Skip to main content
summaryrefslogtreecommitdiffstats
path: root/bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse
diff options
context:
space:
mode:
Diffstat (limited to 'bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse')
-rw-r--r--bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/equinox/internal/p2/jarprocessor/ZipProcessor.java12
-rw-r--r--bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/internal/provisional/equinox/p2/jarprocessor/JarProcessor.java4
2 files changed, 13 insertions, 3 deletions
diff --git a/bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/equinox/internal/p2/jarprocessor/ZipProcessor.java b/bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/equinox/internal/p2/jarprocessor/ZipProcessor.java
index 0b41efe81..92879e84b 100644
--- a/bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/equinox/internal/p2/jarprocessor/ZipProcessor.java
+++ b/bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/equinox/internal/p2/jarprocessor/ZipProcessor.java
@@ -83,7 +83,7 @@ public class ZipProcessor {
File extractedFile = null;
if (entry.getName().endsWith(extension) && (pack || sign || repack || options.unpack)) {
- extractedFile = new File(tempDir, name);
+ extractedFile = createSubPathFile(tempDir, name);
parent = extractedFile.getParentFile();
if (!parent.exists())
parent.mkdirs();
@@ -192,6 +192,16 @@ public class ZipProcessor {
}
+ public static File createSubPathFile(File root, String subPath) throws IOException {
+ File result = new File(root, subPath);
+ String resultCanonical = result.getCanonicalPath();
+ String rootCanonical = root.getCanonicalPath();
+ if (!resultCanonical.startsWith(rootCanonical + File.separator) && !resultCanonical.equals(rootCanonical)) {
+ throw new IOException("Invalid path: " + subPath); //$NON-NLS-1$
+ }
+ return result;
+ }
+
private void initialize(ZipFile zip) {
ZipEntry entry = zip.getEntry("pack.properties"); //$NON-NLS-1$
properties = new Properties();
diff --git a/bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/internal/provisional/equinox/p2/jarprocessor/JarProcessor.java b/bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/internal/provisional/equinox/p2/jarprocessor/JarProcessor.java
index a73cf3b8c..fcc6a4d53 100644
--- a/bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/internal/provisional/equinox/p2/jarprocessor/JarProcessor.java
+++ b/bundles/org.eclipse.equinox.p2.jarprocessor/src/org/eclipse/internal/provisional/equinox/p2/jarprocessor/JarProcessor.java
@@ -98,7 +98,7 @@ public class JarProcessor {
JarEntry newEntry = null;
if (replacements.containsKey(entry.getName())) {
String name = replacements.get(entry.getName());
- replacement = new File(directory, name);
+ replacement = ZipProcessor.createSubPathFile(directory, name);
if (name != null) {
if (replacement.exists()) {
try {
@@ -196,7 +196,7 @@ public class JarProcessor {
System.out.println("Processing nested file: " + name); //$NON-NLS-1$
}
//extract entry to temp directory
- File extracted = new File(tempDir, name);
+ File extracted = ZipProcessor.createSubPathFile(tempDir, name);
File parentDir = extracted.getParentFile();
if (!parentDir.exists())
parentDir.mkdirs();

Back to the top