From a380eb9c3ca5220d8036ab0299b7f0502002b7eb Mon Sep 17 00:00:00 2001 From: fatih ergin Date: Tue, 15 Aug 2023 00:54:29 +0300 Subject: [PATCH] add zip path traversal vulnerability check for zip decompression --- app/build.gradle | 2 +- .../filemanager/pro/activities/DecompressActivity.kt | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/build.gradle b/app/build.gradle index 7242d6f0..d27b0f93 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -78,7 +78,7 @@ android { } dependencies { - implementation 'com.github.fatihergin:Simple-Commons:fe7a01274a' // TODO: do not replace it with SimpleMobileTools + implementation 'com.github.SimpleMobileTools:Simple-Commons:d1629c7f1a' implementation 'com.github.tibbi:AndroidPdfViewer:e6a533125b' implementation 'com.github.Stericson:RootTools:df729dcb13' implementation 'com.github.Stericson:RootShell:1.6' diff --git a/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt b/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt index 0b51d97f..ac381cbb 100644 --- a/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt +++ b/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt @@ -19,6 +19,7 @@ import net.lingala.zip4j.exception.ZipException.Type import net.lingala.zip4j.io.inputstream.ZipInputStream import net.lingala.zip4j.model.LocalFileHeader import java.io.BufferedInputStream +import java.io.File class DecompressActivity : SimpleActivity() { companion object { @@ -145,6 +146,11 @@ class DecompressActivity : SimpleActivity() { continue } + val isVulnerableForZipPathTraversal = !File(newPath).canonicalPath.startsWith(parent) + if (isVulnerableForZipPathTraversal) { + continue + } + val fos = getFileOutputStreamSync(newPath, newPath.getMimeType()) var count: Int while (true) {