[Java-game-lib-cvs] SF.net SVN: java-game-lib: [2403] trunk/LWJGL/src/java/org/lwjgl/opengl

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2403
Author:   matzon
Date:     2006-07-02 13:26:49 -0700 (Sun, 02 Jul 2006)
ViewCVS:  http://svn.sourceforge.net/java-game-lib/?rev=2403&view=rev

Log Message:
-----------
made Display priveledged action private. Fixes a possible security exploit that would allow anyone to get a boolean from System properties *gasp*

Modified Paths:
--------------
    trunk/LWJGL/src/java/org/lwjgl/opengl/Display.java
    trunk/LWJGL/src/java/org/lwjgl/opengl/MacOSXFrame.java
Modified: trunk/LWJGL/src/java/org/lwjgl/opengl/Display.java
===================================================================

--- trunk/LWJGL/src/java/org/lwjgl/opengl/Display.java	2006-07-01 05:33:14 UTC (rev 2402)
+++ trunk/LWJGL/src/java/org/lwjgl/opengl/Display.java	2006-07-02 20:26:49 UTC (rev 2403)
@@ -711,7 +711,7 @@
 	/**
 	 * Gets a boolean property as a privileged action.
 	 */
-	static boolean getPrivilegedBoolean(final String property_name) {
+	private static boolean getPrivilegedBoolean(final String property_name) {
 		Boolean value = (Boolean)AccessController.doPrivileged(new PrivilegedAction() {
 			public Object run() {	
 				return new Boolean(Boolean.getBoolean(property_name));

Modified: trunk/LWJGL/src/java/org/lwjgl/opengl/MacOSXFrame.java
===================================================================
--- trunk/LWJGL/src/java/org/lwjgl/opengl/MacOSXFrame.java	2006-07-01 05:33:14 UTC (rev 2402)
+++ trunk/LWJGL/src/java/org/lwjgl/opengl/MacOSXFrame.java	2006-07-02 20:26:49 UTC (rev 2403)
@@ -48,6 +48,7 @@
 import java.awt.event.WindowEvent;
 import java.awt.event.WindowListener;
 import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 
@@ -72,7 +73,7 @@
 		addComponentListener(this);
 		canvas = new MacOSXGLCanvas();
 		add(canvas, BorderLayout.CENTER);
-		boolean undecorated = Display.getPrivilegedBoolean("org.lwjgl.opengl.Window.undecorated");
+		boolean undecorated = getPrivilegedBoolean("org.lwjgl.opengl.Window.undecorated");
 		setUndecorated(fullscreen || undecorated);
 		if ( fullscreen ) {
 			try {
@@ -212,4 +213,16 @@
 		}
 		return result;
 	}
+	
+	/**
+	 * Gets a boolean property as a privileged action.
+	 */
+	private static boolean getPrivilegedBoolean(final String property_name) {
+		Boolean value = (Boolean)AccessController.doPrivileged(new PrivilegedAction() {
+			public Object run() {	
+				return new Boolean(Boolean.getBoolean(property_name));
+			}
+		});
+		return value.booleanValue();
+	}	
 }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



