From: Markus Koschany <apo@debian.org>
Date: Sun, 28 Mar 2021 14:56:13 +0200
Subject: CVE-2021-21290
Bug-Debian: https://bugs.debian.org/982580
Origin: https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
---
.../java/io/netty/buffer/AbstractByteBufTest.java | 4 ++--
.../buffer/ReadOnlyDirectByteBufferBufTest.java | 2 +-
.../codec/http/multipart/AbstractDiskHttpData.java | 5 +++--
.../handler/codec/http/HttpChunkedInputTest.java | 3 ++-
.../io/netty/util/internal/NativeLibraryLoader.java | 2 +-
.../io/netty/util/internal/PlatformDependent.java | 20 ++++++++++++++++++++
.../handler/ssl/util/SelfSignedCertificate.java | 6 ++++--
.../handler/stream/ChunkedWriteHandlerTest.java | 3 ++-
.../transport/socket/SocketFileRegionTest.java | 2 +-
.../java/io/netty/channel/epoll/EpollSpliceTest.java | 3 ++-
.../io/netty/channel/unix/tests/UnixTestUtils.java | 3 ++-
11 files changed, 40 insertions(+), 13 deletions(-)
diff --git a/buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java b/buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java
index 59194ab..2679d1e 100644
--- a/buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java
+++ b/buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java
@@ -4487,7 +4487,7 @@ public abstract class AbstractByteBufTest {
@Test
public void testReadBytesAndWriteBytesWithFileChannel() throws IOException {
- File file = File.createTempFile("file-channel", ".tmp");
+ File file = PlatformDependent.createTempFile("file-channel", ".tmp", null);
RandomAccessFile randomAccessFile = null;
try {
randomAccessFile = new RandomAccessFile(file, "rw");
@@ -4530,7 +4530,7 @@ public abstract class AbstractByteBufTest {
@Test
public void testGetBytesAndSetBytesWithFileChannel() throws IOException {
- File file = File.createTempFile("file-channel", ".tmp");
+ File file = PlatformDependent.createTempFile("file-channel", ".tmp", null);
RandomAccessFile randomAccessFile = null;
try {
randomAccessFile = new RandomAccessFile(file, "rw");
diff --git a/buffer/src/test/java/io/netty/buffer/ReadOnlyDirectByteBufferBufTest.java b/buffer/src/test/java/io/netty/buffer/ReadOnlyDirectByteBufferBufTest.java
index d51ce11..6e40f08 100644
--- a/buffer/src/test/java/io/netty/buffer/ReadOnlyDirectByteBufferBufTest.java
+++ b/buffer/src/test/java/io/netty/buffer/ReadOnlyDirectByteBufferBufTest.java
@@ -286,7 +286,7 @@ public class ReadOnlyDirectByteBufferBufTest {
@Test
public void testWrapMemoryMapped() throws Exception {
- File file = File.createTempFile("netty-test", "tmp");
+ File file = PlatformDependent.createTempFile("netty-test", "tmp", null);
FileChannel output = null;
FileChannel input = null;
ByteBuf b1 = null;
diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java b/codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java
index 544bc7c..c28dbae 100644
--- a/codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java
+++ b/codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java
@@ -20,6 +20,7 @@ import io.netty.handler.codec.http.HttpConstants;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
+import io.netty.util.internal.PlatformDependent;
import java.io.File;
import java.io.FileInputStream;
@@ -87,9 +88,9 @@ public abstract class AbstractDiskHttpData extends AbstractHttpData {
File tmpFile;
if (getBaseDirectory() == null) {
// create a temporary file
- tmpFile = File.createTempFile(getPrefix(), newpostfix);
+ tmpFile = PlatformDependent.createTempFile(getPrefix(), newpostfix, null);
} else {
- tmpFile = File.createTempFile(getPrefix(), newpostfix, new File(
+ tmpFile = PlatformDependent.createTempFile(getPrefix(), newpostfix, new File(
getBaseDirectory()));
}
if (deleteOnExit()) {
diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java b/codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java
index 002c8d0..8e75eb9 100644
--- a/codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java
+++ b/codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java
@@ -25,6 +25,7 @@ import io.netty.handler.stream.ChunkedNioFile;
import io.netty.handler.stream.ChunkedNioStream;
import io.netty.handler.stream.ChunkedStream;
import io.netty.handler.stream.ChunkedWriteHandler;
+import io.netty.util.internal.PlatformDependent;
import org.junit.Test;
import java.io.ByteArrayInputStream;
@@ -46,7 +47,7 @@ public class HttpChunkedInputTest {
FileOutputStream out = null;
try {
- TMP = File.createTempFile("netty-chunk-", ".tmp");
+ TMP = PlatformDependent.createTempFile("netty-chunk-", ".tmp", null);
TMP.deleteOnExit();
out = new FileOutputStream(TMP);
out.write(BYTES);
diff --git a/common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java b/common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java
index 31b4a46..a47a7f5 100644
--- a/common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java
+++ b/common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java
@@ -180,7 +180,7 @@ public final class NativeLibraryLoader {
String prefix = libname.substring(0, index);
String suffix = libname.substring(index, libname.length());
- tmpFile = File.createTempFile(prefix, suffix, WORKDIR);
+ tmpFile = PlatformDependent.createTempFile(prefix, suffix, WORKDIR);
in = url.openStream();
out = new FileOutputStream(tmpFile);
diff --git a/common/src/main/java/io/netty/util/internal/PlatformDependent.java b/common/src/main/java/io/netty/util/internal/PlatformDependent.java
index 1baeecb..fd2af44 100644
--- a/common/src/main/java/io/netty/util/internal/PlatformDependent.java
+++ b/common/src/main/java/io/netty/util/internal/PlatformDependent.java
@@ -33,6 +33,7 @@ import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
+import java.nio.file.Files;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Deque;
@@ -56,6 +57,7 @@ import static io.netty.util.internal.PlatformDependent0.hashCodeAsciiSanitize;
import static io.netty.util.internal.PlatformDependent0.unalignedAccess;
import static java.lang.Math.max;
import static java.lang.Math.min;
+import java.io.IOException;
/**
* Utility that detects various properties specific to the current runtime
@@ -1228,6 +1230,24 @@ public final class PlatformDependent {
return true;
}
+ @SuppressJava6Requirement(reason = "Guarded by version check")
+ public static File createTempFile(String prefix, String suffix, File directory) throws IOException {
+ if (javaVersion() >= 7) {
+ if (directory == null) {
+ return Files.createTempFile(prefix, suffix).toFile();
+ }
+ return Files.createTempFile(directory.toPath(), prefix, suffix).toFile();
+ }
+ if (directory == null) {
+ return File.createTempFile(prefix, suffix);
+ }
+ File file = File.createTempFile(prefix, suffix, directory);
+ // Try to adjust the perms, if this fails there is not much else we can do...
