Looki2000/sussycraft-engine
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

unzipservice code cleanup. does not affect code functionality

Browse Source
This commit is contained in:
Looki2000 2023-02-27 14:58:09 +01:00
parent 11ec9c45ce
commit 2a29c45ce5
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
android/app/src/main/java/net/minetest/minetest/UnzipService.java
View File

@ -168,20 +168,16 @@ public class UnzipService extends IntentService {
continue;
}
publishProgress(notificationBuilder, R.string.loading, 100 * ++per / size);
// Zip Path Traversal Vulnerability fix: https://support.google.com/faqs/answer/9294009
// "Zip Path Traversal Vulnerability" fixed according to this article: https://support.google.com/faqs/answer/9294009
File new_file = new File(userDataDirectory, ze.getName());
String canonicalPath = new_file.getCanonicalPath();
// check if canonical path is inside the target directory
//if (!canonicalPath.startsWith(userDataDirectory)) {
if (!canonicalPath.startsWith(String.valueOf(userDataDirectory))) {
throw new IOException("Unzipping failed due to security issue!");
}
//try (OutputStream outputStream = new FileOutputStream(new File(userDataDirectory, ze.getName()))) {
try (OutputStream outputStream = new FileOutputStream(new_file)) {
while ((readLen = zipInputStream.read(readBuffer)) != -1) {
outputStream.write(readBuffer, 0, readLen);