diff options
author | Robert Gemmell <robbie@apache.org> | 2009-10-20 14:46:05 +0000 |
---|---|---|
committer | Robert Gemmell <robbie@apache.org> | 2009-10-20 14:46:05 +0000 |
commit | f5e604488fd06a78826d1f6cb0143876dca439bc (patch) | |
tree | 438f88b4f3aec7948216eb70ede59f50e524967b /java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java | |
parent | 73a2ad3563b413accfa5798ea41e152ad28c2743 (diff) | |
download | qpid-python-f5e604488fd06a78826d1f6cb0143876dca439bc.tar.gz |
QPID-2042: remove use of FileUtils.copyCheckedEx for security reasons, generate new file in same filesystem as existing file to avoid copying between filesystems
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@827589 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java')
-rw-r--r-- | java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java | 44 |
1 files changed, 24 insertions, 20 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java b/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java index b6d2c3ab67..69abac7bd6 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java @@ -51,6 +51,7 @@ import java.io.FileOutputStream; import java.util.Properties; import java.util.List; import java.util.Enumeration; +import java.util.Random; import java.util.Set; import java.util.concurrent.locks.ReentrantLock; import java.security.Principal; @@ -439,7 +440,14 @@ public class AMQUserManagementMBean extends AMQManagedObject implements UserMana _accessRightsUpdate.lock(); // Create temporary file - File tmp = File.createTempFile(_accessFile.getName(), ".tmp"); + Random r = new Random(); + File tmp; + do + { + tmp = new File(_accessFile.getPath() + r.nextInt() + ".tmp"); + } + while(tmp.exists()); + tmp.deleteOnExit(); FileOutputStream output = new FileOutputStream(tmp); @@ -453,30 +461,26 @@ public class AMQUserManagementMBean extends AMQManagedObject implements UserMana old.delete(); } - try + if(!_accessFile.renameTo(old)) { - if(!_accessFile.renameTo(old)) - { - FileUtils.copyCheckedEx(_accessFile, old); - } + //unable to rename the existing file to the backup name + _logger.error("Could not backup the existing management rights file"); + throw new IOException("Could not backup the existing management rights file"); } - catch (IOException e) - { - _logger.warn("Could not backup the existing management rights file: " +e); - throw new IOException("Could not backup the existing management rights file: " +e); - } - - try + + if(!tmp.renameTo(_accessFile)) { - if(!tmp.renameTo(_accessFile)) + //failed to rename the new file to the required filename + + if(!old.renameTo(_accessFile)) { - FileUtils.copyCheckedEx(tmp, _accessFile); + //unable to return the backup to required filename + _logger.error("Could not rename the new management rights file into place, and unable to restore original file"); + throw new IOException("Could not rename the new management rights file into place, and unable to restore original file"); } - } - catch (IOException e) - { - _logger.warn("Could not copy the new management rights file into place: " +e); - throw new IOException("Could not copy the new management rights file into place" +e); + + _logger.error("Could not rename the new management rights file into place"); + throw new IOException("Could not rename the new management rights file into place"); } } finally |