From ec3fd9a7d718617a0969d75fa0a295c1c0781c35 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Tue, 28 Oct 2014 13:17:20 +0000
Subject: [PATCH] null check in zip entry name

---
 core/java/src/net/i2p/util/FileUtil.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/core/java/src/net/i2p/util/FileUtil.java b/core/java/src/net/i2p/util/FileUtil.java
index 535e3deee5..eeca4416fe 100644
--- a/core/java/src/net/i2p/util/FileUtil.java
+++ b/core/java/src/net/i2p/util/FileUtil.java
@@ -109,10 +109,14 @@ public class FileUtil {
             Enumeration<? extends ZipEntry> entries = zip.entries();
             while (entries.hasMoreElements()) {
                 ZipEntry entry = (ZipEntry)entries.nextElement();
-                if (entry.getName().indexOf("..") != -1) {
+                if (entry.getName().contains("..")) {
                     System.err.println("ERROR: Refusing to extract a zip entry with '..' in it [" + entry.getName() + "]");
                     return false;
                 }
+                if (entry.getName().indexOf(0) >= 0) {
+                    System.err.println("ERROR: Refusing to extract a zip entry with null in it [" + entry.getName() + "]");
+                    return false;
+                }
                 File target = new File(targetDir, entry.getName());
                 File parent = target.getParentFile();
                 if ( (parent != null) && (!parent.exists()) ) {
-- 
GitLab