proper pathname limitation for zip entries

fixing CWE-22
eclipse-tea · Mar 14, 2024 · 7a82f23 · 7a82f23
1 parent fcca85d
commit 7a82f23
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/.../org.eclipse.tea.library.build/src/org/eclipse/tea/library/build/jar/InternalZipExec.java b/.../org.eclipse.tea.library.build/src/org/eclipse/tea/library/build/jar/InternalZipExec.java
@@ -192,6 +192,8 @@ public void unzip(File zipFile, File destDir) throws IOException {
 			while (entries.hasMoreElements()) {
 				ZipEntry entry = entries.nextElement();
 				File realFile = new File(destDir, entry.getName());
+				if (!realFile.toPath().normalize().startsWith(destDir.toPath()))
+			        throw new IOException("Bad zip entry");
 				if (entry.isDirectory()) {
 					FileUtils.mkdirs(realFile);
 					continue;