6687919: REGRESSION : Classloader can handle any resource which is not included in classpath

Reviewed-by: jccollet, alanb

6687919: REGRESSION : Classloader can handle any resource which is not included in classpath
Reviewed-by: jccollet, alanb
3f790193 · chegar · 777fbe94 · 3f790193
隐藏空白更改
内联并排

Showing with 15 addition and 3 deletion

jdk/src/share/classes/sun/misc/URLClassPath.java jdk/src/share/classes/sun/misc/URLClassPath.java +15 -3

未找到文件。
--- a/jdk/src/share/classes/sun/misc/URLClassPath.java
+++ b/jdk/src/share/classes/sun/misc/URLClassPath.java
@@ -961,6 +961,7 @@ public class URLClassPath {
     * from a file URL that refers to a directory.
     */
    private static class FileLoader extends Loader {
+        /* Canonicalized File */
        private File dir;
        FileLoader(URL url) throws IOException {
@@ -970,7 +971,7 @@ public class URLClassPath {
            }
            String path = url.getFile().replace('/', File.separatorChar);
            path = ParseUtil.decode(path);
-            dir = new File(path);
+            dir = (new File(path)).getCanonicalFile();
        }
        /*
@@ -997,8 +998,19 @@ public class URLClassPath {
                if (check)
                    URLClassPath.check(url);
-                final File file =
-                    new File(dir, name.replace('/', File.separatorChar));
+                final File file;
+                if (name.indexOf("..") != -1) {
+                    file = (new File(dir, name.replace('/', File.separatorChar)))
+                          .getCanonicalFile();
+                    if ( !((file.getPath()).startsWith(dir.getPath())) ) {
+                        /* outside of base dir */
+                        return null;
+                    }
+                } else {
+                    file = new File(dir, name.replace('/', File.separatorChar));
+                }
                if (file.exists()) {
                    return new Resource() {
                        public String getName() { return name; };