fix CVE-2020-15250

2021-02-19 09:43:30 +08:00 · 2021-02-19 09:43:30 +08:00 · cc8fa02dee
commit cc8fa02dee
parent 0ebefe51bb
3 changed files with 146 additions and 1 deletions
--- a/CVE-2020-15250-pre.patch
+++ b/CVE-2020-15250-pre.patch
@ -0,0 +1,63 @@
+From 24b8ee0bec2f2761b479bdd989275f19597955a3 Mon Sep 17 00:00:00 2001
+From: Carsten Varming <cvarming@twitter.com>
+Date: Sat, 21 May 2016 22:43:07 -0400
+Subject: [PATCH] Retry TemporaryFolder.newFolder's call to mkdir if the call
+ does not create a new directory.
+
+Closes #1304
+---
+ .../java/org/junit/rules/TemporaryFolder.java | 27 +++++++++++++++----
+ 1 file changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/src/main/java/org/junit/rules/TemporaryFolder.java b/src/main/java/org/junit/rules/TemporaryFolder.java
+index 8fc9d5b370..0b3e874528 100644
+--- a/src/main/java/org/junit/rules/TemporaryFolder.java
+++ b/src/main/java/org/junit/rules/TemporaryFolder.java
+@@ -32,6 +32,9 @@ public class TemporaryFolder extends Ext
+     private final File parentFolder;
+     private File folder;
+ 
+    private static final int TEMP_DIR_ATTEMPTS = 10000;
+    private static final String TMP_PREFIX = "junit";
+
+     public TemporaryFolder() {
+         this(null);
+     }
+@@ -75,7 +78,7 @@ public class TemporaryFolder extends Ext
+      * Returns a new fresh file with a random name under the temporary folder.
+      */
+     public File newFile() throws IOException {
+-        return File.createTempFile("junit", null, getRoot());
+        return File.createTempFile(TMP_PREFIX, null, getRoot());
+     }
+ 
+     /**
+@@ -131,10 +134,24 @@ public class TemporaryFolder extends Ext
+     }
+ 
+     private File createTemporaryFolderIn(File parentFolder) throws IOException {
+-        File createdFolder = File.createTempFile("junit", "", parentFolder);
+-        createdFolder.delete();
+-        createdFolder.mkdir();
+-        return createdFolder;
+        File createdFolder = null;
+        for (int i = 0; i < TEMP_DIR_ATTEMPTS; ++i) {
+            // Use createTempFile to get a suitable folder name.
+            String suffix = ".tmp";
+            File tmpFile = File.createTempFile(TMP_PREFIX, suffix, parentFolder);
+            String tmpName = tmpFile.getName();
+            // Discard suffix of tmpName.
+            String folderName = tmpName.substring(0, tmpName.length() - suffix.length());
+            createdFolder = new File(parentFolder, folderName);
+            if (createdFolder.mkdir()) {
+                tmpFile.delete();
+                return createdFolder;
+            }
+            tmpFile.delete();
+        }
+        throw new IOException("Unable to create temporary directory in: "
+            + parentFolder.toString() + ". Tried " + TEMP_DIR_ATTEMPTS + " times. "
+            + "Last attempted to create: " + createdFolder.toString());
+     }
+ 
+     /**
--- a/CVE-2020-15250.patch
+++ b/CVE-2020-15250.patch
@ -0,0 +1,77 @@
+From 610155b8c22138329f0723eec22521627dbc52ae Mon Sep 17 00:00:00 2001
+From: Marc Philipp <mail@marcphilipp.de>
+Date: Sun, 11 Oct 2020 16:56:21 +0200
+Subject: [PATCH] Merge pull request from GHSA-269g-pwp5-87pp
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When running on Java 7 or later, temporary directories are now created
+Using Java’s NIO API which restricts permissions to owner-only by
+default.
+---
+ .../java/org/junit/rules/TemporaryFolder.java | 43 ++++++++++++++++++-
+ .../org/junit/rules/TempFolderRuleTest.java   | 37 +++++++++++++++-
+ 2 files changed, 78 insertions(+), 2 deletions(-)
+
+diff --git a/src/main/java/org/junit/rules/TemporaryFolder.java b/src/main/java/org/junit/rules/TemporaryFolder.java
+index 1a6a770608..a726c66e36 100644
