Fix zip slip vulnerability. Closes #1840.

This commit is contained in:
Antonin Delpeuch 2018-12-09 10:41:33 +09:00
parent de86a162fa
commit e243e73e40
2 changed files with 11 additions and 1 deletions

View File

@ -440,7 +440,11 @@ public class ImportingUtilities {
name = name.substring(0, q);
}
File file = new File(dir, name);
File file = new File(dir, name);
// For CVE-2018-19859, issue #1840
if (!file.toPath().normalize().startsWith(dir.toPath().normalize())) {
throw new IllegalArgumentException("Zip archives with files escaping their root directory are not allowed.");
}
int dot = name.indexOf('.');
String prefix = dot < 0 ? name : name.substring(0, dot);

View File

@ -36,6 +36,12 @@ public class ImportingUtilitiesTests extends ImporterTest {
Assert.assertTrue(pm.getTags().length == 0);
}
@Test(expectedExceptions=IllegalArgumentException.class)
public void testZipSlip() {
// For CVE-2018-19859, issue #1840
ImportingUtilities.allocateFile(workspaceDir, "../../script.sh");
}
private ObjectNode getNestedOptions(ImportingJob job, TreeImportingParserBase parser) {
ObjectNode options = parser.createParserUIInitializationData(
job, new LinkedList<>(), "text/json");