zip slip fix

joniles · Dec 14, 2020 · 8eaf422 · 8eaf422
1 parent 1eed5f0
commit 8eaf422
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/src/main/java/net/sf/mpxj/common/InputStreamHelper.java b/src/main/java/net/sf/mpxj/common/InputStreamHelper.java
@@ -114,6 +114,7 @@ public static File writeZipStreamToTempDir(InputStream inputStream) throws IOExc
     */
    private static void processZipStream(File dir, InputStream inputStream) throws IOException
    {
+      String canonicalDestinationDirPath = dir.getCanonicalPath();
       ZipInputStream zip = new ZipInputStream(inputStream);
       while (true)
       {
@@ -124,6 +125,14 @@ private static void processZipStream(File dir, InputStream inputStream) throws I
          }
 
          File file = new File(dir, entry.getName());
+
+         // https://snyk.io/research/zip-slip-vulnerability
+         String canonicalDestinationFile = file.getCanonicalPath();
+         if (!canonicalDestinationFile.startsWith(canonicalDestinationDirPath + File.separator))
+         {
+            throw new IOException("Entry is outside of the target dir: " + entry.getName());
+         }
+
          if (entry.isDirectory())
          {
             FileHelper.mkdirsQuietly(file);