Ignore file entries containing '..' in the APK file to fix #1498

Zip/APK files can legally contain entries that point to the parent directory of the one in which the .zip is located. Usually, unzip implementations ignore them by default, and we‘ll do the same.
iBotPeaches · May 9, 2017 · 693f592 · 693f592
1 parent f979f20
commit 693f592
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/brut.j.dir/src/main/java/brut/directory/ZipRODirectory.java b/brut.j.dir/src/main/java/brut/directory/ZipRODirectory.java
@@ -136,7 +136,8 @@ private void loadAll() {
                 subname = subname.substring(0, pos);
             }
 
-            if (! mDirs.containsKey(subname)) {
+            boolean pointsToParentDirectory = (subname.equals("..") && prefixLen == 0);
+            if (! mDirs.containsKey(subname) && ! pointsToParentDirectory) {
                 AbstractDirectory dir = new ZipRODirectory(getZipFile(), getPath() + subname + separator);
                 mDirs.put(subname, dir);                
             }