Author: nextgens
Date: 2007-05-24 11:46:45 +0000 (Thu, 24 May 2007)
New Revision: 13355
Modified:
trunk/freenet/src/freenet/pluginmanager/PluginManager.java
Log:
Pluginmanager: be symlink attack proof
Modified: trunk/freenet/src/freenet/pluginmanager/PluginManager.java
===================================================================
--- trunk/freenet/src/freenet/pluginmanager/PluginManager.java 2007-05-24
09:48:41 UTC (rev 13354)
+++ trunk/freenet/src/freenet/pluginmanager/PluginManager.java 2007-05-24
11:46:45 UTC (rev 13355)
@@ -353,15 +353,16 @@
return null;
}
- // Shall we prevent overwriting ?
- File f = new File("plugins/" + pluginname + ".jar");
- if(f.exists()) f.delete();
+ File finalFile = new File("plugins/" + pluginname + ".jar");
+ File f = File.createTempFile(pluginname, ".tmp", finalFile);
os = new BufferedOutputStream(new FileOutputStream(f));
int b;
while ((b = dis.read()) != -1) {
os.write(b);
}
+ f.renameTo(finalFile);
filename = "*@file://" + FileUtil.getCanonicalFile(f);
+ if(logMINOR) Logger.minor(this, "Rewritten to
"+filename);
} catch (MalformedURLException mue) {
Logger.error(this, "MAlformedURLException has
occured : "+ mue, mue);
return null;