+ file.setReadable(false, false);
+ file.setReadable(true, true);
+ return file;
+ }
+
/**
* Package private for testing purposes only!
*/
diff --git a/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java b/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
index 9f010ce..34212bd 100644
--- a/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
+++ b/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
@@ -20,6 +20,7 @@ import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.base64.Base64;
import io.netty.util.CharsetUtil;
+import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
@@ -29,6 +30,7 @@ import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
+import java.nio.file.Files;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
@@ -238,7 +240,7 @@ public final class SelfSignedCertificate {
wrappedBuf.release();
}
- File keyFile = File.createTempFile("keyutil_" + fqdn + '_', ".key");
+ File keyFile = PlatformDependent.createTempFile("keyutil_" + fqdn + '_', ".key", null);
keyFile.deleteOnExit();
OutputStream keyOut = new FileOutputStream(keyFile);
@@ -269,7 +271,7 @@ public final class SelfSignedCertificate {
wrappedBuf.release();
}
- File certFile = File.createTempFile("keyutil_" + fqdn + '_', ".crt");
+ File certFile = PlatformDependent.createTempFile("keyutil_" + fqdn + '_', ".crt", null);
certFile.deleteOnExit();
OutputStream certOut = new FileOutputStream(certFile);
diff --git a/handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java b/handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java
index 5b03048..6caf0af 100644
--- a/handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java
+++ b/handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java
@@ -26,6 +26,7 @@ import io.netty.channel.ChannelOutboundHandlerAdapter;
import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.util.CharsetUtil;
import io.netty.util.ReferenceCountUtil;
+import io.netty.util.internal.PlatformDependent;
import org.junit.Test;
import java.io.ByteArrayInputStream;
@@ -49,7 +50,7 @@ public class ChunkedWriteHandlerTest {
FileOutputStream out = null;
try {
- TMP = File.createTempFile("netty-chunk-", ".tmp");
+ TMP = PlatformDependent.createTempFile("netty-chunk-", ".tmp", null);
TMP.deleteOnExit();
out = new FileOutputStream(TMP);
out.write(BYTES);
diff --git a/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java b/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java
index 53deb6c..d4f43f7 100644
--- a/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java
+++ b/testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java
@@ -100,7 +100,7 @@ public class SocketFileRegionTest extends AbstractSocketTest {
cb.option(ChannelOption.AUTO_READ, autoRead);
final int bufferSize = 1024;
- final File file = File.createTempFile("netty-", ".tmp");
+ final File file = PlatformDependent.createTempFile("netty-", ".tmp", null);
file.deleteOnExit();
final FileOutputStream out = new FileOutputStream(file);
diff --git a/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java b/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java
index c53ff1e..eae1711 100644
--- a/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java
+++ b/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java
@@ -29,6 +29,7 @@ import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.channel.unix.FileDescriptor;
import io.netty.testsuite.util.TestUtils;
import io.netty.util.NetUtil;
+import io.netty.util.internal.PlatformDependent;
import org.junit.Assert;
import org.junit.Test;
@@ -193,7 +194,7 @@ public class EpollSpliceTest {
@Test
public void spliceToFile() throws Throwable {
EventLoopGroup group = new EpollEventLoopGroup(1);
- File file = File.createTempFile("netty-splice", null);
+ File file = PlatformDependent.createTempFile("netty-splice", null, null);
file.deleteOnExit();
SpliceHandler sh = new SpliceHandler(file);
diff --git a/transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java b/transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java
index e4ebcb4..6124ec1 100644
--- a/transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java
+++ b/transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java
@@ -17,6 +17,7 @@ package io.netty.channel.unix.tests;
import io.netty.channel.unix.DomainSocketAddress;
import io.netty.channel.unix.Socket;
+import io.netty.util.internal.PlatformDependent;
import java.io.File;
import java.io.IOException;
@@ -26,7 +27,7 @@ public final class UnixTestUtils {
try {
File file;
do {
- file = File.createTempFile("NETTY", "UDS");
+ file = PlatformDependent.createTempFile("NETTY", "UDS", null);
if (!file.delete()) {
throw new IOException("failed to delete: " + file);
}