[jboss-svn-commits] JBoss Common SVN: r4244 - common-old/branches/JBossCommon_1_2_1_GA_CP01_JBPAPP-3848/src/main/org/jboss/util/file.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Apr 9 09:09:45 EDT 2010
Author: mmillson
Date: 2010-04-09 09:09:44 -0400 (Fri, 09 Apr 2010)
New Revision: 4244
Modified:
common-old/branches/JBossCommon_1_2_1_GA_CP01_JBPAPP-3848/src/main/org/jboss/util/file/JarUtils.java
Log:
Fix for CVE-2009-2693 [JBPAPP-3848]
Modified: common-old/branches/JBossCommon_1_2_1_GA_CP01_JBPAPP-3848/src/main/org/jboss/util/file/JarUtils.java
===================================================================
--- common-old/branches/JBossCommon_1_2_1_GA_CP01_JBPAPP-3848/src/main/org/jboss/util/file/JarUtils.java 2010-04-09 12:41:07 UTC (rev 4243)
+++ common-old/branches/JBossCommon_1_2_1_GA_CP01_JBPAPP-3848/src/main/org/jboss/util/file/JarUtils.java 2010-04-09 13:09:44 UTC (rev 4244)
@@ -261,7 +261,11 @@
}
JarInputStream jin = new JarInputStream(in);
byte[] buffer = new byte[1024];
-
+
+ String canonicalDocBasePrefix = dest.getCanonicalPath();
+ if (!canonicalDocBasePrefix.endsWith(File.separator)) {
+ canonicalDocBasePrefix += File.separator;
+ }
ZipEntry entry = jin.getNextEntry();
while (entry != null)
{
@@ -279,6 +283,9 @@
fileName = fileName.replace('/', File.separatorChar);
}
File file = new File(dest, fileName);
+ if (!file.getCanonicalPath().startsWith(canonicalDocBasePrefix)) {
+ throw new IOException("illegalPath: " + fileName);
+ }
if (entry.isDirectory())
{
// make sure the directory exists
More information about the jboss-svn-commits
mailing list