1 files changed, 11 insertions, 1 deletions

diff --git a/bundles/org.eclipse.equinox.p2.touchpoint.natives/src/org/eclipse/equinox/internal/p2/touchpoint/natives/Util.java b/bundles/org.eclipse.equinox.p2.touchpoint.natives/src/org/eclipse/equinox/internal/p2/touchpoint/natives/Util.java
index 212c5571d..99a20f5aa 100644
--- a/bundles/org.eclipse.equinox.p2.touchpoint.natives/src/org/eclipse/equinox/internal/p2/touchpoint/natives/Util.java
+++ b/bundles/org.eclipse.equinox.p2.touchpoint.natives/src/org/eclipse/equinox/internal/p2/touchpoint/natives/Util.java
@@ -176,7 +176,7 @@ public class Util {
 									name = name.substring(1);
 							}
 						}
-						File outFile = new File(outputDir, name);
+						File outFile = createSubPathFile(outputDir, name);
 						unzippedFiles.add(outFile);
 						if (ze.isDirectory()) {
 							outFile.mkdirs();
@@ -206,6 +206,16 @@ public class Util {
 
 	}
 
+	private static File createSubPathFile(File root, String subPath) throws IOException {
+		File result = new File(root, subPath);
+		String resultCanonical = result.getCanonicalPath();
+		String rootCanonical = root.getCanonicalPath();
+		if (!resultCanonical.startsWith(rootCanonical + File.separator) && !resultCanonical.equals(rootCanonical)) {
+			throw new IOException("Invalid path: " + subPath); //$NON-NLS-1$
+		}
+		return result;
+	}
+
 	/**
 	 * Copy an input stream to an output stream.
 	 * Optionally close the streams when done.