Thrid wave of security fixes

Fixes 225, 224, 223, 221, 220, 219, 218, 217, 216, 215, 214 and 213

Author: tomas-sexenian

common/src/main/java/HTTPClient/FileConnection.java

@@ -84,10 +84,13 @@ public InputStream getInputStream()throws IOException
     public synchronized byte [] getData() throws IOException
     {
         if(Data != null)return Data;
-        Data = new byte[(int)size];
+        	Data = new byte[(int)size];
         if(inp == null)
-        getInputStream().read(Data);
-        getInputStream().close();
+			try {
+				getInputStream().read(Data);
+			} finally {
+				getInputStream().close();
+			}
         return Data;
     }
 

common/src/main/java/com/genexus/reports/ParseINI.java

@@ -75,11 +75,9 @@ public ParseINI(String filename, String configurationTemplateFile)  throws IOExc
 
 	private void init(String filename) throws IOException{
 		this.filename = new File(filename).getAbsolutePath();
-		try
+		try (FileInputStream inputStream = new FileInputStream(filename);)
 		{
-			FileInputStream inputStream = new FileInputStream(filename);
 			load(inputStream);
-			inputStream.close();
 		}
 		catch(FileNotFoundException fnfe)
 		{ // Si debo crear el archivo

common/src/main/java/com/genexus/xml/XMLReader.java

@@ -834,12 +834,12 @@ public void openFromString(String s)
 	public void openResponse(com.genexus.internet.HttpClient client)
 	{
 		reset();
-		try
+		try (InputStream is = client.getInputStream())
 		{
 			if (documentEncoding.length() > 0)
-				inputSource = new XMLInputSource(null, null, null, client.getInputStream(), documentEncoding);
+				inputSource = new XMLInputSource(null, null, null, is, documentEncoding);
 			else
-				inputSource = new XMLInputSource(null, null, null, client.getInputStream(), null);
+				inputSource = new XMLInputSource(null, null, null, is, null);
 			parserConfiguration.setInputSource(inputSource);
 		}
 		catch (IOException e)

gxmail/src/main/java/com/genexus/internet/MailMessage.java

@@ -174,27 +174,31 @@ private void readBody(MailReader reader, MailProperties partProps, String separa
 
 		String oldSeparator = reader.getSeparator();
 		reader.setSeparator(separator);
-		OutputStream out;
-
-		if	(isAttachment)
-		{			
-			if (this.downloadAttachments){
-				String name     = partProps.getKeyProperty(GXInternetConstants.CONTENT_TYPE, GXInternetConstants.NAME);
-				String fileName = partProps.getKeyProperty(GXInternetConstants.CONTENT_DISPOSITION, GXInternetConstants.FILENAME);
-				String outname = getFileName(attachmentsPath, fileName.length() == 0?name:fileName, partProps.getMimeMediaSubtype());
-	
-				attachments += outname + ";";
-				out = new FileOutputStream(attachmentsPath + outname);
+		OutputStream out = null;
+
+		try{
+			if	(isAttachment)
+			{
+				if (this.downloadAttachments){
+					String name     = partProps.getKeyProperty(GXInternetConstants.CONTENT_TYPE, GXInternetConstants.NAME);
+					String fileName = partProps.getKeyProperty(GXInternetConstants.CONTENT_DISPOSITION, GXInternetConstants.FILENAME);
+					String outname = getFileName(attachmentsPath, fileName.length() == 0?name:fileName, partProps.getMimeMediaSubtype());
+
+					attachments += outname + ";";
+					out = new FileOutputStream(attachmentsPath + outname);
+				}
+				else
+				{
+					out = new DummyOutputStream();
+				}
+
 			}
-			else				
+			else
 			{
-				out = new DummyOutputStream();
+				out = new ByteArrayOutputStream();
 			}
-			
-		}
-		else
-		{
-			out = new ByteArrayOutputStream();
+		} finally {
+			if (out == null) out.close();
 		}
 
 		getDecoder(partProps.getField(GXInternetConstants.CONTENT_TRANSFER_ENCODING)).decode(reader, out);

gxmail/src/main/java/com/genexus/internet/SMTPSession.java

@@ -613,20 +613,23 @@ private String getNextMessage(String sTime, String sPrefix, boolean end)
 
 	private void sendAttachment(String sTime, String fileNamePath, String attachmentPath) throws GXMailException, IOException
 	{
-		InputStream is;
+		InputStream is = null;
 		String fileName = fileNamePath;
 
 		if	(fileNamePath.lastIndexOf(File.separator) != -1)
 			fileName = fileNamePath.substring(fileNamePath.lastIndexOf(File.separator) + 1);
 
