Ensure work dir attribute is made read-only

markt-asf · markt-asf · commit a697f7b52c4e · 2010-10-13T15:16:35.000Z
CVE-2010-3718 git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1022134 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java
@@ -5562,11 +5562,11 @@ private void postWorkDirectory() {
         dir.mkdirs();
 
         // Set the appropriate servlet context attribute
-        getServletContext().setAttribute(ServletContext.TEMPDIR, dir);
-        if (getServletContext() instanceof ApplicationContext)
-            ((ApplicationContext) getServletContext()).setAttributeReadOnly
-                (ServletContext.TEMPDIR);
-
+        if (context == null) {
+            getServletContext();
+        }
+        context.setAttribute(ServletContext.TEMPDIR, dir);
+        context.setAttributeReadOnly(ServletContext.TEMPDIR);
     }
 
 
