Derby
  1. Derby
  2. DERBY-4292

creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege block which can cause problems running under SecurityManager

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 10.1.3.1, 10.2.2.0, 10.3.2.1, 10.4.2.0, 10.5.1.1, 10.6.1.0
    • Fix Version/s: 10.5.3.0, 10.6.1.0
    • Component/s: Tools
    • Labels:
      None
    • Urgency:
      Normal
    • Issue & fix info:
      High Value Fix, Newcomer, Repro attached
    • Bug behavior facts:
      Security

      Description

      org.apache.derby.impl.tools.ij.Main has this code where the call to FileInputStream is not wrapped in a privilege block:

      try {
      in1 = new FileInputStream(file);
      if (in1 != null)

      { in1 = new BufferedInputStream(in1, utilMain.BUFFEREDFILESIZE); in = langUtil.getNewInput(in1); }

      } catch (FileNotFoundException e) {
      if (Boolean.getBoolean("ij.searchClassPath"))

      { in = langUtil.getNewInput(util.getResourceAsStream(file)); }

      This can cause issues when running under SecurityManager

      1. DERBY-4292-ReproTest.patch
        7 kB
        Tiago R. Espinha
      2. derby4292.zip
        3 kB
        Kathey Marsden
      3. DERBY-4292-Fix.patch
        2 kB
        Tiago R. Espinha
      4. run.out.debugall
        34 kB
        Kathey Marsden
      5. DERBY-4292-ReproTest.patch
        7 kB
        Tiago R. Espinha
      6. DERBY-4292-Fix.patch
        2 kB
        Tiago R. Espinha
      7. DERBY-4292-ReproTest.patch
        3 kB
        Tiago R. Espinha
      8. DERBY-4292-Fix.patch
        1 kB
        Tiago R. Espinha
      9. derby4292.zip
        5 kB
        Kathey Marsden

        Activity

          People

          • Assignee:
            Tiago R. Espinha
            Reporter:
            Kathey Marsden
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development