diff options
| author | Robert Gemmell <robbie@apache.org> | 2009-10-20 14:45:36 +0000 |
|---|---|---|
| committer | Robert Gemmell <robbie@apache.org> | 2009-10-20 14:45:36 +0000 |
| commit | 405c85cad7208112d907c614faf2ff7c548e1db7 (patch) | |
| tree | bcc66234457d137f715d25d7bb18dc9602e75ac7 | |
| parent | 156f38b92810af655553c37c343fe9c177a8c039 (diff) | |
| download | qpid-python-405c85cad7208112d907c614faf2ff7c548e1db7.tar.gz | |
QPID-2041: remove use of FileUtils.copyCheckedEx for security reasons, generate new file in same filesystem as existing file to avoid copying between filesystems
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@827587 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java index cd4eb0bec7..581eeabbc3 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java @@ -40,6 +40,7 @@ import java.util.HashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.Random; import java.util.concurrent.locks.ReentrantLock; import java.util.regex.Pattern; @@ -428,7 +429,15 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase BufferedReader reader = null; PrintStream writer = null; - File tmp = File.createTempFile(_passwordFile.getName(), ".tmp"); + + Random r = new Random(); + File tmp; + do + { + tmp = new File(_passwordFile.getPath() + r.nextInt() + ".tmp"); + } + while(tmp.exists()); + tmp.deleteOnExit(); try @@ -528,30 +537,26 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase old.delete(); } - try - { - if(!_passwordFile.renameTo(old)) - { - FileUtils.copyCheckedEx(_passwordFile, old); - } - } - catch (IOException e) + if(!_passwordFile.renameTo(old)) { - _logger.error("Could not backup the existing password file: " +e); - throw new IOException("Could not backup the existing password file: " + e); + //unable to rename the existing file to the backup name + _logger.error("Could not backup the existing password file"); + throw new IOException("Could not backup the existing password file"); } - - try + + if(!tmp.renameTo(_passwordFile)) { - if(!tmp.renameTo(_passwordFile)) + //failed to rename the new file to the required filename + + if(!old.renameTo(_passwordFile)) { - FileUtils.copyCheckedEx(tmp, _passwordFile); + //unable to return the backup to required filename + _logger.error("Could not rename the new password file into place, and unable to restore original file"); + throw new IOException("Could not rename the new password file into place, and unable to restore original file"); } - } - catch (IOException e) - { - _logger.error("Could not copy the new password file into place: " +e); - throw new IOException("Could not copy the new password file into place: " + e); + + _logger.error("Could not rename the new password file into place"); + throw new IOException("Could not rename the new password file into place"); } } finally |