-   		try
-   		{
+   		try {
    			is = new FileInputStream(attachmentPath + fileNamePath);
 		}
-		catch (FileNotFoundException e)
-		{
+		catch (FileNotFoundException e) {
 			log ("11 - FileNotFound " + e.getMessage());
 			throw new GXMailException("Can't find " + attachmentPath + fileNamePath, MAIL_InvalidAttachment);
+		} finally {
+			   if (is == null) {
+				   log ("SMTPSession.java failed to open an output stream for the file");
+				   throw new GXMailException("Can't find " + attachmentPath + fileNamePath, MAIL_InvalidAttachment);
+			   }
 		}
 
 		println(getNextMessageIdMixed(sTime, false));

gxoffice/src/main/java/com/genexus/gxoffice/poi/hssf/ExcelDocument.java

@@ -11,7 +11,7 @@
 import com.genexus.util.GXFile;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
-
+import java.io.InputStream;
 
 
 /**
@@ -53,9 +53,10 @@ public short Open(String fileName)
 				boolean isAbsolute = new java.io.File(fileName).isAbsolute();
 				GXFile file = new GXFile(fileName, Constants.EXTERNAL_UPLOAD_ACL, isAbsolute);
 				if (file.exists()) {
-					//System.out.println("Opening..");
-					POIFSFileSystem poifs = new POIFSFileSystem(file.getStream());
-					workBook = new HSSFWorkbook(poifs);
+					try (InputStream is = file.getStream()) {
+						POIFSFileSystem poifs = new POIFSFileSystem(is);
+						workBook = new HSSFWorkbook(poifs);
+					}
 				}
 				else {
 					//System.out.println("Creating..");

gxsearch/src/main/java/com/genexus/search/TextHandler.java

@@ -6,10 +6,9 @@ public class TextHandler implements IDocumentHandler
 {
         public String getText(String filename)
         {
-			try
+			try (FileReader rd = new FileReader(filename))
 			{
 				File f = new File(filename);
-				FileReader rd = new FileReader(f);
 				char[] buf = new char[(int)f.length()];
 				rd.read(buf);
 				rd.close();

java/src/main/java/com/genexus/db/driver/GXPreparedStatement.java

@@ -1342,10 +1342,9 @@ public void setBLOBFile(java.sql.Blob blob, String fileName) throws SQLException
 		{
 			if(con.getDBMS().getId() == GXDBMS.DBMS_ORACLE || con.getDBMS().getId() == GXDBMS.DBMS_DAMENG)
 			{
-				try
+				try (BufferedInputStream inputStream = new BufferedInputStream(new FileInputStream(fileName)))
 				{
 					File file = new File(fileName);
-					BufferedInputStream inputStream = new BufferedInputStream(new FileInputStream(file));
 					if(con.getDBMS().getId() == GXDBMS.DBMS_ORACLE)
 						((GXDBMSoracle7)con.getDBMS()).setBlobData(blob, inputStream, (int) file.length());
 					else

java/src/main/java/com/genexus/db/driver/GXResultSet.java

@@ -935,9 +935,9 @@ public String getBLOBFile(int columnIndex, String extension, String name) throws
 
 	private String getBLOBFile(int columnIndex, String extension, String name, String fileName, boolean temporary) throws SQLException
 	{
-		try
+		try (InputStream source = getBinaryStream(columnIndex);)
 		{
-			InputStream source = getBinaryStream(columnIndex);
+
 
             byte[] xbuffer = new byte[1];
 			int firstByte = 0;

java/src/main/java/com/genexus/internet/NetComponentsFTPClient.java

@@ -141,11 +141,11 @@ public int get(String source, String target, String mode)
 		if	(ftp.isConnected())
 		{
 			target = normalizeName(source, target, '/', File.separatorChar);
-			try
+			try (FileOutputStream targetOutputStream = new FileOutputStream(target))
 			{
 				setFileType(mode);
 
-				OutputStream o = new BufferedOutputStream(new FileOutputStream(target));
+				OutputStream o = new BufferedOutputStream(targetOutputStream);
 				if	(ftp.retrieveFile(source, o))
 				{
 					o.close();
@@ -192,10 +192,10 @@ public int put(String source, String target, String mode)
 		if	(ftp.isConnected())
 		{
 			target = normalizeName(source, target, File.separatorChar, '/');
-			try
+			try (FileInputStream fileInputStream = new FileInputStream(source))
 			{
 				setFileType(mode);
-                                InputStream file = new BufferedInputStream(new FileInputStream(source));
+				InputStream file = new BufferedInputStream(fileInputStream);
 
 				if	(ftp.storeFile(target, file))
 				{