add zip path traversal vulnerability check for zip decompression

2023-08-15 00:54:29 +03:00 · 2023-08-15 00:54:29 +03:00 · a380eb9c3c
parent 4caf77bc9b
commit a380eb9c3c
2 changed files with 7 additions and 1 deletions
--- a/app/build.gradle
+++ b/app/build.gradle
@ -78,7 +78,7 @@ android {
 }

 dependencies {
-    implementation 'com.github.fatihergin:Simple-Commons:fe7a01274a' // TODO: do not replace it with SimpleMobileTools
+    implementation 'com.github.SimpleMobileTools:Simple-Commons:d1629c7f1a'
    implementation 'com.github.tibbi:AndroidPdfViewer:e6a533125b'
    implementation 'com.github.Stericson:RootTools:df729dcb13'
    implementation 'com.github.Stericson:RootShell:1.6'
--- a/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt
+++ b/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt
@ -19,6 +19,7 @@ import net.lingala.zip4j.exception.ZipException.Type
 import net.lingala.zip4j.io.inputstream.ZipInputStream
 import net.lingala.zip4j.model.LocalFileHeader
 import java.io.BufferedInputStream
+import java.io.File

 class DecompressActivity : SimpleActivity() {
    companion object {
@ -145,6 +146,11 @@ class DecompressActivity : SimpleActivity() {
                        continue
                    }

+                    val isVulnerableForZipPathTraversal = !File(newPath).canonicalPath.startsWith(parent)
+                    if (isVulnerableForZipPathTraversal) {
+                        continue
+                    }
+
                    val fos = getFileOutputStreamSync(newPath, newPath.getMimeType())
                    var count: Int
                    while (true) {