+--- a/src/main/java/org/junit/rules/TemporaryFolder.java
+++ b/src/main/java/org/junit/rules/TemporaryFolder.java
+@@ -2,6 +2,9 @@
+ 
+ import java.io.File;
+ import java.io.IOException;
+import java.lang.reflect.Array;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+ 
+ import org.junit.Rule;
+ 
+@@ -133,7 +136,45 @@ public File newFolder() throws IOException {
+         return createTemporaryFolderIn(getRoot());
+     }
+ 
+-    private File createTemporaryFolderIn(File parentFolder) throws IOException {
+    private static File createTemporaryFolderIn(File parentFolder) throws IOException {
+        try {
+            return createTemporaryFolderWithNioApi(parentFolder);
+        } catch (ClassNotFoundException ignore) {
+            // Fallback for Java 5 and 6
+            return createTemporaryFolderWithFileApi(parentFolder);
+        } catch (InvocationTargetException e) {
+            Throwable cause = e.getCause();
+            if (cause instanceof IOException) {
+                throw (IOException) cause;
+            }
+            if (cause instanceof RuntimeException) {
+                throw (RuntimeException) cause;
+            }
+            IOException exception = new IOException("Failed to create temporary folder in " + parentFolder);
+            exception.initCause(cause);
+            throw exception;
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to create temporary folder in " + parentFolder, e);
+        }
+    }
+
+    private static File createTemporaryFolderWithNioApi(File parentFolder) throws ClassNotFoundException, NoSuchMethodException, InvocationTargetException, IllegalAccessException {
+        Class<?> filesClass = Class.forName("java.nio.file.Files");
+        Object fileAttributeArray = Array.newInstance(Class.forName("java.nio.file.attribute.FileAttribute"), 0);
+        Class<?> pathClass = Class.forName("java.nio.file.Path");
+        Object tempDir;
+        if (parentFolder != null) {
+            Method createTempDirectoryMethod = filesClass.getDeclaredMethod("createTempDirectory", pathClass, String.class, fileAttributeArray.getClass());
+            Object parentPath = File.class.getDeclaredMethod("toPath").invoke(parentFolder);
+            tempDir = createTempDirectoryMethod.invoke(null, parentPath, TMP_PREFIX, fileAttributeArray);
+        } else {
+            Method createTempDirectoryMethod = filesClass.getDeclaredMethod("createTempDirectory", String.class, fileAttributeArray.getClass());
+            tempDir = createTempDirectoryMethod.invoke(null, TMP_PREFIX, fileAttributeArray);
+        }
+        return (File) pathClass.getDeclaredMethod("toFile").invoke(tempDir);
+    }
+
+    private static File createTemporaryFolderWithFileApi(File parentFolder) throws IOException {
+         File createdFolder = null;
+         for (int i = 0; i < TEMP_DIR_ATTEMPTS; ++i) {
+             // Use createTempFile to get a suitable folder name.
--- a/junit.spec
+++ b/junit.spec
@ -1,11 +1,13 @@
 Name:           junit
 Epoch:          1
 Version:        4.12
-Release:        12
+Release:        13
 Summary:        A Java package for unit testing frameworks
 License:        EPL-1.0
 URL:            http://www.junit.org/
 Source0:        https://github.com/%{name}-team/%{name}/archive/r%{version}.tar.gz
+Patch0000:      CVE-2020-15250-pre.patch
+Patch0001:      CVE-2020-15250.patch

 BuildArch:      noarch
 BuildRequires:  maven-local mvn(org.apache.felix:maven-bundle-plugin)
@ -72,5 +74,8 @@ sed s/@version@/%{version}/ src/main/java/junit/runner/Version.java.template >sr
 %doc doc/*

 %changelog
+* Fri Feb 19 2021 wangxiao <wangxiao65@huawei.com> - 1:4.12-13
+- Fix CVE-2020-15250
+
 * Sun Jan 19 2020 Jiangping Hu <hujp1985@foxmail.com> - 1:4.12-12
 - Package init