Bug 536560 - JDT extracting archives with directory traversal paths may

escape the intended destination folder
author: Manoj Palat 2018-07-05 10:20:32 +0000
committer: Manoj Palat 2018-07-06 09:33:47 +0000
commit: a77b166afb1db6fd20761c135ffbf516c0f907fc (patch)
tree: cd42ce4b4b1a29e39daf4ce1e81c8e4eaa18b783 /org.eclipse.jdt.apt.tests
parent: 4604d8ebeb155faee420a4fb0da229c5b6ed39e4 (diff)
download: eclipse.jdt.core-a77b166afb1db6fd20761c135ffbf516c0f907fc.tar.gz
eclipse.jdt.core-a77b166afb1db6fd20761c135ffbf516c0f907fc.tar.xz
eclipse.jdt.core-a77b166afb1db6fd20761c135ffbf516c0f907fc.zip
1 files changed, 14 insertions, 4 deletions
diff --git a/org.eclipse.jdt.apt.tests/src/org/eclipse/jdt/apt/tests/TestUtil.java b/org.eclipse.jdt.apt.tests/src/org/eclipse/jdt/apt/tests/TestUtil.java
index 4d460d9795..bfa7990668 100644
--- a/org.eclipse.jdt.apt.tests/src/org/eclipse/jdt/apt/tests/TestUtil.java
+++ b/org.eclipse.jdt.apt.tests/src/org/eclipse/jdt/apt/tests/TestUtil.java
@@ -50,6 +50,7 @@ import org.eclipse.jdt.core.IJavaProject;
 import org.eclipse.jdt.core.JavaCore;
 import org.eclipse.jdt.core.JavaModelException;
 import org.eclipse.jdt.core.tests.util.Util;
+import org.eclipse.jdt.core.tests.util.ZipEntryStorageException;
 
 public class TestUtil
 {
@@ -356,13 +357,22 @@ public class TestUtil
 		return rtrn;
 	
 	}
+	private static File getZipEntryFile(File destDir, ZipEntry e, String canonicalDestDirPath) throws IOException {
+		  String result = e.getName();
+		  File destfile = new File(destDir, result);
+		  String canonicalDestFile = destfile.getCanonicalPath();
+		  if (!canonicalDestFile.startsWith(canonicalDestDirPath + File.separator)) {
+			  throw new ZipEntryStorageException("Entry is outside of the target dir: " + e.getName());
+		  }
+		  return destfile;
+	}
 	
 	public static void unzip (File srcZip, File destDir) throws IOException {
 		ZipFile zf = new ZipFile(srcZip);
+		String canonicalDestDirPath = destDir.getCanonicalPath();
 		for (Enumeration<? extends ZipEntry> entries = zf.entries(); entries.hasMoreElements();) {
 			ZipEntry entry = entries.nextElement();
-			String name = entry.getName();
-			File dest = new File(destDir, name);
+			File dest = getZipEntryFile(destDir, entry, canonicalDestDirPath);
 			if (entry.isDirectory()) {
 				FileSystemUtil.mkdirs(dest);
 			}
@@ -391,9 +401,9 @@ public class TestUtil
 	
 	public static void unzip (ZipInputStream srcZip, File destDir) throws IOException {
 		ZipEntry entry;
+		String canonicalDestDirPath = destDir.getCanonicalPath();
 		while ((entry = srcZip.getNextEntry()) != null) {
-			String name = entry.getName();
-			File dest = new File(destDir, name);
+			File dest = getZipEntryFile(destDir, entry, canonicalDestDirPath);
 			if (entry.isDirectory()) {
 				FileSystemUtil.mkdirs(dest);
 			}
author	Manoj Palat	2018-07-05 10:20:32 +0000
committer	Manoj Palat	2018-07-06 09:33:47 +0000
commit	a77b166afb1db6fd20761c135ffbf516c0f907fc (patch)
tree	cd42ce4b4b1a29e39daf4ce1e81c8e4eaa18b783 /org.eclipse.jdt.apt.tests
parent	4604d8ebeb155faee420a4fb0da229c5b6ed39e4 (diff)
download	eclipse.jdt.core-a77b166afb1db6fd20761c135ffbf516c0f907fc.tar.gz eclipse.jdt.core-a77b166afb1db6fd20761c135ffbf516c0f907fc.tar.xz eclipse.jdt.core-a77b166afb1db6fd20761c135ffbf516c0f907fc.zip