6910590: Application can modify command array, in ProcessBuilder
Summary: clone array returned by List.toArray()
Reviewed-by: chegar, alanb
--- a/jdk/src/share/classes/java/lang/ProcessBuilder.java Tue Dec 22 17:56:58 2009 +0300
+++ b/jdk/src/share/classes/java/lang/ProcessBuilder.java Tue Jan 12 12:13:48 2010 +0000
@@ -994,6 +994,8 @@
// Must convert to array first -- a malicious user-supplied
// list might try to circumvent the security check.
String[] cmdarray = command.toArray(new String[command.size()]);
+ cmdarray = cmdarray.clone();
+
for (String arg : cmdarray)
if (arg == null)
throw new NullPointerException();