[jboss-svn-commits] JBoss Common SVN: r4857 - common-core/trunk/src/main/java/org/jboss/util/file.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Thu Sep 30 16:29:59 EDT 2010
Author: mmillson
Date: 2010-09-30 16:29:59 -0400 (Thu, 30 Sep 2010)
New Revision: 4857
Modified:
common-core/trunk/src/main/java/org/jboss/util/file/JarUtils.java
Log:
Fix for CVE-2009-2693 directory traversal issue for [JBCOMMON-115].
Modified: common-core/trunk/src/main/java/org/jboss/util/file/JarUtils.java
===================================================================
--- common-core/trunk/src/main/java/org/jboss/util/file/JarUtils.java 2010-09-21 15:13:05 UTC (rev 4856)
+++ common-core/trunk/src/main/java/org/jboss/util/file/JarUtils.java 2010-09-30 20:29:59 UTC (rev 4857)
@@ -262,7 +262,11 @@
}
JarInputStream jin = new JarInputStream(in);
byte[] buffer = new byte[1024];
-
+
+ String canonicalDocBasePrefix = dest.getCanonicalPath();
+ if (!canonicalDocBasePrefix.endsWith(File.separator)) {
+ canonicalDocBasePrefix += File.separator;
+ }
ZipEntry entry = jin.getNextEntry();
while (entry != null)
{
@@ -280,6 +284,9 @@
fileName = fileName.replace('/', File.separatorChar);
}
File file = new File(dest, fileName);
+ if (!file.getCanonicalPath().startsWith(canonicalDocBasePrefix)) {
+ throw new IOException("illegalPath: " + fileName);
+ }
if (entry.isDirectory())
{
// make sure the directory exists
More information about the jboss-svn-commits
mailing list