Looki2000/sussycraft-engine
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

fixed ''Zip Path Traversal Vulnerability''

Browse Source
This commit is contained in:
Looki2000 2023-02-26 11:20:01 +01:00
parent 013f0563a8
commit b3c1773b67
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
android/app/src/main/java/net/minetest/minetest/UnzipService.java
View File

@ -156,7 +156,7 @@ public class UnzipService extends IntentService {
int readLen;
byte[] readBuffer = new byte[16384];
try (FileInputStream fileInputStream = new FileInputStream(zipFile);
ZipInputStream zipInputStream = new ZipInputStream(fileInputStream)) {
ZipInputStream zipInputStream = new ZipInputStream(fileInputStream)) {
ZipEntry ze;
while ((ze = zipInputStream.getNextEntry()) != null) {
if (ze.isDirectory()) {
@ -165,8 +165,21 @@ public class UnzipService extends IntentService {
continue;
}
publishProgress(notificationBuilder, R.string.loading, 100 * ++per / size);
try (OutputStream outputStream = new FileOutputStream(
new File(userDataDirectory, ze.getName()))) {
// Zip Path Traversal Vulnerability fix: https://support.google.com/faqs/answer/9294009
File new_file = new File(userDataDirectory, ze.getName());
String canonicalPath = new_file.getCanonicalPath();
// check if canonical path is inside the target directory
//if (!canonicalPath.startsWith(userDataDirectory)) {
if (!canonicalPath.startsWith(String.valueOf(userDataDirectory))) {
throw new IOException("Unzipping failed due to security issue!");
}
//try (OutputStream outputStream = new FileOutputStream(new File(userDataDirectory, ze.getName()))) {
try (OutputStream outputStream = new FileOutputStream(new_file)) {
while ((readLen = zipInputStream.read(readBuffer)) != -1) {
outputStream.write(readBuffer, 0, readLen);
}