Improve the checks for relative traversal.

Use java.nio.file.Path for consistent sub-directory checking
joniles · Oct 17, 2024 · 8002802 · 8002802
1 parent 53c21dc
commit 8002802
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/src/main/java/net/sf/mpxj/common/InputStreamHelper.java b/src/main/java/net/sf/mpxj/common/InputStreamHelper.java
@@ -174,7 +174,6 @@ public static byte[] read(InputStream is, byte[] data, int size) throws IOExcept
     */
    private static void processZipStream(File dir, InputStream inputStream) throws IOException
    {
-      String canonicalDestinationDirPath = dir.getCanonicalPath();
       ZipInputStream zip = new ZipInputStream(inputStream);
       while (true)
       {
@@ -187,8 +186,7 @@ private static void processZipStream(File dir, InputStream inputStream) throws I
          File file = new File(dir, entry.getName());
 
          // https://snyk.io/research/zip-slip-vulnerability
-         String canonicalDestinationFile = file.getCanonicalPath();
-         if (!canonicalDestinationFile.startsWith(canonicalDestinationDirPath + File.separator))
+         if (!file.getCanonicalFile().toPath().startsWith(dir.getCanonicalFile().toPath()))
          {
             throw new IOException("Entry is outside of the target dir: " + entry.getName());
          }