diff options
author | Thomas Watson | 2018-07-10 16:08:49 +0000 |
---|---|---|
committer | Thomas Watson | 2018-07-10 16:09:24 +0000 |
commit | 4ab9cbeee60820367f035e39e3d509c278d46632 (patch) | |
tree | e9341a81cf1406b0bfbd2cfe90526863d2092751 /bundles/org.eclipse.equinox.p2.core | |
parent | 6a7323a8994ea3ff257548f61319e1384e8f3294 (diff) | |
download | rt.equinox.p2-4ab9cbeee60820367f035e39e3d509c278d46632.tar.gz rt.equinox.p2-4ab9cbeee60820367f035e39e3d509c278d46632.tar.xz rt.equinox.p2-4ab9cbeee60820367f035e39e3d509c278d46632.zip |
Bug 535824 - Check for directory traversal entry pathsY20180712-0200I20180717-0320I20180716-2000I20180716-0715I20180715-2000I20180714-1500I20180713-2000I20180712-2000I20180711-2000I20180710-2000
Change-Id: I105a488ea8264c1a2420a819255e6a95219365ad
Signed-off-by: Thomas Watson <tjwatson@us.ibm.com>
Diffstat (limited to 'bundles/org.eclipse.equinox.p2.core')
-rw-r--r-- | bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/FileUtils.java | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/FileUtils.java b/bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/FileUtils.java index 6f17bc0dd..8a5676632 100644 --- a/bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/FileUtils.java +++ b/bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/FileUtils.java @@ -25,7 +25,7 @@ public class FileUtils { for (Enumeration<TarEntry> e = tarFile.entries(); e.hasMoreElements();) { TarEntry entry = e.nextElement(); try (InputStream input = tarFile.getInputStream(entry)) { - File outFile = new File(outputDir, entry.getName()); + File outFile = createSubPathFile(outputDir, entry.getName()); outFile = outFile.getCanonicalFile(); //bug 266844 untarredFiles.add(outFile); if (entry.getFileType() == TarEntry.DIRECTORY) { @@ -103,7 +103,7 @@ public class FileUtils { throw new IOException(Messages.Util_Invalid_Zip_File_Format); } do { - File outFile = new File(outputDir, ze.getName()); + File outFile = createSubPathFile(outputDir, ze.getName()); unzippedFiles.add(outFile); if (ze.isDirectory()) { outFile.mkdirs(); @@ -128,6 +128,16 @@ public class FileUtils { return unzippedFiles.toArray(new File[unzippedFiles.size()]); } + private static File createSubPathFile(File root, String subPath) throws IOException { + File result = new File(root, subPath); + String resultCanonical = result.getCanonicalPath(); + String rootCanonical = root.getCanonicalPath(); + if (!resultCanonical.startsWith(rootCanonical + File.separator) && !resultCanonical.equals(rootCanonical)) { + throw new IOException("Invalid path: " + subPath); //$NON-NLS-1$ + } + return result; + } + // Delete empty directories under dir, including dir itself. public static void deleteEmptyDirs(File dir) throws IOException { File[] files = dir.listFiles(); |