AGentooCat/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

null check in zip entry name

Browse Source
This commit is contained in:
zzz
2014-10-28 13:17:20 +00:00
parent 304f2ebb7b
commit ec3fd9a7d7
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/java/src/net/i2p/util/FileUtil.java
View File

@@ -109,10 +109,14 @@ public class FileUtil {
Enumeration<? extends ZipEntry> entries = zip.entries();
while (entries.hasMoreElements()) {
ZipEntry entry = (ZipEntry)entries.nextElement();
if (entry.getName().indexOf("..") != -1) {
if (entry.getName().contains("..")) {
System.err.println("ERROR: Refusing to extract a zip entry with '..' in it [" + entry.getName() + "]");
return false;
}
if (entry.getName().indexOf(0) >= 0) {
System.err.println("ERROR: Refusing to extract a zip entry with null in it [" + entry.getName() + "]");
return false;
}
File target = new File(targetDir, entry.getName());
File parent = target.getParentFile();
if ( (parent != null) && (!parent.exists()) ) {