diff options
3 files changed, 33 insertions, 11 deletions
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java index bf986cd3e..c70961082 100644 --- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java +++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java @@ -20,7 +20,10 @@ import junit.framework.TestSuite; import org.eclipse.core.tests.harness.CoreTest; import org.eclipse.osgi.service.environment.EnvironmentInfo; import org.eclipse.osgi.tests.OSGiTestsActivator; -import org.osgi.framework.*; +import org.osgi.framework.Bundle; +import org.osgi.framework.BundleException; +import org.osgi.framework.InvalidSyntaxException; +import org.osgi.framework.ServiceReference; public class BundleResourceTests extends CoreTest { private BundleInstaller installer; @@ -69,6 +72,12 @@ public class BundleResourceTests extends CoreTest { assertNotNull("Did not find resource!", paths); } + public void testBreakOutDirBundle() throws Exception { + Bundle bundle = installer.installBundle("test"); //$NON-NLS-1$ + URL result = bundle.getEntry("../testout/file.txt"); + assertNull("Found resource!", result); + } + public void testBug395274() throws Exception { ServiceReference<EnvironmentInfo> infoRef = OSGiTestsActivator.getContext().getServiceReference(EnvironmentInfo.class); EnvironmentInfo info = OSGiTestsActivator.getContext().getService(infoRef); diff --git a/bundles/org.eclipse.osgi.tests/test_files/resourcetests/bundles/testout/file.txt b/bundles/org.eclipse.osgi.tests/test_files/resourcetests/bundles/testout/file.txt new file mode 100644 index 000000000..8d043451c --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/resourcetests/bundles/testout/file.txt @@ -0,0 +1 @@ +Test Content
\ No newline at end of file diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/bundlefile/DirBundleFile.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/bundlefile/DirBundleFile.java index 42483984f..cef28b8fd 100644 --- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/bundlefile/DirBundleFile.java +++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/storage/bundlefile/DirBundleFile.java @@ -68,13 +68,8 @@ public class DirBundleFile extends BundleFile { if (!enableStrictBundleEntryPath) { // must do an extra check to make sure file is within the bundle (bug 320546) - if (checkInBundle) { - try { - if (!BundleFile.secureAction.getCanonicalPath(file).startsWith(BundleFile.secureAction.getCanonicalPath(basefile))) - return null; - } catch (IOException e) { - return null; - } + if (checkInBundle && !isInBundle(file)) { + return null; } return file; } @@ -105,9 +100,8 @@ public class DirBundleFile extends BundleFile { } } // must do an extra check to make sure file is within the bundle (bug 320546) - if (checkInBundle) { - if (!canonicalFile.getPath().startsWith(basefile.getPath())) - return null; + if (checkInBundle && !isInBundle(file)) { + return null; } } catch (IOException e) { return null; @@ -116,6 +110,24 @@ public class DirBundleFile extends BundleFile { return file; } + boolean isInBundle(File file) { + try { + String canonicalizedRoot = BundleFile.secureAction.getCanonicalPath(basefile); + if (!canonicalizedRoot.endsWith(File.separator)) { + canonicalizedRoot += File.separator; + } + String canonicalizedChild = BundleFile.secureAction.getCanonicalPath(file); + if (BundleFile.secureAction.isDirectory(file) && !canonicalizedChild.endsWith(File.separator)) { + canonicalizedChild += File.separator; + } + if (!canonicalizedChild.startsWith(canonicalizedRoot)) { + return false; + } + } catch (IOException e) { + return false; + } + return true; + } private void cacheIfParentExists(File parentFile) { doesNotExistCache.computeIfAbsent(parentFile, secureAction::isDirectory); |