JAL-4072 added zip file path test as per https://github.com/threerings/getdown/pull...

diff --git a/getdown/src/getdown/core/src/main/java/com/threerings/getdown/tools/Patcher.java b/getdown/src/getdown/core/src/main/java/com/threerings/getdown/tools/Patcher.java
index 4ead59b..52e1c9d 100644 (file)
--- a/getdown/src/getdown/core/src/main/java/com/threerings/getdown/tools/Patcher.java
+++ b/getdown/src/getdown/core/src/main/java/com/threerings/getdown/tools/Patcher.java
@@ -129,6 +129,9 @@ public class Patcher
     {
         File target = new File(appdir, path);
         File patch = new File(appdir, entry.getName());
+        if (!patch.toPath().normalize().startsWith(appdir.toPath().normalize())) {
+            throw new RuntimeException("Bad zip entry");
+        }
         File otarget = new File(appdir, path + ".old");
         JarDiffPatcher patcher = null;
 

diff --git a/getdown/src/getdown/core/src/main/java/com/threerings/getdown/util/FileUtil.java b/getdown/src/getdown/core/src/main/java/com/threerings/getdown/util/FileUtil.java
index bba6c44..930c33b 100644 (file)
--- a/getdown/src/getdown/core/src/main/java/com/threerings/getdown/util/FileUtil.java
+++ b/getdown/src/getdown/core/src/main/java/com/threerings/getdown/util/FileUtil.java
@@ -140,6 +140,9 @@ public class FileUtil
         while (entries.hasMoreElements()) {
             JarEntry entry = (JarEntry)entries.nextElement();
             File efile = new File(target, entry.getName());
+            if (!efile.toPath().normalize().startsWith(target.toPath().normalize())) {
+                throw new IOException("Bad zip entry");
+            }
 
             // if we're unpacking a normal jar file, it will have special path
             // entries that allow us to create our directories first