From 185f8b2756a36aaa4f973f1a2a025e7d981823f1 Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Fri, 6 May 2022 08:57:43 +0200 Subject: [PATCH] Merge pull request from GHSA-269q-hmxg-m83q * Correctly modify permission for temporary files when using Java 6 in all cases Motivation: [GHSA-5mcr-gq6c-3hq2](https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2) did not correctly fix all cases for temprory files when running on java 6. Modifications: - Add correctly adjust perms in all cases - Add logging if adjusting of permissions fails Result: Fixes https://github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q * Throw on failure --- .../io/netty/util/internal/PlatformDependent.java | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/common/src/main/java/io/netty/util/internal/PlatformDependent.java b/common/src/main/java/io/netty/util/internal/PlatformDependent.java index 85320463665..00310e585ea 100644 --- a/common/src/main/java/io/netty/util/internal/PlatformDependent.java +++ b/common/src/main/java/io/netty/util/internal/PlatformDependent.java @@ -1447,13 +1447,20 @@ public static File createTempFile(String prefix, String suffix, File directory) } return Files.createTempFile(directory.toPath(), prefix, suffix).toFile(); } + final File file; if (directory == null) { - return File.createTempFile(prefix, suffix); + file = File.createTempFile(prefix, suffix); + } else { + file = File.createTempFile(prefix, suffix, directory); } - File file = File.createTempFile(prefix, suffix, directory); + // Try to adjust the perms, if this fails there is not much else we can do... - file.setReadable(false, false); - file.setReadable(true, true); + if (!file.setReadable(false, false)) { + throw new IOException("Failed to set permissions on temporary file " + file); + } + if (!file.setReadable(true, true)) { + throw new IOException("Failed to set permissions on temporary file " + file); + } return file; }