Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit c9408fa

Browse filesBrowse files
slachiewiczslachiewicz
committed
Validate zip file names before extracting (Zip Slip)
1 parent 860c7c5 commit c9408fa
Copy full SHA for c9408fa

File tree

Expand file treeCollapse file tree

2 files changed

+23
-19
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+23
-19
lines changed

‎plexus-compilers/plexus-compiler-csharp/src/main/java/org/codehaus/plexus/compiler/csharp/CSharpCompiler.java

Copy file name to clipboardExpand all lines: plexus-compilers/plexus-compiler-csharp/src/main/java/org/codehaus/plexus/compiler/csharp/CSharpCompiler.java
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -285,7 +285,7 @@ private String[] buildCompilerArguments( CompilerConfiguration config, String[]
285285
{
286286
dllDir.mkdir();
287287
}
288-
JarUtil.extract(dllDir, new File(element));
288+
JarUtil.extract(dllDir.toPath(), new File(element));
289289
for (String tmpfile : dllDir.list())
290290
{
291291
if ( tmpfile.endsWith(DLL_SUFFIX) )

‎plexus-compilers/plexus-compiler-csharp/src/main/java/org/codehaus/plexus/compiler/csharp/JarUtil.java

Copy file name to clipboardExpand all lines: plexus-compilers/plexus-compiler-csharp/src/main/java/org/codehaus/plexus/compiler/csharp/JarUtil.java
+22-18Lines changed: 22 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,35 @@
11
package org.codehaus.plexus.compiler.csharp;
22

33
import java.io.File;
4-
import java.io.FileOutputStream;
54
import java.io.IOException;
65
import java.io.InputStream;
6+
import java.io.OutputStream;
7+
import java.nio.file.Files;
8+
import java.nio.file.Path;
79
import java.util.Enumeration;
810
import java.util.jar.JarEntry;
911
import java.util.jar.JarFile;
1012

1113
public class JarUtil {
12-
public static void extract( File destDir, File jarFile ) throws IOException
13-
{
14-
JarFile jar = new JarFile( jarFile );
15-
Enumeration enumEntries = jar.entries();
16-
while ( enumEntries.hasMoreElements() ) {
17-
JarEntry file = ( JarEntry ) enumEntries.nextElement();
18-
File f = new File( destDir + File.separator + file.getName() );
19-
if ( file.isDirectory() )
20-
{
21-
f.mkdir();
22-
continue;
23-
}
24-
try ( InputStream is = jar.getInputStream( file ); FileOutputStream fos = new FileOutputStream( f ) )
25-
{
26-
while ( is.available() > 0 )
27-
{
28-
fos.write( is.read() );
14+
public static void extract(Path destDir, File jarFile) throws IOException {
15+
Path toPath = destDir.normalize();
16+
try (JarFile jar = new JarFile(jarFile)) {
17+
Enumeration<JarEntry> enumEntries = jar.entries();
18+
while (enumEntries.hasMoreElements()) {
19+
JarEntry file = enumEntries.nextElement();
20+
Path f = destDir.resolve(file.getName());
21+
if (!f.startsWith(toPath)) {
22+
throw new IOException("Bad zip entry");
23+
}
24+
if (file.isDirectory()) {
25+
Files.createDirectories(f);
26+
continue;
27+
}
28+
try (InputStream is = jar.getInputStream(file);
29+
OutputStream fos = Files.newOutputStream(f)) {
30+
while (is.available() > 0) {
31+
fos.write(is.read());
32+
}
2933
}
3034
}
3135
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.