Skip to content

Commit

Permalink
SearchIndex: avoid access to files outside destDir
Browse files Browse the repository at this point in the history
  • Loading branch information
EcljpseB0T authored and jukzi committed Sep 20, 2023
1 parent 9be9aa7 commit 5a3244b
Showing 1 changed file with 7 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -874,13 +874,18 @@ private void unzipProductIndex() {
try (ZipInputStream zis = new ZipInputStream(zipIn)) {
ZipEntry zEntry;
while ((zEntry = zis.getNextEntry()) != null) {
String name = zEntry.getName();
File file = new File(destDir, name);
if (!file.toPath().normalize().startsWith(destDir.toPath().normalize())) {
throw new RuntimeException("Bad zip entry: " + name); //$NON-NLS-1$
}
// if it is empty directory, create it
if (zEntry.isDirectory()) {
new File(destDir, zEntry.getName()).mkdirs();
file.mkdirs();
continue;
}
// if it is a file, extract it
String filePath = zEntry.getName();
String filePath = name;
int lastSeparator = filePath.lastIndexOf("/"); //$NON-NLS-1$
String fileDir = ""; //$NON-NLS-1$
if (lastSeparator >= 0) {
Expand Down

0 comments on commit 5a3244b

Please sign in to comment.