fix CVE-2020-15250

2021-02-19 09:43:30 +08:00 · 2021-02-19 09:43:30 +08:00 · cc8fa02dee
commit cc8fa02dee
parent 0ebefe51bb
3 changed files with 146 additions and 1 deletions
--- a/CVE-2020-15250-pre.patch
+++ b/CVE-2020-15250-pre.patch
@ -0,0 +1,63 @@
 From 24b8ee0bec2f2761b479bdd989275f19597955a3 Mon Sep 17 00:00:00 2001
 From: Carsten Varming <cvarming@twitter.com>
 Date: Sat, 21 May 2016 22:43:07 -0400
 Subject: [PATCH] Retry TemporaryFolder.newFolder's call to mkdir if the call
 does not create a new directory.
 Closes #1304
 ---
 .../java/org/junit/rules/TemporaryFolder.java | 27 +++++++++++++++----
 1 file changed, 22 insertions(+), 5 deletions(-)
 diff --git a/src/main/java/org/junit/rules/TemporaryFolder.java b/src/main/java/org/junit/rules/TemporaryFolder.java
 index 8fc9d5b370..0b3e874528 100644
 --- a/src/main/java/org/junit/rules/TemporaryFolder.java
 +++ b/src/main/java/org/junit/rules/TemporaryFolder.java
@@ -32,6 +32,9 @@ public class TemporaryFolder extends Ext
     private final File parentFolder;
     private File folder;
 +    private static final int TEMP_DIR_ATTEMPTS = 10000;
 +    private static final String TMP_PREFIX = "junit";
 +
     public TemporaryFolder() {
         this(null);
     }
@@ -75,7 +78,7 @@ public class TemporaryFolder extends Ext
      * Returns a new fresh file with a random name under the temporary folder.
      */
     public File newFile() throws IOException {
 -        return File.createTempFile("junit", null, getRoot());
 +        return File.createTempFile(TMP_PREFIX, null, getRoot());
     }
     /**
@@ -131,10 +134,24 @@ public class TemporaryFolder extends Ext
     }
     private File createTemporaryFolderIn(File parentFolder) throws IOException {
 -        File createdFolder = File.createTempFile("junit", "", parentFolder);
 -        createdFolder.delete();
 -        createdFolder.mkdir();
 -        return createdFolder;
 +        File createdFolder = null;
 +        for (int i = 0; i < TEMP_DIR_ATTEMPTS; ++i) {
 +            // Use createTempFile to get a suitable folder name.
 +            String suffix = ".tmp";
 +            File tmpFile = File.createTempFile(TMP_PREFIX, suffix, parentFolder);
 +            String tmpName = tmpFile.getName();
 +            // Discard suffix of tmpName.
 +            String folderName = tmpName.substring(0, tmpName.length() - suffix.length());
 +            createdFolder = new File(parentFolder, folderName);
 +            if (createdFolder.mkdir()) {
 +                tmpFile.delete();
 +                return createdFolder;
 +            }
 +            tmpFile.delete();
 +        }
 +        throw new IOException("Unable to create temporary directory in: "
 +            + parentFolder.toString() + ". Tried " + TEMP_DIR_ATTEMPTS + " times. "
 +            + "Last attempted to create: " + createdFolder.toString());
     }
     /**
--- a/CVE-2020-15250.patch
+++ b/CVE-2020-15250.patch
@ -0,0 +1,77 @@
 From 610155b8c22138329f0723eec22521627dbc52ae Mon Sep 17 00:00:00 2001
 From: Marc Philipp <mail@marcphilipp.de>
 Date: Sun, 11 Oct 2020 16:56:21 +0200
 Subject: [PATCH] Merge pull request from GHSA-269g-pwp5-87pp
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 When running on Java 7 or later, temporary directories are now created
 Using Java’s NIO API which restricts permissions to owner-only by
 default.
