Ensure work dir attribute is made read-only

CVE-2010-3718 git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1022134 13f79535-47bb-0310-9956-ffa450edef68
apache · Oct 13, 2010 · a697f7b · a697f7b
1 parent 2c4536c
commit a697f7b
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java
@@ -5562,11 +5562,11 @@ private void postWorkDirectory() {
         dir.mkdirs();
 
         // Set the appropriate servlet context attribute
-        getServletContext().setAttribute(ServletContext.TEMPDIR, dir);
-        if (getServletContext() instanceof ApplicationContext)
-            ((ApplicationContext) getServletContext()).setAttributeReadOnly
-                (ServletContext.TEMPDIR);
-
+        if (context == null) {
+            getServletContext();
+        }
+        context.setAttribute(ServletContext.TEMPDIR, dir);
+        context.setAttributeReadOnly(ServletContext.TEMPDIR);
     }