Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-4292

creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege block which can cause problems running under SecurityManager

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.1.3.1, 10.2.2.0, 10.3.2.1, 10.4.2.0, 10.5.1.1, 10.6.1.0
    • Fix Version/s: 10.5.3.0, 10.6.1.0
    • Component/s: Tools
    • Labels:
      None
    • Urgency:
      Normal
    • Issue & fix info:
      High Value Fix, Newcomer, Repro attached
    • Bug behavior facts:
      Security

      Description

      org.apache.derby.impl.tools.ij.Main has this code where the call to FileInputStream is not wrapped in a privilege block:

      try {
      in1 = new FileInputStream(file);
      if (in1 != null)

      { in1 = new BufferedInputStream(in1, utilMain.BUFFEREDFILESIZE); in = langUtil.getNewInput(in1); }

      } catch (FileNotFoundException e) {
      if (Boolean.getBoolean("ij.searchClassPath"))

      { in = langUtil.getNewInput(util.getResourceAsStream(file)); }

      This can cause issues when running under SecurityManager

        Attachments

        1. derby4292.zip
          5 kB
          Kathey Marsden
        2. DERBY-4292-Fix.patch
          1 kB
          Tiago R. Espinha
        3. DERBY-4292-ReproTest.patch
          3 kB
          Tiago R. Espinha
        4. DERBY-4292-Fix.patch
          2 kB
          Tiago R. Espinha
        5. DERBY-4292-ReproTest.patch
          7 kB
          Tiago R. Espinha
        6. run.out.debugall
          34 kB
          Kathey Marsden
        7. DERBY-4292-Fix.patch
          2 kB
          Tiago R. Espinha
        8. derby4292.zip
          3 kB
          Kathey Marsden
        9. DERBY-4292-ReproTest.patch
          7 kB
          Tiago R. Espinha

          Activity

            People

            • Assignee:
              espinha Tiago R. Espinha
              Reporter:
              kmarsden Kathey Marsden
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: