I2P_Developers/i2p.android.base
3
0
Fork 2
Code Issues 39 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix zip path traversal issue(we are likely unaffected since we do not unzip arbitrary zip files, just certificates_zip. Update certificates_zip.

Browse Source
This commit is contained in:
idk
2022-01-06 19:31:25 -05:00
parent dec68432bc
commit c0ad7dfc09
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/src/main/java/net/i2p/android/InitActivities.java
View File

@ -209,7 +209,11 @@ class InitActivities {
}
String name = ze.getName();
File f = new File(myDir + "/" + folder +"/" + name);
if (ze.isDirectory()) {
String canonicalPath = f.getCanonicalPath();
if (!canonicalPath.startsWith(myDir)) {
// If these don't match, there's a path-traversal possibility.
// So ignore it.
} else if (ze.isDirectory()) {
Util.d("Creating directory " + myDir + "/" + folder +"/" + name + " from resource");
f.mkdir();
} else {