packages/netty
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
netty/CVE-2021-21290.patch
wang_yue111 6d75b17428 fix CVE-2021-21290
2021-03-09 16:17:29 +08:00

293 lines
14 KiB
Diff
Raw Blame History

From f1f550f682ea781cda3d86e5114b7b7cab4513c8 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Tue, 9 Mar 2021 14:57:32 +0800
Subject: [PATCH] Use Files.createTempFile(...) to ensure the file is created
with proper permissions
Motivation:
File.createTempFile(String, String)` will create a temporary file in the system temporary directory if the 'java.io.tmpdir'. The permissions on that file utilize the umask. In a majority of cases, this means that the file that java creates has the permissions: `-rw-r--r--`, thus, any other local user on that system can read the contents of that file.
This can be a security concern if any sensitive data is stored in this file.
This was reported by Jonathan Leitschuh <jonathan.leitschuh@gmail.com> as a security problem.
Modifications:
Use Files.createTempFile(...) which will use safe-defaults when running on java 7 and later. If running on java 6 there isnt much we can do, which is fair enough as java 6 shouldnt be considered "safe" anyway.
Result:
Create temporary files with sane permissions by default.
---
.../io/netty/buffer/AbstractByteBufTest.java | 4 ++--
.../http/multipart/AbstractDiskHttpData.java | 5 +++--
.../codec/http/HttpChunkedInputTest.java | 3 ++-
.../util/internal/NativeLibraryLoader.java | 3 ++-
.../util/internal/PlatformDependent.java | 20 +++++++++++++++++++
.../ssl/util/SelfSignedCertificate.java | 5 +++--
.../stream/ChunkedWriteHandlerTest.java | 3 ++-
.../socket/SocketFileRegionTest.java | 2 +-
.../epoll/EpollSocketTestPermutation.java | 1 +
.../netty/channel/epoll/EpollSpliceTest.java | 3 ++-
.../channel/unix/tests/UnixTestUtils.java | 3 ++-
11 files changed, 40 insertions(+), 12 deletions(-)
diff --git a/buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java b/buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java
index ef9d729..0d4d3e6 100644
--- a/buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java
+++ b/buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java
@@ -3962,7 +3962,7 @@ public abstract class AbstractByteBufTest {
@Test
public void testReadBytesAndWriteBytesWithFileChannel() throws IOException {
- File file = File.createTempFile("file-channel", ".tmp");
+ File file = PlatformDependent.createTempFile("file-channel", ".tmp", null);
RandomAccessFile randomAccessFile = null;
try {
randomAccessFile = new RandomAccessFile(file, "rw");
@@ -4005,7 +4005,7 @@ public abstract class AbstractByteBufTest {
@Test
public void testGetBytesAndSetBytesWithFileChannel() throws IOException {
- File file = File.createTempFile("file-channel", ".tmp");
+ File file = PlatformDependent.createTempFile("file-channel", ".tmp", null);
RandomAccessFile randomAccessFile = null;
try {
randomAccessFile = new RandomAccessFile(file, "rw");
diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java b/codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java
index a21e72f..9251673 100644
--- a/codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java
+++ b/codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java
@@ -18,6 +18,7 @@ package io.netty.handler.codec.http.multipart;
import io.netty.buffer.ByteBuf;
import io.netty.handler.codec.http.HttpConstants;
import io.netty.util.internal.EmptyArrays;
+import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
@@ -87,9 +88,9 @@ public abstract class AbstractDiskHttpData extends AbstractHttpData {
File tmpFile;
if (getBaseDirectory() == null) {
// create a temporary file
- tmpFile = File.createTempFile(getPrefix(), newpostfix);
+ tmpFile = PlatformDependent.createTempFile(getPrefix(), newpostfix, null);
} else {
- tmpFile = File.createTempFile(getPrefix(), newpostfix, new File(
+ tmpFile = PlatformDependent.createTempFile(getPrefix(), newpostfix, new File(
getBaseDirectory()));
}
if (deleteOnExit()) {
diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java b/codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java
index 002c8d0..8e75eb9 100644
--- a/codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java
+++ b/codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java
@@ -25,6 +25,7 @@ import io.netty.handler.stream.ChunkedNioFile;
import io.netty.handler.stream.ChunkedNioStream;
import io.netty.handler.stream.ChunkedStream;
import io.netty.handler.stream.ChunkedWriteHandler;
+import io.netty.util.internal.PlatformDependent;
import org.junit.Test;
import java.io.ByteArrayInputStream;
@@ -46,7 +47,7 @@ public class HttpChunkedInputTest {
FileOutputStream out = null;
try {
- TMP = File.createTempFile("netty-chunk-", ".tmp");
+ TMP = PlatformDependent.createTempFile("netty-chunk-", ".tmp", null);
TMP.deleteOnExit();
out = new FileOutputStream(TMP);
out.write(BYTES);
diff --git a/common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java b/common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java
index 1b0a71d..cb4d4f2 100644
--- a/common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java
+++ b/common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java
@@ -15,6 +15,7 @@
*/
package io.netty.util.internal;
+import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
@@ -212,7 +213,7 @@ public final class NativeLibraryLoader {
OutputStream out = null;
File tmpFile = null;
try {
- tmpFile = File.createTempFile(prefix, suffix, WORKDIR);
+ tmpFile = PlatformDependent.createTempFile(prefix, suffix, WORKDIR);
in = url.openStream();
out = new FileOutputStream(tmpFile);
diff --git a/common/src/main/java/io/netty/util/internal/PlatformDependent.java b/common/src/main/java/io/netty/util/internal/PlatformDependent.java
index 2fd3c98..6cc4532 100644
--- a/common/src/main/java/io/netty/util/internal/PlatformDependent.java
+++ b/common/src/main/java/io/netty/util/internal/PlatformDependent.java
@@ -17,6 +17,7 @@ package io.netty.util.internal;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
+import io.netty.util.internal.PlatformDependent;
import org.jctools.queues.MpscArrayQueue;
import org.jctools.queues.MpscChunkedArrayQueue;
import org.jctools.queues.SpscLinkedQueue;
@@ -27,9 +28,11 @@ import org.jctools.util.Pow2;
import org.jctools.util.UnsafeAccess;
import java.io.File;
+import java.io.IOException;
import java.lang.reflect.Method;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
+import java.nio.file.Files;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Deque;
@@ -1166,6 +1169,23 @@ public final class PlatformDependent {
return true;
}
+ public static File createTempFile(String prefix, String suffix, File directory) throws IOException {
+ if (javaVersion() >= 7) {
+ if (directory == null) {
+ return Files.createTempFile(prefix, suffix).toFile();
+ }
+ return Files.createTempFile(directory.toPath(), prefix, suffix).toFile();
+ }
+ if (directory == null) {
+ return File.createTempFile(prefix, suffix);
+ }
+ File file = File.createTempFile(prefix, suffix, directory);
+ // Try to adjust the perms, if this fails there is not much else we can do...
