jdk-sandbox: changeset 496:6ce58b34b3df

--- a/jdk/src/share/classes/sun/misc/URLClassPath.java	Sat May 10 12:14:53 2008 -0700
+++ b/jdk/src/share/classes/sun/misc/URLClassPath.java	Sun May 11 00:26:16 2008 -0700
@@ -961,6 +961,7 @@
      * from a file URL that refers to a directory.
      */
     private static class FileLoader extends Loader {
+        /* Canonicalized File */
         private File dir;
 
         FileLoader(URL url) throws IOException {
@@ -970,7 +971,7 @@
             }
             String path = url.getFile().replace('/', File.separatorChar);
             path = ParseUtil.decode(path);
-            dir = new File(path);
+            dir = (new File(path)).getCanonicalFile();
         }
 
         /*
@@ -997,8 +998,19 @@
 
                 if (check)
                     URLClassPath.check(url);
-                final File file =
-                    new File(dir, name.replace('/', File.separatorChar));
+
+                final File file;
+                if (name.indexOf("..") != -1) {
+                    file = (new File(dir, name.replace('/', File.separatorChar)))
+                          .getCanonicalFile();
+                    if ( !((file.getPath()).startsWith(dir.getPath())) ) {
+                        /* outside of base dir */
+                        return null;
+                    }
+                } else {
+                    file = new File(dir, name.replace('/', File.separatorChar));
+                }
+
                 if (file.exists()) {
                     return new Resource() {
                         public String getName() { return name; };

author	wetmore
	Sun, 11 May 2008 00:26:16 -0700
changeset 496	6ce58b34b3df
parent 494	320ce398f07e (current diff)
parent 495	d612e90c3ebc (diff)
child 497	a39d2c31df28
child 624	e2bffc6b2d97
child 625	ba0b63c29671