 ---
 .../java/org/junit/rules/TemporaryFolder.java | 43 ++++++++++++++++++-
 .../org/junit/rules/TempFolderRuleTest.java   | 37 +++++++++++++++-
 2 files changed, 78 insertions(+), 2 deletions(-)
 diff --git a/src/main/java/org/junit/rules/TemporaryFolder.java b/src/main/java/org/junit/rules/TemporaryFolder.java
 index 1a6a770608..a726c66e36 100644
 --- a/src/main/java/org/junit/rules/TemporaryFolder.java
 +++ b/src/main/java/org/junit/rules/TemporaryFolder.java
@@ -2,6 +2,9 @@
 import java.io.File;
 import java.io.IOException;
 +import java.lang.reflect.Array;
 +import java.lang.reflect.InvocationTargetException;
 +import java.lang.reflect.Method;
 import org.junit.Rule;
@@ -133,7 +136,45 @@ public File newFolder() throws IOException {
         return createTemporaryFolderIn(getRoot());
     }
 -    private File createTemporaryFolderIn(File parentFolder) throws IOException {
 +    private static File createTemporaryFolderIn(File parentFolder) throws IOException {
 +        try {
 +            return createTemporaryFolderWithNioApi(parentFolder);
 +        } catch (ClassNotFoundException ignore) {
 +            // Fallback for Java 5 and 6
 +            return createTemporaryFolderWithFileApi(parentFolder);
 +        } catch (InvocationTargetException e) {
 +            Throwable cause = e.getCause();
 +            if (cause instanceof IOException) {
 +                throw (IOException) cause;
 +            }
 +            if (cause instanceof RuntimeException) {
 +                throw (RuntimeException) cause;
 +            }
 +            IOException exception = new IOException("Failed to create temporary folder in " + parentFolder);
 +            exception.initCause(cause);
 +            throw exception;
 +        } catch (Exception e) {
 +            throw new RuntimeException("Failed to create temporary folder in " + parentFolder, e);
 +        }
 +    }
 +
 +    private static File createTemporaryFolderWithNioApi(File parentFolder) throws ClassNotFoundException, NoSuchMethodException, InvocationTargetException, IllegalAccessException {
 +        Class<?> filesClass = Class.forName("java.nio.file.Files");
 +        Object fileAttributeArray = Array.newInstance(Class.forName("java.nio.file.attribute.FileAttribute"), 0);
 +        Class<?> pathClass = Class.forName("java.nio.file.Path");
 +        Object tempDir;
 +        if (parentFolder != null) {
 +            Method createTempDirectoryMethod = filesClass.getDeclaredMethod("createTempDirectory", pathClass, String.class, fileAttributeArray.getClass());
 +            Object parentPath = File.class.getDeclaredMethod("toPath").invoke(parentFolder);
 +            tempDir = createTempDirectoryMethod.invoke(null, parentPath, TMP_PREFIX, fileAttributeArray);
 +        } else {
 +            Method createTempDirectoryMethod = filesClass.getDeclaredMethod("createTempDirectory", String.class, fileAttributeArray.getClass());
 +            tempDir = createTempDirectoryMethod.invoke(null, TMP_PREFIX, fileAttributeArray);
 +        }
 +        return (File) pathClass.getDeclaredMethod("toFile").invoke(tempDir);
 +    }
 +
 +    private static File createTemporaryFolderWithFileApi(File parentFolder) throws IOException {
         File createdFolder = null;
         for (int i = 0; i < TEMP_DIR_ATTEMPTS; ++i) {
             // Use createTempFile to get a suitable folder name.
--- a/junit.spec
+++ b/junit.spec
@ -1,11 +1,13 @@
 Name:           junit
 Epoch:          1
 Version:        4.12
-Release:        12
+Release:        13
 Summary:        A Java package for unit testing frameworks
 License:        EPL-1.0
 URL:            http://www.junit.org/
 Source0:        https://github.com/%{name}-team/%{name}/archive/r%{version}.tar.gz
 Patch0000:      CVE-2020-15250-pre.patch
 Patch0001:      CVE-2020-15250.patch
 BuildArch:      noarch
 BuildRequires:  maven-local mvn(org.apache.felix:maven-bundle-plugin)
@ -72,5 +74,8 @@ sed s/@version@/%{version}/ src/main/java/junit/runner/Version.java.template >sr
 %doc doc/*
 %changelog
 * Fri Feb 19 2021 wangxiao <wangxiao65@huawei.com> - 1:4.12-13
 - Fix CVE-2020-15250
 * Sun Jan 19 2020 Jiangping Hu <hujp1985@foxmail.com> - 1:4.12-12
 - Package init