+ file.setReadable(false, false);
+ file.setReadable(true, true);
+ return file;
+ }
+
/**
* Package private for testing purposes only!
*/
diff --git a/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java b/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
index 112e1a8..4fa3d53 100644
--- a/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
+++ b/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
@@ -20,6 +20,7 @@ import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.base64.Base64;
import io.netty.util.CharsetUtil;
+import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
@@ -236,7 +237,7 @@ public final class SelfSignedCertificate {
wrappedBuf.release();
}
- File keyFile = File.createTempFile("keyutil_" + fqdn + '_', ".key");
+ File keyFile = PlatformDependent.createTempFile("keyutil_" + fqdn + '_', ".key", null);
keyFile.deleteOnExit();
OutputStream keyOut = new FileOutputStream(keyFile);
@@ -267,7 +268,7 @@ public final class SelfSignedCertificate {
wrappedBuf.release();
}
- File certFile = File.createTempFile("keyutil_" + fqdn + '_', ".crt");
+ File certFile = PlatformDependent.createTempFile("keyutil_" + fqdn + '_', ".crt", null);
certFile.deleteOnExit();
OutputStream certOut = new FileOutputStream(certFile);
diff --git a/handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java b/handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java
index 66b6951..f556a5f 100644
--- a/handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java
+++ b/handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java
@@ -23,6 +23,7 @@ import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.util.CharsetUtil;
+import io.netty.util.internal.PlatformDependent;
import org.junit.Test;
import java.io.ByteArrayInputStream;
@@ -47,7 +48,7 @@ public class ChunkedWriteHandlerTest {
FileOutputStream out = null;
try {
- TMP = File.createTempFile("netty-chunk-", ".tmp");
+ TMP = PlatformDependent.createTempFile("netty-chunk-", ".tmp", null);
TMP.deleteOnExit();
out = new FileOutputStream(TMP);
out.write(BYTES);
diff --git a/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java b/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java
index f08a714..608beed 100644
--- a/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java
+++ b/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java
@@ -100,7 +100,7 @@ public class SocketFileRegionTest extends AbstractSocketTest {
cb.option(ChannelOption.AUTO_READ, autoRead);
final int bufferSize = 1024;
- final File file = File.createTempFile("netty-", ".tmp");
+ final File file = PlatformDependent.createTempFile("netty-", ".tmp", null);
file.deleteOnExit();
final FileOutputStream out = new FileOutputStream(file);
diff --git a/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSocketTestPermutation.java b/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSocketTestPermutation.java
index 2da13e1..f8d42cb 100644
--- a/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSocketTestPermutation.java
+++ b/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSocketTestPermutation.java
@@ -32,6 +32,7 @@ import io.netty.testsuite.transport.socket.SocketTestPermutation;
import io.netty.util.concurrent.DefaultThreadFactory;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
+import io.netty.util.internal.PlatformDependent;
import java.io.BufferedReader;
import java.io.File;
diff --git a/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java b/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java
index 98dcec9..6b975e6 100644
--- a/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java
+++ b/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java
@@ -27,6 +27,7 @@ import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.channel.unix.FileDescriptor;
+import io.netty.util.internal.PlatformDependent;
import org.junit.Assert;
import org.junit.Test;
@@ -192,7 +193,7 @@ public class EpollSpliceTest {
@Test
public void spliceToFile() throws Throwable {
EventLoopGroup group = new EpollEventLoopGroup(1);
- File file = File.createTempFile("netty-splice", null);
+ File file = PlatformDependent.createTempFile("netty-splice", null, null);
file.deleteOnExit();
SpliceHandler sh = new SpliceHandler(file);
diff --git a/transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java b/transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java
index e4ebcb4..2fa4187 100644
--- a/transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java
+++ b/transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java
@@ -17,6 +17,7 @@ package io.netty.channel.unix.tests;
import io.netty.channel.unix.DomainSocketAddress;
import io.netty.channel.unix.Socket;
+import io.netty.util.internal.PlatformDependent;
import java.io.File;
import java.io.IOException;
@@ -26,7 +27,7 @@ public final class UnixTestUtils {
try {
File file;
do {
- file = File.createTempFile("NETTY", "UDS");
+ file = PlatformDependent.createTempFile("NETTY", "UDS", null);
if (!file.delete()) {
throw new IOException("failed to delete: " + file);
}
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink