON-NLS-1$ private static final String PROP_BUNDLE_STORE = "osgi.bundlestore"; //$NON-NLS-1$ + + static final SecureAction secureAction = AccessController.doPrivileged(SecureAction.createSecureAction()); + private static final String PROPERTY_STRICT_BUNDLE_ENTRY_PATH = "osgi.strictBundleEntryPath";//$NON-NLS-1$ + private static final String PROPERTY_STRICT_BUNDLE_ENTRY_PATH_DEFAULT_VALUE = "false";//$NON-NLS-1$ // The name of the bundle data directory static final String DATA_DIR_NAME = "data"; //$NON-NLS-1$ static final String LIB_TEMP = "libtemp"; //$NON-NLS-1$ @@ -740,10 +746,12 @@ public class BaseStorage implements SynchronousBundleListener { // No factories configured or they declined to create the bundle file; do default if (result == null && content instanceof File) { File file = (File) content; - if (isDirectory(data, base, file)) - result = new DirBundleFile(file); - else + if (isDirectory(data, base, file)) { + boolean strictPath = Boolean.parseBoolean(secureAction.getProperty(PROPERTY_STRICT_BUNDLE_ENTRY_PATH, PROPERTY_STRICT_BUNDLE_ENTRY_PATH_DEFAULT_VALUE)); + result = new DirBundleFile(file, strictPath); + } else { result = new ZipBundleFile(file, data, mruList); + } } if (result == null && content instanceof String) { diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java index 58e417df1..f589aa706 100644 --- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java +++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2006, 2010 IBM Corporation and others. + * Copyright (c) 2006, 2013 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at @@ -248,7 +248,7 @@ public class SignedBundleHook implements AdaptorHook, BundleFileWrapperFactoryHo throw new IllegalArgumentException("null content"); //$NON-NLS-1$ BundleFile contentBundleFile; if (content.isDirectory()) - contentBundleFile = new DirBundleFile(content); + contentBundleFile = new DirBundleFile(content, false); else contentBundleFile = new ZipBundleFile(content, null); SignedBundleFile result = new SignedBundleFile(null, VERIFY_ALL); |