Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8036571: (process) Process process arguments carefully
authorrriggs
Sat, 22 Mar 2014 12:51:48 -0400
changeset 25539 9d290547d266
parent 25538 421c18d84c71
child 25540 021f6cd857f5
8036571: (process) Process process arguments carefully Reviewed-by: alanb, ahgross, jeff, robm
jdk/src/share/classes/java/lang/ProcessBuilder.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/java/lang/ProcessBuilder.java	Sat Mar 22 02:21:11 2014 +0400
+++ b/jdk/src/share/classes/java/lang/ProcessBuilder.java	Sat Mar 22 12:51:48 2014 -0400
@@ -957,6 +957,7 @@
      * <li>The operating system program file was not found.
      * <li>Access to the program file was denied.
      * <li>The working directory does not exist.
+     * <li>Invalid character in command argument, such as NUL.
      * </ul>
      *
      * <p>In such cases an exception will be thrown.  The exact nature
@@ -1019,6 +1020,12 @@
 
         String dir = directory == null ? null : directory.toString();
 
+        for (int i = 1; i < cmdarray.length; i++) {
+            if (cmdarray[i].indexOf('\u0000') >= 0) {
+                throw new IOException("invalid null character in command");
+            }
+        }
+
         try {
             return ProcessImpl.start(cmdarray,
                                      environment,
jdk-sandbox