git://source.jalview.org
/
jalview.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
JAL-4072 added zip file path test as per https://github.com/threerings/getdown/pull...
[jalview.git]
/
getdown
/
src
/
getdown
/
core
/
src
/
main
/
java
/
com
/
threerings
/
getdown
/
tools
/
Patcher.java
diff --git
a/getdown/src/getdown/core/src/main/java/com/threerings/getdown/tools/Patcher.java
b/getdown/src/getdown/core/src/main/java/com/threerings/getdown/tools/Patcher.java
index
4ead59b
..
52e1c9d
100644
(file)
--- a/
getdown/src/getdown/core/src/main/java/com/threerings/getdown/tools/Patcher.java
+++ b/
getdown/src/getdown/core/src/main/java/com/threerings/getdown/tools/Patcher.java
@@
-129,6
+129,9
@@
public class Patcher
{
File target = new File(appdir, path);
File patch = new File(appdir, entry.getName());
+ if (!patch.toPath().normalize().startsWith(appdir.toPath().normalize())) {
+ throw new RuntimeException("Bad zip entry");
+ }
File otarget = new File(appdir, path + ".old");
JarDiffPatcher patcher = null;
git://source.jalview.org / jalview.git / blobdiff