aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSarika Sinha2018-07-04 07:13:13 -0400
committerSarika Sinha2018-07-11 01:50:37 -0400
commit0acc16f73134e4b08bf31a75cfe0b77c046e872a (patch)
tree9ad840fef54c0da6e09947424ab765c3005df560
parent96c1cff4a5f6c7e795a39a93c609b05fd1e23377 (diff)
downloadeclipse.platform.debug-0acc16f73134e4b08bf31a75cfe0b77c046e872a.zip
eclipse.platform.debug-0acc16f73134e4b08bf31a75cfe0b77c046e872a.tar.gz
eclipse.platform.debug-0acc16f73134e4b08bf31a75cfe0b77c046e872a.tar.xz
Bug 536681 - [ZipSlip] ArchiveSourceContainer can create ZipEntryStorageY20180712-0200I20180712-2000I20180711-2000
objects containing unintended entries Change-Id: I2aa47ef66f92852671fbf0330056ac5516116693
-rw-r--r--org.eclipse.debug.core/core/org/eclipse/debug/core/sourcelookup/containers/ExternalArchiveSourceContainer.java33
1 files changed, 22 insertions, 11 deletions
diff --git a/org.eclipse.debug.core/core/org/eclipse/debug/core/sourcelookup/containers/ExternalArchiveSourceContainer.java b/org.eclipse.debug.core/core/org/eclipse/debug/core/sourcelookup/containers/ExternalArchiveSourceContainer.java
index ff2a563..1acefed 100644
--- a/org.eclipse.debug.core/core/org/eclipse/debug/core/sourcelookup/containers/ExternalArchiveSourceContainer.java
+++ b/org.eclipse.debug.core/core/org/eclipse/debug/core/sourcelookup/containers/ExternalArchiveSourceContainer.java
@@ -108,21 +108,32 @@ public class ExternalArchiveSourceContainer extends AbstractSourceContainer {
// search
Enumeration<? extends ZipEntry> entries = file.entries();
List<ZipEntryStorage> matches = null;
- while (entries.hasMoreElements()) {
- entry = entries.nextElement();
- String entryName = entry.getName();
- if (entryName.endsWith(newname)) {
- if (isQualfied || entryName.length() == newname.length() || entryName.charAt(entryName.length() - newname.length() - 1) == '/') {
- if (isFindDuplicates()) {
- if (matches == null) {
- matches = new ArrayList<>();
+ try {
+ File zipFile = new File(fArchivePath);
+ String zipFileCanonical = zipFile.getCanonicalPath();
+ while (entries.hasMoreElements()) {
+ entry = entries.nextElement();
+ String entryName = entry.getName();
+ if (entryName.endsWith(newname)) {
+ String zipEntryCanonical = (new File(zipFile, entryName)).getCanonicalPath();
+ if (!zipEntryCanonical.startsWith(zipFileCanonical + File.separator)) {
+ throw new CoreException(new Status(IStatus.ERROR, DebugPlugin.getUniqueIdentifier(), "Invalid path: " + zipEntryCanonical)); //$NON-NLS-1$
+ }
+ if (isQualfied || entryName.length() == newname.length() || entryName.charAt(entryName.length() - newname.length() - 1) == '/') {
+ if (isFindDuplicates()) {
+ if (matches == null) {
+ matches = new ArrayList<>();
+ }
+ matches.add(new ZipEntryStorage(file, entry));
+ } else {
+ return new Object[] {
+ new ZipEntryStorage(file, entry) };
}
- matches.add(new ZipEntryStorage(file, entry));
- } else {
- return new Object[]{new ZipEntryStorage(file, entry)};
}
}
}
+ } catch (IOException e) {
+ throw new CoreException(new Status(IStatus.ERROR, DebugPlugin.getUniqueIdentifier(), "Invalid path: " + fArchivePath)); //$NON-NLS-1$
}
if (matches != null) {
return matches.toArray();